Cyber Essentials Toolkit v3 Implementation Guide
5 Implementation resources Relevant Toolkit documents: • • • • • • • • • • • • • •
Toolkit Completion Instructions Cyber Essentials Implementation Guide Cyber Essentials Overview Cyber Essentials Toolkit Index Cyber Essentials Evidence Documentation Log Project Definition Cyber Essentials Project Plan Information Security Policy Awareness Training Presentation Acceptable Use Policy Remote Working Policy Gap Assessment Tool Progress Report
We know from experience that better cyber security doesn’t happen by accident and adding a layer of basic project management to the exercise will make things run a lot more smoothly. So, within the Toolkit we have provided a number of resources that will help you to define your project, manage it and communicate effectively with the relevant people within your organisation. In addition to a project definition, progress report and documentation log, we have added a presentation to be used to raise awareness among your staff and a couple of useful policies which address information security at an overview level. We have also included an overall Information Security Policy which is intended to act as a high-level guide to how your organisation approaches information security. Although this is not explicitly required by Cyber Essentials, you may find that various parties such as big customers may want to see this document, so it can come in very useful. The policy lists the supporting policies within the toolkit (such as Mobile Device Policy and Access Control Policy) and It’s fine to keep it this way; some organisations decide to combine these policies into a single document, and that’s fine too, there’s no right or wrong way to structure your approach to policies. The Gap Assessment Tool will help you judge how close you currently are to meeting the certification requirements of Cyber Essentials, identify specific actions to be carried out, and provide charts and reports to management on where things stand. Having defined what it is you’re trying to achieve and set the scene within your organisation, it’s time to start looking at the specific controls that Cyber Essentials requires to be in place.
www.certikit.com
Page 11 of 22
