Government mandates new cyber security standard for suppliers
From 1 October 2014, all suppliers must comply with the new Cyber Essentials controls if bidding for some government contracts.
The government is improving cyber security in its supply chain. From 1 October 2014, all suppliers must be compliant with the new Cyber Essentials controls if bidding for government contracts which involve handling of sensitive and personal information and provision of certain technical products and services.
Read about the Cyber Essentials scheme and the Procurement policy notice on certification.
Cyber Essentials was developed by government, in consultation with industry. It offers a sound foundation of basic cyber hygiene measures which, when properly implemented, can significantly reduce a company’s vulnerability. The scheme’s set of 5 critical controls is applicable to all types of organisations, of all sizes, giving protection from the most prevalent forms of threat coming from the internet.
Minister for Cabinet Office, Francis Maude said:
"It’s vital that we take steps to reduce the levels of cyber security risk in our supply chain. Cyber Essentials provides a cost-effective foundation of basic measures that can defend against the increasing threat of cyber attack. Businesses can demonstrate that they take this issue seriously and that they have met government requirements to respond to the threat. Gaining this kind of accreditation will also demonstrate to non-government customers a business’s clear stance on cyber security.
"Cyber Essentials is a single, government and industry endorsed cyber security certification. It is accessible for businesses of all sizes and sectors to adopt, and I encourage them to do so."
The scheme was launched in June and is gathering pace, with insurance firms like AIG offering incentives to businesses to become certified and larger organisations like Hewlett-Packard (HP), one of its early adopters, also beginning to demand it from their own supply chains. Stuart Bladen, Regional Vice President & General Manager, UK Public Sector, HP Enterprise Services said:
"Cyber Essentials helps keep businesses safe online, which is why HP has been an active supporter of the scheme from its initial concept. Our extended supply chain of differing business types, including a large SME community, can get affordable cyber security assurance to protect their own and HP intellectual property and information, and that of customers.
"For this reason HP UK Public Sector has written to its entire supply chain explaining the merits of the certification and notifying our intention to require them to adopt this scheme."
To ensure the scheme is flexible and affordable, there are 2 levels of assurance available, Cyber Essentials and Cyber Essentials Plus. Organisations assessed as successful in meeting the scheme’s requirements are awarded a certificate and are able to display the appropriate Cyber Essentials or Cyber Essentials Plus badge on their marketing material.
Helping to meet the demand for businesses wanting to get Cyber Essentials is a new accreditation body, QG, which joins CREST and the IASME Consortium in appointing firms who can certify company applications.
Mandating Cyber Essentials will provide further protections for the information the government handles and will encourage adoption of the new scheme more widely.