At Dennis Maps we’ve got something to celebrate! We’ve recently been awarded Cyber Essentials Plus certification – the second time we’ve achieved the accolade. “This accreditation provides us and our customers with real reassurance about the resilience and security of our IT systems,” says Steve Burry, Managing Director at Dennis Maps.
What’s Cyber Essentials Certification?
Cyber Essentials is an accreditation system run by the National Cyber Security Centre, a government organisation that offers advice and support around digital security. The scheme helps us protect our IT systems against online threats. There are two levels of certification: Cyber Essentials and Cyber Essentials Plus. The first level of certification is a self-assessment option that offers protection against a range of common cyber threats. The technical controls offered by Cyber Essentials act as a deterrent to cyber criminals. The advanced certification, Cyber Essentials Plus, involves the same protections, but with the addition of a hands-on technical verification.
We’re pleased to say we’ve been awarded both levels of certification. These along with our ISO 27001 accreditation – a standard for information security management that’s internationally recognised – provide assurance that we manage our data to the highest security standards.
A rigorous process
We passed the basic Cyber Essentials certification for the first time in 2020, reapplying every year since. In 2022 and this year we successfully passed the process for Cyber Essentials Plus certification too – an extra stamp of approval for our IT security systems. We were supported by Geeking It Simple, our IT support company, to achieve the certification. Once we’d achieved Cyber Essentials, we worked towards Cyber Essentials Plus, which has four elements:
- External penetration test
The first element is an external penetration test. This test checks if a hacker could access internal systems via a variety of hacking methods. This tests the robustness of the security infrastructure we have in place to keep our systems safe. - Internal vulnerability scan
Phase two is an internal vulnerability scan. This is run across the network to identify any misconfigurations or unpatched vulnerabilities. - Infected file check
During the third stage an assessor tries to download infected files – that have been created by the assessors’ company to act as virus files – onto Dennis Maps’ systems, to see if they can circumnavigate our security. This includes downloading from the internet and via email attachments. - Inspection of mobile devices
For the fourth and final stage the assessor, Indelible Data, carried out a visual inspection of company mobile devices, to make sure they’re configured in compliance with our policies.
We had to pass all four stages to complete the Cyber Essentials Plus assessment, a rigorous but important process. Passing the assessment is certainly cause for celebration!
You might also like our post: Got an idea? We’re here to help
