Cyber Essentials : 2021 Confirmed Compliant
“Despite the challenges and substantial changes in working practices over the last 12 months, as we all get used to a new ‘normal’ we are delighted to say that our security processes have met the everything 2020 could throw at them and, once again, we have passed the Cyber Essentials certification without any issues raised. The feedback form provided by the awarding body was ‘green for compliant’ on every single question, a credit to all the hard work put in by our teams that work on keeping our services secure. The implementation of our service continues to pass the high standards required for service providers to government.” Chris Johnson, Data Protection and Compliance Manager, November 2021
A new year and a new badge. This year the overseeing body was IASME once again so the testing process has stayed pretty much the same but with some more detail required compared to last year. Once again we have partnered with IT security specialists Pentest People to carry out an assessment of our working practices and procedures and Welfare Call Group Ltd has been awarded Cyber Essentials accreditation, again.
This means that we meet (or exceed) the security measures that are required for suppliers of Government contracts that involve handling personal information. It covers and answers many of the questions that we get asked by our clients and their agents’ organisations when they are completing a Data Protection Impact Assessments.
Clients can be reassured that Welfare Call’s continued use of proven best practices and tested security processes met these requirements.
The Cyber Essentials certificate provides independent assurance that Welfare Call Ltd have the protections correctly in place to handle the sensitive data that is the deliverable element of our services. You can use the National Cyber Security Centre Cyber Essentials accredited list to independently confirm our status or that of any other company you are considering buying services from.
What is Cyber Essentials?
Cyber Essentials is a government-backed certification scheme that sets out a good baseline of cyber security.
The assessment covers :
- server configuration
- boundary firewall and internet gateways
- access control and privilege management
- malware protection
- updates and patch management
Having Cyber Essentials certification builds on the confidence given by the results of our existing penetration tests and adds a standard to measure these results against, demonstrating our approach to security. This can be used as a benchmark when comparing our services.
Why have Cyber Essentials?
Having a Cyber Essentials badge shows
- We have the correct security, policies and procedures in place to protect our organisation and your data against common cyber threats
- That we take security seriously
- That we are able to bid for government contracts*
*Since October 2014 Cyber Essentials has been mandatory for suppliers of Government contracts which involve handling personal information and providing some ICT products and services. Holding a Cyber Essentials badge enables you to bid for these contracts. Find out more here.
“Cyber Essentials helps prevent the vast majority of cyber attacks. Even a simple virus or piece of malware could result in loss of company and client data, disrupt your cash flow and take up staff time. An attack could also put off your customers, stop you trading and damage your hard-earned reputation. It could also be reported in the local media. Loss of data could breach the Data Protection Act and lead to fines or prosecution.” Source : https://www.cyberaware.gov.uk/cyberessentials/
Although we started this process some years ago the continuous stream of exploits that are reported through resources such as the National Cyber Security Centre (https://www.ncsc.gov.uk/section/keep-up-to-date/threat-reports) show the value of having established and robust procedures in place to prevent disruption caused by malware, phishing and other increasingly common exploits. A combination of using up to date software, having the latest security updates installed and having malware protection in place goes a long way to minimising the risk of this sort of disruption and preventing data loss. Welfare Call has built a strong and skilled team to make sure we can deliver a secure service.
The people fulfilling the role of Data Controller for our clients are under pressure to ensure that their data is as secure as possible. Choosing Welfare Call Ltd as the Data Processor in the partnership to deliver ePEP, attendance and analytics related services is now that much easier with the knowledge that security benchmarks have been met.
What next?
“We’re not ones to sit on our laurels. Security is something that is always on our mind and we have already been holding discussions on how we can improve security beyond that required by Cyber Essentials. We already have projects in place to attain higher levels of certification. Be reassured that we will continue to have security as the top priority in any development of existing services and any new services we deliver.” Stuart Henderson, Director