How to get your Business Certified

The first stage in the certification process is to decide which level to certify against – Cyber Essentials or Cyber Essentials Plus.

Regardless of which level you choose, all companies must first complete their CE Basic assessment through The Cyber Highway. The Cyber Highway is the only route to Cyber Essentials certification in Canada.

Cyber Essentials Plus – tests of an organization’s systems are carried out by an external Certification Body.

Certification Bodies conduct a remote technical assessment aimed at validating elements of the evidence that companies have provided through The Cyber Highway. For Cyber Essentials Plus, an onsite validation / audit is required.

The key differentiator for Cyber Essentials Plus is the inclusion of a technical review of the organization’s workstations and other devices such as smart phones and tablets. This additional phase of testing increases the validity of certification considerably by providing evidence of compliance against the following scenarios:

  • Can malicious files enter the organization from the internet through either web traffic or email messages?
  • Should malicious content enter the organization, how effective are the anti-virus and malware protection mechanisms?
  • Should the organization’s protection mechanisms fail, how likely is it that the organization will be compromised due to failings in the patching of the organization’s workstations?

Did you know?

50% of private sector Boards of Directors and 24% of public organizations identify cybersecurity as their top challenging risk to effectively oversee.

Cyber Essentials Canada concentrates on five key controls.

Cyber Essentials Plus is a more thorough assessment of the organization and, as a result, may provide greater security assurance. However, it does come at an additional cost. Ultimately the decision on which level to certify against will be influenced by an organization’s cybersecurity stance and those of its business partners, suppliers and stakeholders.

Once an organization has been assessed against the Cyber Essentials Standard and passes, they will receive the relevant Cyber Essentials badge based on the level of certification achieved, which demonstrates that they have achieved a fundamental level of cybersecurity.

Cyber Essentials Certification Bodies are currently being accredited by QG Business Solutions, an approved UK government accreditation body. All data through The Cyber Highway is stored in Canada.

For more information on how to become a Certification Body contactCyber Essentials Canada

Looking for more information on Certification and Cybersecurity Updates?