Cyber Essentials Toolkit v3 Implementation Guide
8 Frequently asked questions 8.1 Why should our organisation be Cyber Essentials certified? A virus could result in your organisation losing company and client data, disrupting cashflow and taking up staff time. An attack could also put off customers, damage your reputation and even prevent you from trading. Loss of personal data could breach laws such as the GDPR or the Data Protection Act and lead to fines or prosecution. Obtaining the certification will protect your organisation against common cyber threats, show your customers you take cyber security seriously and enable you to bid for government contracts.
8.2 Is Cyber Essentials certification mandatory? Simply put, no it isn’t. But since October 2014, it has been mandatory for suppliers of more sensitive contracts with the British Government to be certified. If your organisation is not certified, you may not be entitled to bid for those lucrative public sector contracts.
8.3 What does it cost? Different certification bodies charge different amounts, but you should expect to pay between £300 and £600 for the basic Cyber Essentials certification.
8.4 If we have multiple offices, can we certify just one? Yes! The boundary of scope would then be limited to that one office. The Cyber Essentials certificate would state that the office that is certified, rather than the entire company.
8.5 What else do I get for my money? As well as peace of mind, you will get a numbered certificate, which lists your boundary of scope. You will also be given permission to display a Cyber Essentials logo on your stationery, website and email signature. It looks like this:
www.certikit.com
Page 19 of 22
