Cyber Essentials
“As Data Services Manager at NOE CPC one of my main responsibilities is ensuring the Cyber Security of our systems, data and hardware. This is of course vital for all business, but the fallout from the catastrophic “WannaCry” cyber attack on the NHS in 2017 highlighted just how important this is to NHS bodies. It is estimated that the 2017 attack cost the NHS in the region of £92 Million. Couple that stat with the estimate that one small business in the UK is hit by a cyber-attack every 19 seconds, and this really underlines how important it is to ensure our Cyber Security meets the very highest standards.
“A key element to our Cyber Security strategy last year was to gain the National Cyber Security Centre (NCSC) Cyber Essentials accreditation. The NCSC launched their Cyber Essentials scheme 2014 to help combat the rise of cyber-attacks and provide guidance to business on how to protect themselves. The scheme involves a certification which allows businesses to demonstrate they have taken the necessary steps to protect against the most common cyber-attacks, as well as demonstrating that business’s commitment to cyber security. New Government Contracts that involve handling sensitive and personal information now require bidding business to have Cyber Essentials accreditation. All these factors made gain the accreditation a priority for us.
"The first step on the accreditation path was to achieve Cyber Essentials Basic – which is a self-assessment where a business responds to a wide variety of questions detailing the level of cyber security the business has achieved. This is focused on the 5 main controls within Cyber Essentials:
- Firewalls
- Secure Configuration
- Access Control
- Security Update Management
- Malware Protection
"The process helped us identify some areas where we needed to align our practices with the current Cyber Essentials Baseline and so actively helped us increase our Cyber Security profile. We successfully gained the accreditation in May 2022 which will last for a year – whereupon we will need to undergo a new self-assessment to ensure we remain compliant with the standards required.
"The second step for us was to go further than just the Cyber Essentials Basic certification and to achieve Cyber Essentials Plus. This involves undertaking an external audit, carried out by a Cyber Essentials Affiliated Auditor, which actively tests the organisations systems and hardware to ensure they meet the required standards. This more rigorous process provides more confidence that the accredited organisation is taking cyber security seriously and has the correct protection in place. NOE CPC achieved Cyber Essentials Plus Accreditation in August 2022 – which again needs to be renewed every 12 months.
"Achieving Cyber Essentials Plus allows NOE CPC to assure you that we take the security of the data we handle, and the safety of our business-critical systems seriously. You can have confidence that any data shared with us is being kept securely and in accordance with modern best practice. We would also strongly encourage you to ensure that your suppliers (especially those handling data and IT software, hardware and infrastructure) are Cyber Essentials accredited where possible.
"The scheme may also prove useful for ensuring your own organisation is well protected against cyber-attacks. You can find out more about Cyber Essentials at About Cyber Essentials - NCSC.GOV.UK , or if you would like to discuss this with the Technical Services Team at NOE CPC you can send us a message to enquiries@noecpc.nhs.uk.”