NOE CPC re-accredited to Cyber Essentials and Cyber Essentials Plus
NOE CPC has been re-accredited to two schemes run by the National Cyber Security Centre (NCSC) aimed at protecting organisations from cyber attacks – Cyber Essentials and Cyber Essentials Plus.
Our Data Services Manager, Joseph Speed, discusses in this blog why we have been re-accredited and how we keep your data safe.
"As Data Services Manager at NOE CPC one of my main responsibilities is ensuring the Cyber Security of our systems, data and hardware. This is of course vital for all businesses, but the fallout from the catastrophic “WannaCry” cyber attack on the NHS in 2017 highlighted just how important this is to NHS bodies. It is estimated that the 2017 attack cost the NHS in the region of £92 Million. Couple that stat with the estimate that one small business in the UK is hit by a cyber-attack every 19 seconds, and this really underlines how important it is to ensure our Cyber Security meets the very highest standards.
“A key element to our Cyber Security strategy in recent years was to gain the National Cyber Security Centre (NCSC) Cyber Essentials accreditation. The NCSC launched their Cyber Essentials scheme in 2014 to help combat the rise of cyber-attacks and provide guidance to business on how to protect themselves. The scheme involves a certification which allows businesses to demonstrate they have taken the necessary steps to protect against the most common cyber-attacks, as well as demonstrating that business’s commitment to cyber security. New Government Contracts that involve handling sensitive and personal information now require bidding businesses to have Cyber Essentials accreditation. All these factors made gaining the accreditation a priority for us.
"The first step on the accreditation path was to achieve Cyber Essentials Basic – which is a self-assessment where a business responds to a wide variety of questions detailing the level of cyber security the business has achieved. This is focused on the 5 main controls within Cyber Essentials:
- Firewalls
- Secure Configuration
- Access Control
- Security Update Management
- Malware Protection
"The process helped us identify some areas where we needed to align our practices with the current Cyber Essentials Baseline and so actively helped us increase our Cyber Security profile. We successfully gained the accreditation in May 2022 and each accreditation lasts for a year, which means we undergo a self-assessment each year to ensure we remain compliant with the standards required.
"The second step for us was to go further than just the Cyber Essentials Basic certification and to achieve Cyber Essentials Plus. This involves undertaking an external audit, carried out by a Cyber Essentials Affiliated Auditor, which actively tests the organisations systems and hardware to ensure they meet the required standards. This more rigorous process provides more confidence that the accredited organisation is taking cyber security seriously and has the correct protection in place. NOE CPC achieved Cyber Essentials Plus Accreditation in August 2022 and we have now been re-accredited for 2024.
"Achieving Cyber Essentials Plus allows NOE CPC to assure you that we take the security of the data we handle, and the safety of our business-critical systems seriously. You can have confidence that any data shared with us is being kept securely and in accordance with modern best practice. We would also strongly encourage you to ensure that your suppliers (especially those handling data and IT software, hardware and infrastructure) are Cyber Essentials accredited where possible.
"The scheme may also prove useful for ensuring your own organisation is well protected against cyber-attacks. You can find out more about Cyber Essentials at About Cyber Essentials - NCSC.GOV.UK , or if you would like to discuss this with the Technical Services Team at NOE CPC you can send us a message to enquiries@noecpc.nhs.uk.”