I’m proud to announce that PowerON has achieved Cyber Essentials Plus certification!
If you’re not aware of this certification, it’s a UK Government backed scheme that assesses an organisations security posture across 5 key focus areas with external validation to prove the controls and processes are in place for good security hygiene.
The certification is made up of two parts. Firstly is the Cyber Essentials verified self-assessment phase which, as it sounds, consists of completing a questionnaire and having it checked over to ensure it meets the requirements by an external body that is accredited to do so by IASME.
This phase captures information about your organisation, your environment, your controls for anti-malware, application and OS lifecycle management, identity management etc
If you’ve already been through ISO27001 (like ourselves) this won’t be too much hassle as you’ll already have the controls, policies and processes in place to support it.
If not, this isn’t just a tick box exercise where you can just mark yes or no answers. Be prepared to back up your answers with data and process references etc.
Once you’ve completed this first stage, at which point you gain accreditation for Cyber Essentials, you can move onto the “Plus” second phase.
This phase involves an external body performing vulnerability scans across any internet exposed services you have, as well as across your internal environments. It also involves physically checking a sample of your estate to ensure they’re being patched, security controls are in place, unapproved applications can’t run and malware is blocked.
Since we deliver secure desktop design and configuration for our customers, this is nothing that we weren’t expecting, nor unprepared for thankfully.
We’ve long talked about and helped customers across:
- Device Provisioning
- Secure Baseline Configuration
- OS and Application Lifecycle Management
- Application Restrictions
- Approved Application Delivery
- Removing Local Admin Rights
- Identity and Security Management
- Starters, Leavers and Movers Process
- Vulnerability and Security Monitoring with Defender for Endpoints
If you’re looking to gain Cyber Essentials and would like some assistance making sure your desktop environment is configured and well managed, reach out to us!
I’m always happy to share what works and what to consider when it comes to user productivity impact and how we might be able to help you.
For a helpful guide to the areas you need to be focusing in on, check out my Cyber Essentials Plus video series.