The next stage of evolution for Cyber Essentials

Change is inevitable in life and the same is now true for the Cyber Essentials scheme and the accreditation that sits behind it.

IASME Consortium (IASME) will take over from the start of April as the National Cyber Security Centre’s (NCSC) sole partner for Cyber Essentials accreditation. This change has been made with the desire to simplify the operating model.

The Cyber Essentials certification offers a basic level of protection to organisations looking to minimise their risk of cyber incidents. This protects them internally as well as showing to potential business partners that the organisation in question takes security seriously. Hytec are Cyber Essentials+ certified and offer consultancy services to organisations looking to achieve the certification.

Hytec have been accredited by IASME and are pleased to hear about the move to a single organisation to administer the scheme. We have summarised the changes and how these will affect you in the core of this article. Beyond this we are able to provide additional consultancy for those looking at Cyber Essentials certification.

What exactly will be changing?

Simplicity is the song that the NCSC will be singing in 2020. With the challenges of the future becoming increasingly complex with each passing day, reducing complexity and increasing the speed of the operating model are key considerations. Alongside this will be the introduction of a revised minimum criteria for Certification Bodies and Cyber Essentials assessors, in addition to the introduction of an expiry date on certificates.

Key to all the changes planned is the appointment of an industry partner to work with NCSC. This has been their focus for the last few months and rightfully so, given the responsibility of the role. The final partner as previously mentioned is, IASME, of which Hytec are accredited by in our role as a Cyber Essentials and Cyber Essentials + Certification Body.

“We are extremely excited about the prospect of working in partnership with the NCSC to develop and grow the Cyber Essentials scheme.  We have seen such a positive effect already over the last 5 years where Cyber Essentials has increased the basic levels of security across all sectors. We are so pleased that we can be part of the future developments, working closely with the excellent Certification Bodies, trade bodies, police and other key stakeholders, to ensure further growth of the scheme.”
IASME Chief Executive, Dr Emma Philpott, MBE

How will this affect me?

In the short term it will be business as usual with minimal disruption passed on to customers as possible. The NCSC has stated that whilst the transition period is in operation, accreditation will continue through existing accreditation bodies. This will be a relief for many whose certificates are coming up for renewal.

Behind the scenes of the business as usual front screen, a transition plan is being cooked up. The ultimate ambition for this being for IASME to take over full responsibility for Cyber Essentials delivery in April of this year. It is an ambitious timescale but one that is achievable. A statement that is echoed by the NCSC, “There’s much to do in that time but we’re confident that it is all achievable”.

IASME is reaching out to existing Cyber Essentials Certification Bodies and Accreditation Bodies to update on the transition process and talk through next steps. In addition to this they are running  joint events with the NCSC where representatives will be available to answer the burning questions that suppliers have.

Hytec can help

Hytec Information Security has been an IASME Certification body for some time, specialising in Local Government Cyber Essentials certification. This means that Hytec will not be required to go through any type of re-accreditation process. This is important as it means that there will be no delay in the service that we provide. After the April transition there will likely be some form of short delays for accreditations bodies who wish to offer future services.

These organisations that have been accredited through previous bodies will need to work with IASME in order to move their certifications over. What the exact form of this process will entail or look like will be revealed in the coming months. What is important here is that Hytec are already certified by IASME and will therefore be at the head of the que, able to continue in our role from day one.

If you are looking at Cyber Essentials certification in the coming months then you will have a choice. Yes, you can choose any of the pre-existing organisations that offer Cyber Essentials certifications but you need to consider re-certification. What we mean by this is with certification being moved to one body, the organisation that certifies you this year, may not be in the same position next year. Hytec will be.


Cyber Essentials is an important part of the NCSC’s mission to “make the UK one of the safest places to live and do business online”. We firmly believe this and have been working with multiple organisations to ensure that they reach the government standard. Hytec are certified to Cyber Essentials+ level and have been assessed in this capacity by IASME.

We fully endorse the move to a single organisation to administer the scheme as it simplifies the process and ensures that everyone is certified in a unified manner. We will keep a close eye on the transition as it evolves and ensure that we keep our clients informed as to how the changes will affect them. Being accredited by IASME puts us in a good position for the future to fully support customers.

Challenges associated with cyber security continue to evolve on a daily basis and we need to evolve also. The start of this process is the Cyber Essentials scheme. A baseline of security that puts cyber security within reach of the vast majority of UK organisations to ensure basic protection. The move to a single accreditor ensures that the scheme can be administered quicker and easier and we look forward to working with continuing to work with IASME.