Get in touch

Get in touch

  • This field is for validation purposes and should be left unchanged.

Privacy Notice

X

When you submit an enquiry via our website, we use the personal data you supply to respond to your query, including providing you with any requested information about our products and services. We may also email you several times after your enquiry in order to follow up on your interest and ensure that we have answered your it to your satisfaction. We will do this based on our legitimate interest in providing accurate information prior to a sale. Your enquiry is stored and processed as an email which is hosted by Microsoft within the European Economic Area (EEA). We keep enquiry emails for two years, after which they are securely archived and kept for seven years, when we delete them.

Reveal Menu

Cyber Essentials Updated for 2022

On January 24th we saw some changes to the Cyber Essentials certification requirements.  Some current requirements are being strengthened, a new requirement has been introduced and we are made aware of 3 new requirements to be introduced in 12 months’ time.

These changes comes in the wake of the continuing growth of cybercrime in the form of phishing attacks, database hacks, and malware attacks.  Last year data breaches costs increased from £2.83m in 2020 to £3.11m in the UK and cybercrime was expected to peak at £4.4 trillion worldwide. The implementation of Cyber Essentials can reduce the chances of a successful attack against your systems and data.

Cyber Essentials toolkit updated logo

What are the changes in this update of Cyber Essentials?

The new changes enhance section 2 – Secure Configuration, and focus on cloud provided services, whether this is Infrastructure as a Service (IaaS), Platform as a Service (PaaS) or Software as a Service (SaaS).

There is also more emphasis on mandatory Multi Factor Authentication (MFA) where available, and the requirement strengthens the usage of MFA for access to user and administration accounts where possible.

What’s new in the Toolkit?

Version 4 of CertiKit’s Cyber Essentials Toolkit incorporates these new changes and has a new document to record Cloud Services. The Password Policy has undergone significant review in line with the latest requirements and recommendations for cloud-based access by users, and MFA password configuration for cloud-based systems access.

The Cloud Services Register, with an example provided, is used to record Cloud Services used by the organization. This document covers several requirements that are a part of the latest Cyber Essentials update and will make it easier for an organization to show evidence for certification.

Brand new documents

  • Cloud Services Register: Document to record the cloud services that are used within the organization, the type of service, the name of the service provider and if MFA is available for admin or user accounts.
  • EXAMPLE Cloud Services Register: A populated example showing different types of cloud services, cloud providers and whether MFA is available.

 


More Cyber Essentials Resources

CertiKit is a provider of document toolkits and has helped more than 4000 organizations worldwide with their compliance.

For more guidance on implementing the Cyber Essentials scheme, we’ve put together a list of our best free resources including sample documents, blogs and downloadable documents.

Free Cyber Essentials Resources

We’ve helped more than 7000 businesses with their compliance

Testimonials

The documents are perfect. The money was well spent.

Moveltix OOD
Bulgaria

View all Testimonials