Suppliers bidding for government contracts that require handling sensitive and personal information will need to comply with cyber security controls from 1 October.
The government has developed Cyber Essentials – a set of controls to offer a “sound foundation of basic cyber hygiene measures which can significantly reduce a company’s vulnerability”.
There are two levels of assurance available to satisfy the requirement – Cyber Essentials and Cyber Essentials Plus. Organisations assessed as successful in meeting the scheme’s requirements are awarded a certificate and are able to display the appropriate Cyber Essentials or Cyber Essentials Plus badge on their marketing material.
Cabinet Office minister Francis Maude said: “It’s vital that we take steps to reduce the levels of cyber security risk in our supply chain. Cyber Essentials provides a cost-effective foundation of basic measures that can defend against the increasing threat of cyber attack.
“Businesses can demonstrate that they take this issue seriously and that they have met government requirements to respond to the threat. Gaining this kind of accreditation will also demonstrate to non-government customers a business’s clear stance on cyber security.
“Cyber Essentials is a single, government and industry endorsed cyber security certification. It is accessible for businesses of all sizes and sectors to adopt, and I encourage them to do so.”
The scheme was launched in June and insurance firms such as AIG are offering incentives to businesses to become certified. Larger organisations, such as Hewlett-Packard (HP), are also beginning to demand Cyber Essentials accreditation from suppliers.
Stuart Bladen, regional vice president and general manager for UK public sector, HP Enterprise Services said: “Our extended supply chain of differing business types, including a large SME community, can get affordable cyber security assurance to protect their own and HP intellectual property and information, and that of customers.
“For this reason HP UK Public Sector has written to its entire supply chain explaining the merits of the certification and notifying our intention to require them to adopt this scheme.”