Why should my Charity become Cyber Essentials Certified?
Charities need to become Cyber Essentials certified for several crucial reasons:
1. Protect Sensitive Information: Charities often handle sensitive data, including personal information of donors, beneficiaries, and employees. Cyber Essentials certification ensures that basic security measures are in place to protect this data from cyber threats.
2. Build Trust: Certification demonstrates to donors, partners, and beneficiaries that the charity takes cyber security seriously. This builds trust and confidence in the organization’s ability to safeguard their information.
3. Prevent Cyber Attacks: Cyber attacks can disrupt operations, leading to financial losses and damage to reputation. Cyber Essentials helps charities implement fundamental security controls to prevent common cyber threats.
4. Compliance and Regulations: Adhering to cyber security standards and regulations is increasingly important. Cyber Essentials certification helps ensure that a charity meets necessary legal and regulatory requirements.
5. Financial Protection: Many Cyber Essentials certifications include cyber liability insurance, providing financial protection against potential cyber incidents. This can be crucial for a charity's sustainability in case of a breach.
6. Operational Continuity: Implementing cyber security measures helps ensure the smooth operation of the charity’s activities, minimizing the risk of disruption due to cyber incidents.
7. Donor Assurance: Donors want to be assured that their contributions are safe and used effectively. Cyber Essentials certification reassures donors that the charity is committed to protecting their donations and personal information.
8. Improved Cyber Awareness: The certification process raises awareness within the organization about cyber security best practices, encouraging a culture of vigilance and continuous improvement.
By becoming Cyber Essentials certified, charities can better protect their assets, enhance their reputation, and ensure the continuity of their important work.
How much will it cost for the Review & Submit Plan?
Pricing is dependent on the size of your organisation. The pricing is structured as below;
Micro (0-9 Employees) - £550 + VAT
Small (10-49 Employees) - £650 + VAT
Medium (50-249 Employees) - £750 + VAT
Large (250+ Employees) - POA
You can see more information on our Pricing & Plans page here.
How much will it cost for the Fully Managed Plan?
Pricing is dependent on the size of your organisation. The pricing is structured as below;
Micro (0-9 Employees) - £1,000 + VAT
Small (10-49 Employees) - £1,100 + VAT
Medium (50-249 Employees) - £1,200 + VAT
Large (250+ Employees) - POA
You can see more information on our Pricing & Plans page here.
What's the difference between the Review & Submit plan and the Fully Managed plan?
Our Review & Submit plan is designed for charities that are already familiar with Cyber Essentials and believe they have the necessary controls in place, or are renewing a previous certification.
You may need assistance in reviewing the application for compliance with the latest standards or advice on changes needed to meet the requirements. Once we confirm everything is in order, your application can be submitted and assessed by our experts.
Our Fully Managed plan is tailored for charities that are new to Cyber Essentials and may not yet have established security controls. We provide comprehensive guidance throughout the entire certification process, handling all the details for you.
Whichever plan you choose, our dedicated team will ensure your charity passes on the first attempt.
What is included in the scope of Cyber Essentials? Do I need to factor in devices used at home?
Any device that is used to 'work' or has access to any form of company data should be in the scope of Cyber Essentials.
If you'd like more detail on the scope so you can prepare your business, please get in touch and we can provide a detailed government-issued document.
What changes happened to Cyber Essentials in 2022?
The changes to Cyber Essentials - enforced by the National Cyber Security Centre - were published on 24th January 2022.
The changes made were quite significant and brought more focus on Home workers and Password requirements. You can read about the changes in more detail here.
Do you have any tools to help me prepare for certification?
We use the IASME Cyber Essentials Readyness Tool with our clients as part of the process of preparing you for certification.
What are the benefits of Cyber Essentials?
Key benefits include peace of mind from knowing your charity’s systems and information are secure from cyber attacks. Additionally, being Cyber Essentials certified can help you secure more partnerships and contracts, as this certification is increasingly required.
How long does Certification take?
The time it takes is different for every business but typically we can complete a 'Review & Submit' certification within 24 hours and a 'Fully Managed' certification within a week, providing you can get the right controls in place within that timeframe.
The timeframe does somewhat rely on your business as the certification and questions that need answering will be unique to your buisness, so we'll need to get to know how you operate and ask questions in order to get you certified.
Do you provide Cyber Essentials Plus?
Absolutely. We can take your organisation through Cyber Essentials Plus too. Simply contact us for a tailored quote.
How long will my certification last?
Every certification lasts 12 months and will need to be renewed each year.
If I have ISO-27001, do I need Cyber Essentials?
Cyber Essentials Scheme was designed for SME's who may not want to or need to go through the more in depth controls required by ISO-27001, so it is a valid alterntive and government backed.
After one year, do I need to go through the Certification all over again?
In short, yes. Due to the nature of the certification, it's important that you are adhering to the security practices you committed to in your initial assessment so a yearly review is mandatory in order to retain your certified status.
Your next assessment will be easier as the groundwork will already be in place.
Do I need an onsite audit for Cyber Essentials?
An onsite audit isn't required for Cyber Essentials but it will be if you decide to become Cyber Essentials Plus certified.
The key difference between the two certifications is that in Plus, what you state in your certification is physically checked.
Do I need the standard Cyber Essentials certification in order to become CE Plus certified?
Yes, you will need to go through the self assessed (basic) certification before you can take the Cyber Essentials Plus.
What's the difference between Cyber Essentials and Cyber Essentials Plus?
Cyber Essentials, is a self-assessed process, Cyber Essentials Plus is an audited process, so it is essentially an audit to confirm that you do all of the things you said you did in the self-assessment, with the addition of a newtork vulnerability scan which is also required.
What happens if we fail our Certification?
Should you fail, guidance on how you failed will be provided and you have 48 hours to implement any missing controls, and resubmit for a re-assessment for Free.
Is everyone eligible for the £25k Cyber Liability Insurance?
The Free Cyber Insurance is valid for businesses or charities with up to £20m per annum turnover.
How do I get the £25k Cyber Liability Insurance?
As part of the assessment questionaire you will provide the relevant details required for the insurance and it is issued automatically upon successful certification.
© Get Cyber Essentials Certified Charities is a trading name of Cloud4 Technology Ltd, a Cyber Essentials Certification Body
Company Registration No: 06966921 | VAT Registration No: 994 4430 87
Registered Address: Victoria 198, Chapel Street, Leigh, WN7 2DW
