Contact

You complete the on-line self-assessment questionnaire . This must be verified and signed off by a member of the board or an equivalent signatory. It is then independently verified by our trained and certified consultants to certify against the government’s Cyber Essentials scheme.

We will contact you if we require further information. Once the answers are satisfactory and meet the requirements we will certify your organisation and issue your report and certificate.

Only certification bodies that licensed to certify against the government’s Cyber Essentials scheme can undertake assessments and issue certificates. Develop Capability Ltd assessors are trained and we are licensed to deliver both Cyber Essentials and Cyber Essentials Plus certifications.

Yes, organisations overseas are able to obtain certification.

You must be able to show that you meet the requirements set out in the management standard. There should be evidence of at least one internal audit and at one management review. During the certification audit, the auditor will check to what extent the information security, business continuity or service management system has been effectively implemented. There should be good evidence of top management leadership that inspires and promotes continuous improvement.

Penetration testing (also called “pen testing”) and vulnerability scanning are both useful. For example both are required by the Payment Card Industry Data Security Standard (PCI DSS).

Vulnerability scans look for known vulnerabilities in your systems and report potential exposures. Penetration tests are intended to exploit weaknesses in the architecture of your IT network and determine the degree to which a malicious attacker can gain unauthorized access to your assets. A vulnerability scan is typically performed using an automated tool, while a penetration test is a manual test performed by a security professional.

A good analogy is that a vulnerability scan is like walking up to a door, checking to see if it is unlocked, and stopping there. A penetration test goes a bit further; it not only checks to see if the door is unlocked, but it also opens the door and walks right in.

Under GDPR, both data controllers and data processors have specific obligations. The ICO defines data controllers as “the main decision-makers – they exercise overall control over the purposes and means of the processing of personal data.” They are the organisations who decide how personal data is processed, and what it is used for. If there is more than one person taking on this activity, using the same data for the same purpose, they are referred to as ‘joint controllers’. UK data controllers must also make sure that the data processors they instruct are also compliant. If data controllers breach their obligations, they may face action from an authority such as the ICO.

Generally, if you are a data processor, you will be working under a data controller’s instructions, but you will have your own responsibilities too. If you have any questions on your compliance responsibility, please contact us.

We will get to understand your business and then, using this knowledge, recommend practical solutions to any GDPR compliance challenge that you may face.