Cyber Essentials; is self certification worth the paper it written on? If you do self certify why not self certify to ISO27001?
Cyber Essentials gives business the ability to self certify that they follow a number of controls that will ensure that the basic requirements for cyber security have been met and that in turn the business is somewhere near GDPR compliant in relation to data security.
The first thing that should come to mind with self certification is the TRUTH, here we a situation where a business can answer some questions on a form and in return for a not unsubstantial sum receive a certificate of accreditation. If you are in any way sceptical you may look to the internet and find the answers to the Cyber Essentials questions within 5-10 seconds. The truth issue is that the answers copied from the internet can be submitted and accepted without question, no checks are required.
Where do we go from here, we have a Government backed scheme administered by independent certification bodies which most are not themselves UKAS accredited, for those of you who don’t know UKAS is the National Accreditation Body for the United Kingdom. They are appointed by government, to assess and accredit organisations that provide services including certification, testing, inspection and calibration.
Question, why would you self certify to Cyber Essentials if you could self certify the ISO27001?
The Government term Cyber Essentials as “Cyber Essentials is a simple but effective, government backed scheme that will help you to protect your organisation, whatever its size, against a whole range of the most common cyber attacks.” Most providers of Antivirus software would say the same no doubt so where is the benefit?
A certification body supplies a certificate on evidence that an organisation complies with a standard and this goes for any standard you can think of. That evidence could be a physical visit to a site, a remote audit as has been the case during COVID or in the case of Cyber Essentials on receipt of an acceptable questionnaire.
Make your own certificate!
ZEBSOFT provides a complete platform that will enable any business to control and comply with the requirements of ISO27001 as part of its default settings. By setting the system up to needs of your business and by applying the requirements of the ISO27001 you will be in a position to self certify as being an ISO27001 compliant organisation!
What’s the catch?
Ok so a customer may not accept your certificate and request one produced by a Certification Body but most likely they will ask you to complete a questionnaire that follows the structure of ISO27001 to ascertain if you are compliant. By using ZEBSOFT you will be able to confidently demonstrate the fact you do actually comply with ISO27001 and it is embedded in your organisation.
What’s the upside?
You have saved a fortune, in the instance of Cyber Essentials you haven’t wasted money on a fallible and questionable method of certification and in the case of ISO27001 possibly 10’s of thousands pounds getting ready for audit and the 10’s of thousands of pounds to be audited.
When you have ZEBSOFT embedded and your operating to ISO27001, third party certification will be easy, only your audit will be required with ZEBSOFT saving you those 10’s of thousands of pound associated with template documentation and consultancy.
ISO standards are voluntary standards nobody says you can’t self certify……….. Worth a thought!