Information security Cybersecurity

4 Min

Cyber Essentials checklist & SAQ [Free download]

DataGuard Information Security Experts
DataGuard Information Security Experts

Cyber Essentials is all about how you can improve cybersecurity and mitigate risks in your organisation. The certification focuses on five security controls: firewalls, secure configuration, user access controls, security update management and malware management.

We uncover and discuss all five in the article, including the benefits of getting the certification and the key differences between Cyber Essentials and Cyber Essentials Plus.

You can also download and use a simplified Cyber Essentials checklist to verify your organisation’s readiness for certification.

In this blog post, we'll cover:

 

Why do you need a Cyber Essentials checklist?

A Cyber Essentials checklist helps you stay up-to-date on your cybersecurity obligations. It condenses the security requirements found in IASME's (Information Assurance for Small and Medium Enterprises) extensive self-assessment questionnaire (SAQ) into a simple guide.

Similar to the IASME’s SAQ, our Cyber Essentials checklist covers five key controls of cybersecurity, which you can refer to to ensure you remain compliant with Cyber Essentials. 

 

What are the five security controls of Cyber Essentials?

Cybersecurity concerns organisations of all sizes, and it's important to understand how to mitigate the risks associated with cyberattacks.

Cyber Essentials certification assures protection against most cyberattacks, i.e., the attacks that target networks which lack Cyber Essentials security controls. These controls fall under five main categories:

1. Firewalls

To comply with the Cyber Essentials certification, a firewall must be installed on all devices with internet connectivity. Firewalls create a "buffer zone" between your organisation's network/device and external networks. Make sure that opening/closing of ports are authorised and documented, and that firewalls are enabled on end user devices.

2. Secure configuration

The default settings for a network, device, or software cannot be considered safe as they often use an administrator account with a default password that anyone can find. Have all unnecessary software and user accounts been uninstalled and disabled? Computers and network devices should be set up to ensure maximum security for the organisation.

3. User access controls

Managing user accounts, especially those with special access privileges, prevents misuse and unauthorised access. Do you review admin accounts regularly and enforce user permissions policies? Accounts should only be assigned to authorised individuals with minimum access to applications, computers, and networks.

4. Security update management

Manufacturers and developers regularly release new updates and features that might address any identified security risks. Are all operating systems and mobile devices up-to-date? Applying these updates is known as "patching", and setting up your systems to update automatically ensures your system is protected the instant a new update is made available. 

5. Malware management

Organisations should install malware software on all devices with internet connectivity. Malware is intentionally created and spread to perform unauthorised activities on systems.

Some examples of malware sources are malicious email attachments, downloads, and unauthorised software installations. Check that malware protection and antivirus software are regularly updated.

The Cyber Essentials readiness toolkit helps you assess your readiness for Cyber Essentials. It relates to the 5 controls mentioned above, which, as of 24th January 2022, has been expanded to consider Bring Your Own Device (BYOD) policy, cloud services and home/remote working.

Assessing your readiness ensures that your organisation is on track to complying with Cyber Essentials, and is mandatory to ensure your organisation is safeguarded against cyber threats.

Why is the Cyber Essentials certification important?

On average, 80% of cyberattacks can be prevented with airtight cybersecurity and a Cyber Essentials certification. Some examples of preventable cyberattacks are:

  • Phishing attacks
  • Malware
  • Ransomware
  • Password-guessing attacks
  • Network attacks 

Being Cyber Essentials certified also demonstrates to your customers that your organisation is committed to data protection and cybersecurity, boosting your reputation and attracting new business. Once certified, your organisation will be listed on the NCSC’s website for a period of 12 months, as a public testament of your data protection commitments.

The cost of getting certified in Cyber Essentials depends on the size of your organisation and can range from £300 to £500 + VAT. Additionally, the cost of Cyber Essentials Plus certification can range from £1,900 and £4,000 + VAT.

Being Cyber Essentials certified also permits you to work with the UK Government. Should you choose to pursue a Cyber Essentials Plus certification, your organisation will be eligible to work with the UK Ministry of Defence. 

Let us take a quick look at how the two certifications differ.

 

Cyber Essentials vs Cyber Essentials Plus: What's the difference?

At first glance, the two certifications may seem similar. Both offer a limited number of resources that set the benchmark for cybersecurity,  but there are some key differences that set Cyber Essentials apart from Cyber Essentials Plus:

Cyber Essentials

Cyber Essentials Plus

Covers the basics of cybersecurity 

Extends to ethical hacking techniques

Certification requires an independent review of your organisation’s self-assessment

Certification requires an audit of your organisation 

Required for all organisations looking to secure government contracts

Required for all organisations pursuing MOD contracts, specifically 

Cyber Essentials Plus expands on the basic Cyber Essentials certification with a detailed audit of your organisation with more assurance of compliance. However, the basic Cyber Essentials SAQ is a valuable tool in assessing the state of your organisation's cybersecurity, and it's necessary to have the basic certification for three months before pursuing Cyber Essentials Plus. 

Get ready for Cyber Essentials certification

Reviewing your organisation’s existing cybersecurity measures is the first step to pursuing Cyber Essentials certification. Use the free Cyber Essentials checklist included in this article to assess your organisation’s readiness for the certification and decide whether you will benefit from the certification as well. Protect your organisation from malware and phishing attempts, and demonstrate a strong commitment to cybersecurity.

Cyber Essentials requirements tie in very closely with the ISO 27001 framework for information security, and the latter guides the requirements for an organisation’s Information Security Management System (ISMS). If you wish to learn more about the ISO 27001 standard and begin strengthening your organisation's infosec strategy, check out our article on becoming ISO 27001 compliant

Got more questions? Reach out to us, we'd be happy to consult on how yo can strengthen your organisation's cybersecurity.

 
Originally published updated
Checklist Cyber Essentials

Cyber Essentials Checklist

Get one step closer to your Cyber Essentials Certification.

 

Get your free checklist
Tags Information security Cybersecurity

About the author

DataGuard Information Security Experts DataGuard Information Security Experts
DataGuard Information Security Experts

Tips and best practices on successfully getting certifications like ISO 27001 or TISAX®, the importance of robust security programmes, efficient risk mitigation... you name it! Our certified (Chief) Information Security Officers and InfoSec Consultants from Germany, the UK, and Austria use their year-long experience to set you up for long-term success. How? By giving you the tools and knowledge to protect your company, its information assets and people from common risks such as cyber-attacks. What makes our specialists qualified? These are some of the certifications of our privacy experts: Certified Information Privacy Professional Europe (IAPP), ITIL® 4 Foundation Certificate for IT Service Management, ISO 27001 Lead Implementer/Lead Auditor/Master, Certificate in Information Security Management Principles (CISMP), Certified TickIT+ Lead Auditor, Certified ISO 9001 Lead Auditor, Cyber Essentials

Explore more articles

Don’t miss these topics:

Related Articles

Examples of data privacy risks
Information security

3 Min

Examples of data privacy risks

Discover why data privacy matters. Explore risks, regulations, and strategies for safeguarding sensitive information globally. Stay compliant and secure.

Read more
What is regulatory compliance?
Information security

3 Min

What is regulatory compliance?

Unlock the secrets of Regulatory Compliance: Understand laws, audits, and standards. Mitigate risks, ensure data security and foster transparency.

Read more
What is a DPA check?
Information security

5 Min

What is a DPA check?

Ensure GDPR compliance with a DPA Check. Verify data processing practices for security and legality. Trust, protect, and comply with confidence.

Read more
How to stay quick but secure: Cyber network security optimization
Security best practices

6 Min

How to stay quick but secure: Cyber network security optimization

Learn how to optimize your network to fend off cyber threats. Explore the synergy between network speed and cyber security.

Read more
What is customer journey mapping?
Information security

4 Min

What is customer journey mapping?

Explore customer journey mapping: Understand interactions, pain points, & preferences for enhanced satisfaction & loyalty. Optimize your strategy today!

Read more
Customer journey touchpoints: A guide for marketing leaders
Data Privacy

6 Min

Customer journey touchpoints: A guide for marketing leaders

Learn how to optimize customer journey touchpoints to improve marketing results, boost compliance, and enhance brand perception in this guide for marketeers

Read more

Contact Sales

See what DataGuard can do for you.

Find out how our Privacy, InfoSec and Compliance solutions can help you boost trust, reduce risks and drive revenue.

  • 100% success in ISO 27001 audits to date 
  • 40% total cost of ownership (TCO) reduction
  • A scalable easy-to-use web-based platform
  • Actionable business advice from in-house experts

Trusted by customers

Canon Logo Contact Hyatt Logo Contact Holiday Inn Logo Contact Unicef Logo Contact Veganz Logo Contact Burger King Logo Contact First Group Logo Contact TOCA Social Logo Contact Arri Logo Contact K Line Logo Contact

Get to know DataGuard

Simplify compliance

  • External data protection officer
  • Audit of your privacy status-quo
  • Ongoing GDPR support from a industry experts
  • Automate repetitive privacy tasks
  • Priority support during breaches and emergencies
  • Get a defensible GDPR position - fast!

Trusted by customers

Canon Logo Contact Hyatt Logo Contact Holiday Inn Logo Contact Unicef Logo Contact Veganz Logo Contact Burger King Logo Contact First Group Logo Contact TOCA Social Logo Contact Arri Logo Contact K Line Logo Contact

Get to know DataGuard

Simplify compliance

  • Continuous support on your journey towards the certifications on ISO 27001 and TISAX®️, as well as NIS2 Compliance.
  • Benefit from 1:1 consulting
  • Set up an easy-to-use ISMS with our Info-Sec platform
  • Automatically generate mandatory policies
Certified-Icon

100% success in ISO 27001 audits to date

 

 

TISAX® is a registered trademark of the ENX Association. DataGuard is not affiliated with the ENX Association. We provide consultation and support for the assessment on TISAX® only. The ENX Association does not take any responsibility for any content shown on DataGuard's website.

Trusted by customers

Canon Logo Contact Hyatt Logo Contact Holiday Inn Logo Contact Unicef Logo Contact Veganz Logo Contact Burger King Logo Contact First Group Logo Contact TOCA Social Logo Contact Arri Logo Contact K Line Logo Contact

Get to know DataGuard

Simplify compliance

  • Transparent consent collection
  • Comply with GDPR, CCPA, LGPD, ePrivacy, and more
  • Consolidate consents across multiple touchpoints
  • Support from privacy experts
  • Integrates with your marketing tools and CRM

Trusted by customers

Canon Logo Contact Hyatt Logo Contact Holiday Inn Logo Contact Unicef Logo Contact Veganz Logo Contact Burger King Logo Contact First Group Logo Contact TOCA Social Logo Contact Arri Logo Contact K Line Logo Contact

Get to know DataGuard

Simplify compliance

  • Proactive support
  • Create essential documents and policies
  • Staff compliance training
  • Advice from industry experts

Trusted by customers

Canon Logo Contact Hyatt Logo Contact Holiday Inn Logo Contact Unicef Logo Contact Veganz Logo Contact Burger King Logo Contact First Group Logo Contact TOCA Social Logo Contact Arri Logo Contact K Line Logo Contact

Get to know DataGuard

Simplify compliance

  • Comply with the EU Whistleblowing Directive
  • Centralised digital whistleblowing system
  • Fast implementation
  • Guidance from compliance experts
  • Transparent reporting

Trusted by customers

Canon Logo Contact Hyatt Logo Contact Holiday Inn Logo Contact Unicef Logo Contact Veganz Logo Contact Burger King Logo Contact First Group Logo Contact TOCA Social Logo Contact Arri Logo Contact K Line Logo Contact

Let's talk