The British Standards Institution (BSI) has been accredited by CREST as a certifying body for the UK Government’s Cyber Essentials Scheme. CREST is the not-for-profit professional body that represents the technical information security industry and worked closely with CESG (the information security arm of GCHQ) to develop the technical assessment framework for Cyber Essentials and Cyber Essentials Plus.
Chris Lewis, certification director at the BSI, commented: “We’re delighted to have been accredited by CREST for the UK Government’s Cyber Essentials Scheme. Any organisation involved in the Government’s procurement processes for contracts that involve handling sensitive and personal information will need Cyber Essentials. We’re looking forward to helping our customers provide a greater level of security and confidence in their organisations through certification.”
Ian Glover, the president of CREST, added: “By becoming CREST accredited, BSI is now able to assess businesses against the Cyber Essentials industry standards and issue Cyber Essentials and Cyber Essentials Plus certificates. This is a really logical extension to the existing BSI security certification processes. The combination of ISO 27001 and Cyber Essentials provides a much higher degree of confidence in the management and basic technical security controls.”
Glover concluded: “In order to become a certification body, BSI has been through a rigorous process and has demonstrated that the organisation possesses the skills and expertise to qualify and certify businesses to the Cyber Essentials standard.”
Technical information security sector
CREST provides internationally recognised certifications for organisations and individuals providing penetration testing, cyber incident response and security architecture services.
Member companies undergo a rigorous assessment and certification process that looks at methodologies, legal and regulatory standards, staff vetting and data handling.
CREST-qualified individuals have passed challenging professional level examinations that demonstrate their knowledge, skill and competence. Company assessments and individual qualifications are underpinned by a strict and enforceable Code of Conduct.
CREST has member companies in a number of countries and a formally established Chapter in Australia
The CREST Cyber Security Incident Response Scheme is endorsed by GCHQ and the Centre for the Protection of National Infrastructure and focuses on appropriate standards for incident response from all sectors of industry, the public sector and academia. In addition, the CREST Security Architecture examination is formally recognised under the UK CESG Certified Professional Scheme.
In tandem with CESG, CREST has developed a technical assessment and certification framework for the new Cyber Essentials scheme. Cyber Essentials is a groundbreaking initiative from the UK Government, introducing an entry-level cyber security standard for organisations.
The CREST assessment and certification for Cyber Essentials balances security and affordability to enable widespread adoption of the scheme by organisations of all types and sizes. Working alongside the Bank of England, CREST has developed a framework to deliver controlled, bespoke, intelligence-led cyber security tests that replicate behaviours of those threat actors assessed by Government and commercial intelligence providers alike as posing a genuine threat to systemically important financial institutions.