In order to adopt good practices in information security, the UK government Department for Business, Innovation and Skills released a government-endorsed scheme called Cyber Essentials in 2014.

Cyber Essentials was developed in collaboration with industry partners such as the Information Security Forum, the Information Assurance for Small and Medium Enterprises Consortium, and the British Standards Institution. On a very basic level, the goal of the certification is to protect company information from internet threats.

The Cyber Essentials certification process requires that there are five technical controls in your company, and in order to pass the self-certification your organisation must meet all of the requirements:

• Firewalls
• Secure Configuration
• User Access Control
• Malware Protection
• Patch Management

Before an independent auditor completes the Cyber Essentials assessment, there is a security vulnerability scan of your IT infrastructure. 74% of organisations have known critical vulnerabilities, leaving the door open to hackers.

Thankfully, Principal succesfully passed the assessment. Showing that Principal is keen to increase data privacy and limit the risk of cyber attacks.