Once a decision has been reached to proceed with a Cyber Essentials certification, a Certifying Body must be appointed to carry out the assessment - a list of CREST's Certifying Bodies can be found here. Organisations have a number of suppliers that they can select. Value can be gained by appointing a supplier who is certified and possesses accredited consultants as it is the combination of these features that will provide an organisation with the greatest assurance and confidence that an effective assessment has been performed in the most professional manner. Many organisations, however, face a challenge in identifying trusted suppliers that have access to competent, qualified experts.
CREST is a not-for-profit trade association and accreditation body whose role is to create and maintain high standards within the cyber security sector and to drive a consistency of quality across its member organisations to offer assurance to the buying community. Any organisation procuring Cyber Essentials services can rest assured that CREST Cyber Essentials Certifying Bodies have:
- Demonstrated appropriate levels of quality assurance processes, security controls, security assessment methodologies and met additional qualification criteria;
- Proven access to technically competent and qualified staff;
- Committed to abiding to the requirements of Certification Bodies for Cyber Essentials;
- Signed an enforceable Code of Conduct.
In addition to Cyber Essentials certification services, CREST Certifying Bodies also provide a range of other services to help organisations better manage their cyber security risks. These include:
- Penetration testing
- Security audit and compliance
- Security policy
- Security architecture
- Cyber security incident response.
This takes away much of the stress in validating the competence of the cyber security assessors and almost certainly ensures a faster route to certification.
Any Certifying Body will be able to talk through the requirements and scoping necessary for Cyber Essentials or Cyber Essentials Plus assessments and help organisations to understand their options.
CREST has a large number of Certifying Bodies whose details are available on both the Certifying Bodies page of this Cyber Essentials website and on the CREST website – www.crest-approved.org - which also profiles each company to help organisations make their selection and move to formally appoint.
Short awareness training courses can be found here.