Telephone
+44 (0)1928 723 701
Main office location
Develop Capability Limited
Hillview House
110a Bates Lane
Helsby, Frodsham
Cheshire
WA6 9LJ
United Kingdom
Request a quote
Questions & answers
How much does it cost to get a Cyber Essentials certification?
The cost of Cyber Essentials (verified self-assessment) is £300 + VAT.
What is required for certification to Cyber Essentials?
You complete the on-line self-assessment questionnaire . This must be verified and signed off by a member of the board or an equivalent signatory. It is then independently verified by our trained and certified consultants to certify against the government’s Cyber Essentials scheme.
We will contact you if we require further information. Once the answers are satisfactory and meet the requirements we will certify your organisation and issue your report and certificate.
Who will conduct our assessments for Cyber Essentials and Cyber Essentials Plus?
Only certification bodies that licensed to certify against the government’s Cyber Essentials scheme can undertake assessments and issue certificates. Develop Capability Ltd assessors are trained and we are licensed to deliver both Cyber Essentials and Cyber Essentials Plus certifications.
My organisation is not based in the UK. Can I still obtain Cyber Essentials certification?
Yes, organisations overseas are able to obtain certification.
What is required to get certified against ISO 27001, ISO 20000-1 or ISO 22301?
You must be able to show that you meet the requirements set out in the management standard. There should be evidence of at least one internal audit and at one management review. During the certification audit, the auditor will check to what extent the information security, business continuity or service management system has been effectively implemented. There should be good evidence of top management leadership that inspires and promotes continuous improvement.
What is the difference between Penetration Testing and Vulnerability Scanning?
Penetration testing (also called “pen testing”) and vulnerability scanning are both useful. For example both are required by the Payment Card Industry Data Security Standard (PCI DSS).
Vulnerability scans look for known vulnerabilities in your systems and report potential exposures. Penetration tests are intended to exploit weaknesses in the architecture of your IT network and determine the degree to which a malicious attacker can gain unauthorized access to your assets. A vulnerability scan is typically performed using an automated tool, while a penetration test is a manual test performed by a security professional.
A good analogy is that a vulnerability scan is like walking up to a door, checking to see if it is unlocked, and stopping there. A penetration test goes a bit further; it not only checks to see if the door is unlocked, but it also opens the door and walks right in.
What is the Data Protection Impact Assessment in GDPR?
One of the characteristics of GDPR is increased accountability. There is a requirement under GDPR for businesses to undertake Data Protection Impact Assessments (DPIA) when putting any processes in place that use new technology that is likely to result in a high risk to data subjects.
What is the data controller role in GDPR?
Under GDPR, both data controllers and data processors have specific obligations. The ICO defines data controllers as “the main decision-makers – they exercise overall control over the purposes and means of the processing of personal data.” They are the organisations who decide how personal data is processed, and what it is used for. If there is more than one person taking on this activity, using the same data for the same purpose, they are referred to as ‘joint controllers’. UK data controllers must also make sure that the data processors they instruct are also compliant. If data controllers breach their obligations, they may face action from an authority such as the ICO.
Generally, if you are a data processor, you will be working under a data controller’s instructions, but you will have your own responsibilities too. If you have any questions on your compliance responsibility, please contact us.
We will get to understand your business and then, using this knowledge, recommend practical solutions to any GDPR compliance challenge that you may face.
We were particularly pleased with their patient, professional and courteous service from start to finish of the audit. We have no hesitation in recommending their services to others.”