The First Step in Securing Your Supply Chain is Cyber Essentials
Get your own FREE certification and 5% off RRPs with our fully managed Supply Chain Certification Service.
Traditional linear supply chains are no more. The complex webs we work in mean we’re more connected than ever, but this leaves many points of vulnerability for threat actors to exploit. If your suppliers are not secure, neither are you.
You need to establish a baseline level of security for each of your suppliers in order to protect your entire business ecosystem – but how do you do this?
The Cyber Essentials certification provides a clear-cut, affordable way for suppliers to reduce cyber risk and demonstrate a good level of cyber security that adheres to a nationally recognised Government standard.
Multiple certification options mean you can tailor your requirements to the level of risk of each supplier, ensuring you establish the best defence for your supply chain.
How it works
Step 1: Get in Touch
Get in touch with the CTS team and we'll arrange a preliminary discussion around your supply chain and your specific needs and requirements.
Step 2: Engage Suppliers
We'll work with you to establish which certification each of your suppliers should obtain (see below) and how you can introduce this as the baseline security requirement for working with you.
Step 3: Secure Your Supply Chain
Through our fully managed service, your suppliers can achieve their required certification quickly and easily, while your personal account manager provides regular reporting of your suppliers' progress.
How do I choose the right certification for my suppliers?
The certification your supplier should obtain will depend largely on the frequency you do business with them, as well as the nature of the data flow between your business and theirs.
Almost all suppliers will be at least moderate risk if you work with them semi-regularly or share your data with them (e.g. You pay them electronically), and these will require the standard Cyber Essentials certification. However, more immediate suppliers will likely have more access to your systems and may be sharing your data with their own clients or suppliers (e.g. Your accountants liasing with HMRC), putting them in the ‘High Risk’ category. We recommend Cyber Essentials Plus for these suppliers. For the extremely ad-hoc supplier, the PDSC ‘Digitally Aware’ certification is usually sufficient, though we recommend supplementing this with CE as an extra precaution.
Why Should I Protect My Supply Chain?
Reduced Cyber Risk
Increasing security levels to meet the Cyber Essentials standard at every possible entry point for a cybercriminal significantly reduces risk of supply chain attacks.
Fully Managed Process
Cyber Tec takes care of the whole certification process with full technical and customer service support given to your suppliers. Securing your supply chain couldn't be easier.
As part of Cyber Tec's Supply Chain Security service, you will get your own company's Cyber Essentials Basic and Plus certifications completely free of charge.
Thanks to proprietary technology, all our Cyber Essentials assessments are done completely remotely with no need for on-site visits. This makes the process quick and straightforward!
Multiple Levels of Certification
Cyber Essentials won't necessarily be enough for every supplier you work with, but with the option of Cyber Essentials Plus, you can tailor security requirements depending on the level of supplier.
Enhanced Suppliers Relationships
Establish relationships of trust with your suppliers by helping to protect both your supplier's systems and data as well as that of the larger supply chain. Ultimately, you're a team with a shared interest in being secure.
View certification pricing for your suppliers below:
- PDSC Digitally Aware
- Cyber Essentials
- Cyber Essentials Plus
'Digitally Aware' UK Police Certification
Your supplier can demonstrate a good understanding of cybersecurity best practice and get Police recognition for their efforts by achieving PDSC’s ‘Digitally Aware’ certification.
Cyber Essentials Self-Assessment
The basic self-assessment can be taken by the organisation’s IT department but answers won’t be reviewed by us before submission.
Cyber Essentials Guided Assessment (recommended)
Assessment answers will be reviewed by us so your supplier can have any issues remediated to ensure that they pass first time.
One Fixed Price (Includes Unlimited Locations)
Cyber Essentials Plus Pre-Assessment
Your supplier can purchase a Pre-Assessment before the Cyber Essentials Plus assessment to identify and then remediate issues, assuring a successful certification.
Cyber Essentials Plus Certification
Certificate from verified assessment will allow your supplier to prove that their business is secure and is aligned with the Five Critical Security Controls.
FIXED PRICE FOR MULTI-LOCATION
For some supply chains, where your supplier is dealing with highly sensitive data and poses a very high security risk to your organisation and supply chain as a whole, you may require something more than certification as your minimum security baseline.
Our fully managed services of Compliance and SOC & SIEM will allow your supplier to go beyond the annual certification and give their business an elevated level of security. The Compliance solution will monitor your supplier’s systems daily, ensuring they are constantly aligned with the Cyber Essentials Plus standard, while SOC & SIEM goes even further with full threat detection and endpoint protection.
Get in touch with us today if you would like to discuss these high-level security solutions for your suppliers.
Protect Your Supply Chain with Cyber Essentials
Understand the key security risks your supply chain faces and the NCSC’s (National Cyber Security Centre) recommendations for supply chain security.
You can download and read this document for free here.
Frequently Asked Questions
There are of course a multitude of cybersecurity tools and services out there that could offer protection against attacks. However, this can come later. Cyber Essentials is recognised by the Government as a good standard of cybersecurity so it is a good baseline to be met first – get certification sorted, then look to build and improve on your supply chain security with additional software and services, such as Compliance and SOC & SIEM.
The level of security risk will determine this and we can provide you with guidance and support in making these decisions. In general, we would recommend Cyber Essentials Plus for regular suppliers who share your data with their own suppliers, subcontractors and clients (e.g. accountants, lawyers, distributors), but basic Cyber Essentials is likely enough for the vast majority of your suppliers. If you have suppliers in your network that you only work with once a year or so and are very low risk, consider setting the Police ‘Digitally Aware’ certification as a baseline. There will of course be other factors to consider but Cyber Tec Security will work closely with you to ensure each supplier is categorised correctly.