TÜV SÜD United Kingdom, a product testing and auditing body, has achieved Certified Body status for the UK Government’s Cyber Essentials scheme.
Organisations certified by TÜV SÜD can promote that their IT systems comply with a UK Government-endorsed standard, showing that they are protecting their own and their customers’ data by having robust and secure IT.
Cyber Essentials is now mandatory for suppliers of UK Government contracts, which involve handling personal information, and providing ICT products and services. It will also enable organisations to prove they have taken the appropriate risk mitigation to comply with the new General Data Protection Regulation (GDPR), TÜV SÜD add. Organisations in non-compliance with the GDPR after May 2018 could face fines of up to four per cent of annual global turnover in the event of a data breach.
Ewan Fisher, Shared Services Centre Performance & Operations Manager at TÜV SÜD United Kingdom, said: “Cyber criminals target every size of organisation, both large and small. Cyber Essentials helps them to combat cyber attacks, the majority of which exploit basic IT system vulnerabilities. By making it easier for organisations to protect themselves, they are less likely to suffer data loss, which could have a significant impact in terms of lost revenue or reputation, as well as result in fines or prosecution.
“As a globally recognised provider of independent testing, inspection and certification, TÜV SÜD is the perfect Certified Body partner for an organisation that wishes to become Cyber Essentials certified so it can proactively demonstrate its commitment to IT security and the protection of customer data.”
Briefly, the Cyber Essentials standard covers five areas:
Secure configuration – security measures that are implemented when building and installing computers and network devices to reduce unnecessary cyber vulnerabilities.
Boundary firewalls and internet gateways – provide a basic level of protection where a user connects to the Internet.
Access control and administrative privilege management – protects user accounts and helps to prevent misuse of privileged accounts.
Patch management – ensures that software on computers and network devices is up to date and capable of resisting low-level cyber attacks.
Malware protection – protects against a broad range of malware (including computer viruses, worms, spyware, botnets and ransomware).
