Cyber Essentials Renewal passed with flying colours
“It doesn’t seem that long since we last updated our readers to say that our efforts to become Cyber Essentials accredited were successful. Well, we’ve successfully re-certified showing that the framework and implementation of our service continues to pass the high standards required.” Chris Johnson, Dev Ops Manager, April 2019
As a result of tests carried out by CREST Accredited IT security company Pentest People and an assessment of our working practices and procedures Welfare Call Group Ltd has been awarded Cyber Essentials accreditation, again.
This means that we meet (or exceed) the security measures that are required for suppliers of Government contracts that involve handling personal information.
Despite the fact that the team has grown and we’ve added many new features and even complete new services our Internal IT teams have continued to work with security as a primary consideration. Clients can be reassured that the security practices Welfare Call was already using and the security processes we have in place already met these guidelines.
A Cyber Essentials certificate provides independent assurance that Welfare Call Ltd have the protections correctly in place to handle the sensitive data that is the deliverable element of our services. You can use the National Cyber Security Centre Cyber Essentials accredited list to independently confirm our status or that of any other company you are considering buying services from.
What is Cyber Essentials?
Cyber Essentials is a government-backed certification scheme that sets out a good baseline of cyber security.
The assessment covers :
- server configuration
- boundary firewall and internet gateways
- access control and privilege management
- malware protection
- updates and patch management
Having Cyber Essentials certification builds on the confidence given by the results of our existing penetration tests and adds a standard to measure these results against, demonstrating our approach to security. This can be used as a benchmark when comparing our services.
Why have Cyber Essentials?
Having a Cyber Essentials badge shows
- We have the correct security, policies and procedures in place to protect our organisation and your data against common cyber threats
- That we take security seriously
- That we are able to bid for government contracts*
*Since October 2014 Cyber Essentials has been mandatory for suppliers of Government contracts which involve handling personal information and providing some ICT products and services. Holding a Cyber Essentials badge enables you to bid for these contracts. Find out more here.
“Cyber Essentials helps prevent the vast majority of cyber attacks. Even a simple virus or piece of malware could result in loss of company and client data, disrupt your cash flow and take up staff time. An attack could also put off your customers, stop you trading and damage your hard-earned reputation. It could also be reported in the local media. Loss of data could breach the Data Protection Act and lead to fines or prosecution.” Source : https://www.cyberaware.gov.uk/cyberessentials/
Although we started this process some years ago the continuous stream of exploits that are reported through resources such as the National Cyber Security Centre (https://www.ncsc.gov.uk/section/keep-up-to-date/threat-reports) show the value of having established and robust procedures in place to prevent disruption caused by malware, phishing and other increasingly common exploits. A combination of using up to date software, having the latest security updates installed and having malware protection in place goes a long way to minimising the risk of this sort of disruption and preventing data loss. Welfare Call has built a strong and skilled team to make sure we can deliver a secure service.
The people fulfilling the role of Data Controller for our clients are under pressure to ensure that their data is as secure as possible. Choosing Welfare Call Ltd as the Data Processor in the partnership to deliver ePEP, attendance and analytics related services is now that much easier with the knowledge that security benchmarks have been met.
“We’re not ones to sit on our laurels. Security is something that is always on our mind and we have already been holding discussions on how we can improve security beyond that required by Cyber Essentials. We already have projects in place to attain higher levels of certification. Be reassured that we will continue to have security as the top priority in any development of existing services and any new services we deliver.” Stuart Henderson, Director