Fifth Step Achieves Cyber Essentials PLUS Certification 2017

London, 27th January 2017 – Fifth Step has achieved the UK Government’s Cyber Essentials Plus certification placing the leading IT and cyber resilience consultant firmly at the front of data protection standards expertise. The accreditation complements Fifth Step of achieving separate ISO27001 and ISO22301 certification.

Having already obtained the UK Government’s Cyber Essentials’ certification, this advanced data protection certification covers the same requirements as Cyber Essentials but tests of the systems are carried out by an external certifying body, using a range of tools and techniques.

Cyber Essentials Plus offers a higher level of assurance through the use of an independent testing regime. Certification at either Cyber Essentials or Cyber Essentials Plus is a good guide to Fifth Step’s ability to mitigate the risks from Internet based threats.

Fifth Step as well as other certifying organisations will need to re-certify once a year, or more frequently as necessary to meet specific procurement or customer requirements.

Fifth Step Information Security Analyst Natasha Brown said: “The data protection area of the Government’s website explains that Cyber Essentials offers a sound foundation of basic hygiene measures that all types of organisations can implement and potentially build upon. The Government believes that implementing these measures can significantly reduce an organisation's vulnerability”.

As the Government acknowledges, however, Cyber Essentials does not offer a silver bullet to remove all cyber security risk; for example, it is not designed to address more advanced, targeted attacks and hence organisations facing these threats will need to implement additional measures as part of their security strategy. What Cyber Essentials does do is define a focused set of controls which will provide cost effective, basic cyber security for organisations of all sizes.

“Fifth Step recommends a holistic cyber belt and braces approach to data protection that includes Cyber Essentials and other respected resilience frameworks such as NIST, and ISO 27001. In addition a good governance approach is essential. The fact is that people within the enterprise are often the biggest risk to an organisation so monitoring of procedures and a commitment to training and continuous improvement are vital.”

For the latest thought leadership on a range of information on IT leadership, project management, cyber protection and other technology topics, please view our blog.