Over the past four months, we have had an increase in existing and new clients approaching us for help with complying with Cyber Essentials. This is mainly due to the fact that over the past ten years, Cyber threats have been growing in terms of seriousness and volume. Public and private sector clients are taking a more active interest into what potential service providers are doing to combat cyber threats and what levels of Cyber Security they have in place.
Many tenders, bids, ITTs and Frameworks have a requirement for Cyber Essentials certification. I.e. you cannot be awarded the tender without the certifications. Our team of bid writers is able to assist you to comply with this requirement by securing the certification.
My tender or bid has asked for Cyber Essentials. What is it?
Cyber Essentials is a certification scheme. It helps small, medium and large businesses protect themselves from some of the most common cyber threats. It is supported by both industry, and the government, and therefore it has credibility and is often requested in bids and tenders. It puts in place the standard requirements for security controls which organisations should meet and provides for a framework of how they can meet these requirements.
There are two different levels of certification which your bid or ITT may ask for. The first, is Cyber Essentials and the second is Cyber Essentials Plus. Our team of bid writers is able to assist you with both of these, with Cyber Essentials Plus including penetration testing and a more robust response requirement.
Why do I need to have Cyber Essentials to win public sector contracts in the UK?
There is a strong drive by public sector agencies to mitigate cyber security risks. This is because they handle large amounts of sensitive data, and they need to ensure they have appropriate measures in place. This extends to their suppliers and is why for many frameworks and ITTs, Cyber Essentials accreditation is standard. It is a standard requirement because it enables public sector entities to ensure their suppliers also have adequate cyber security provisions in place.
Generally speaking, for many frameworks, the requirement is that suppliers provide a Cyber Essentials certificate prior to contract commencement. Of course, have it in place and including it as part of your bid great strength and credibility to your bid or tender.
However, it isn’t only the public sector. Many private sector organisations require Cyber Essentials, especially larger organsiations which now see it as a norm. This means that for any business across the UK, in nearly all industries such as defence, medical, construction and community service,
Why should I get Cyber Essentials Certificate and will it help me win tenders and bids?
Yes. Some of the key benefits you will receive from getting the Cyber Essentials Certificate include:
- Ensuring you comply with tender or bid requirements. It will more than likely be a requirement for your tender or bid, especially, if there is the handling of personal data involved in the contract.
- Compliance with contracts requirements. You can be excluded from a contract or have substantial delays for not having the certification. Even if you commit to getting it as part of your tender, you will need to actually get it prior to the commencement date or else you could lose the contract or certainly get off on the wrong foot.
- Add credibility to your business: When looking for new clients and undertaking general marketing, especially for government but also private clients, having the Cyber Essentials Certificate will help by adding credibility to your business and enhance your reputation.
- Practically protect your business and reduce the risk of Cyber Threats. This is what it is all designed for, and when you are required to complete to for a bid or tender, it’s a good opportunity to actually take practical steps to protect your business and at least defend your business against the most common threats.
Maintaining your Cyber Essentials Certification
It is also important to maintain your Cyber Essentials Certification. This takes a consistent, medium to long term effort. That’s because you will need to conduct updates, patches, train staff and ensure the integrity of your system. However, it’s helpful and will ensure you:
- Maintain continued GDPR compliance
- Comply with any Cyber Insurance requirements
- Limit the risk of any Cyber Attacked.
How do I get Cyber Essentials Certification quickly for my bid or tender to comply?
You need to complete the self-assessment for the basic version of have an independent assessment carried out for Cyber Essentials Plus. Our team of bid writers can assist you with completing the self-assessment to ensure you qualify for the Certification. You will then be awarded a Certificate with 12 months validation.
Our team can assist you to comply with both requirements and get certified. Our bid and tender writers also have strong experience writing bids and tenders including completing security and cyber security questionnaires as part of the bidding and framework application process.
We are increasingly seeing more and more tenders and bid we are working on asking for Cyber Essentials especially in the last four to six months. The Cyber Essentials programme is overseen by an organisation called IASME and it covers questions such as:
- Can services be accessed externally from your router?
- Have all default passwords been changed for user and admin accounts?
- Are all high-risk or critical security updates installed within 14 days of them being released?
- Is 2FA enabled on all admin accounts?
How hard is Cyber Essentials to get for a tender or bid?
If you have excellent and highly proactive cyber security in place than it can be straight-forward although we are yet to see a client meet all the requirements. We wouldn’t call it a very difficult process, but it does take time and you may need some assistance completing it.
It generally depends on your size and type of risks, however, it’s certainly possible and we have helped businesses of all shapes and sizes get certified.
It is possible to do it yourself. If you are struggling, give our team of bid and tender writers here at Tsaks Consulting a call and we will assist. We help businesses across the UK such as in London, Birmingham, Manchester, Leeds, Bristol and Glasgow write winning bids and tenders and comply with Cyber Security requirements.