US English (US)
FR French

Contact Us

If you still have questions or prefer to get help directly from an agent, please submit a request.
We’ll get back to you as soon as possible.

Create a Ticket

  • Return to HighGround
English (US)
US English (US)
FR French
  • Home
  • Compliance Manager

Guide to the Cyber Essentials Module

An Overview of this essential Cyber Security Certification for UK Businesses

Contact Us

If you still have questions or prefer to get help directly from an agent, please submit a request.
We’ll get back to you as soon as possible.

Create a Ticket

  • Dashboard
    CEO CTO CFO
  • Technical Drilldown
    Helpful Resources
  • Compliance Manager
    Compliance Status' Helpful Resources
  • Cyber Trend Data
  • Pro Services
    Rewards Buy or Enquire Helpful Resources
  • Cyber KPI's
    Role-Based KPI's Primary KPI's Getting Started
  • Sign Up & Sign In
    Helpful Resources
  • Integrations
    Referrals Guides for Each Tool Helpful Resources
  • Settings
    Notifications Personal Profile System Settings User Management Subscriptions
+ More

Dashboard

Technical Drilldown

Compliance Manager

Compliance Status'

Helpful Resources

  Guide to the Compliance Manager

  Overview of the CyberCompliance KPI

  Guide to the Cyber Essentials Module

  Guide to the Incident Response Plan Module

  Guide to the Information Security Policies Module

  Guide to the Risk Assessment Module

  Guide to the Annual Cyber Review Module

  Guide to the Business Continuity & Disaster Recovery (BCDR) Plan Module

  Navigating an Audit or Review

Cyber Trend Data

Pro Services

Cyber KPI's

Sign Up & Sign In

Integrations

Settings

Table of Contents

What is Cyber Essentials?Cyber Essentials Status'How to Use the Cyber Essentials Module:
Delete

Tip

If you are unsure of what is involved in getting Cyber Essentials certified, review the Official Requirements document by downloading this directly from the Cyber Essentials module in HighGround (use the 'Requirements' button near the top-right of the window). This contains objectives, instructions and examples of each of the technical controls assessed in Cyber Essentials. 

Alternatively, you can get certified or renew your certification with HighGround with our Cyber Essentials Services designed to prepare your IT systems to Cyber Essentials standards, complete and submit your application on your behalf, and get you certified.


What is Cyber Essentials?


Cyber Essentials (CE) is a UK Government-backed scheme run by the NCSC (National Cyber Security Centre) that can help to protect any size organisation from the most common cyber attacks. Most cyber attacks are unsophisticated and untargeted, and it these kinds of attack that Cyber Essentials is designed to protect your business against.

Cyber Essentials is a self-assessment questionnaire that involves 5 technical controls that your IT systems must comply with in order to meet the standard.

To learn more about Cyber Essentials and how your organisation can benefit, you can go to this article.


Get Certified with HighGround

Delete

Info

To learn more about the benefits of Cyber Essentials and the different options available read our article - What is Cyber Essentials and why should I get certified?


Our Cyber Essentials Service will prepare your IT systems to Cyber Essentials standards, as well as make the certification request on your behalf. To purchase this service, follow the steps below:


From the main left-hand menu, go to Pro Services:


This will take you to a page displaying all of the paid services which HighGround offers. Look for Cyber Essentials.




Click on Cyber Essentials. This will open a new window to the side:

Delete

Tip

Apply your Pro-Services credit to save money on this purchase by clicking the blue 'Apply <your credit> Credit' button at the top-right hand corner.

If you would like to learn more before making a purchase, click the Enquire button located toward the top right-hand corner of this window.

  • Basic: this is the Basic Cyber Essentials certificate, which involves a self-assessment questionnaire.
  • Plus: this is the Cyber Essentials Plus certificate, which involves an on-site assessment and vulnerability scan in addition to the questionnaire. 
  • Preparation + Submission: before making your application for certification - we will look at your IT infrastructure and security policies, and reconfigure these to meet Cyber Essentials standards. This ensures your application for certification will not fail, avoiding the hassle and costs of applying a second time.

Once you have selected from the above options, click the Buy Now button to make the purchase. 


And that's it! A notification will get sent to our Pro Services team who will contact you within 24 hours to get started with your certification. 


Delete


Understanding your Cyber Essentials Status'


In order to stay up-to-date and effective, your Cyber Essentials certificate must be renewed yearly, and reviewed every 90 days. The Compliance Status' are designed with this in mind, and will keep you informed on the health of your Cyber Essentials.

To learn more about what your status means, choose the matching icon from the tabs below:

Status' in a default state appear as a blue cross, and indicate that you have not uploaded a Cyber Essentials certificate yet.

Delete

Tip

If you need help with getting Cyber Essentials certified, take a look at our Cyber Essentials Pro Service - designed to prepare your IT systems to Cyber Essentials standards, as well as make the certification request on your behalf.

Delete

Status' in a healthy state appear with a green tick, and the word Certified. Overall, this status indicates that your certificate is in place, and has been reviewed recently.

Specifically, this status indicates that:

  • Your Cyber Essentials certificate has been uploaded, and renewal is not due within the next 45 days.
  • You have reviewed your Cyber Essentials within the last 90 days.
OR 
  • You have just earned your certification in the last 90 days. 

Status' in a warning state will show with an orange exclamation mark and the words Due for Review or Due for Renewal. Overall, this status indicates that your certificate is either awaiting renewal or is due for review.  

Due for Review:

  • Your certificate has been uploaded, but the last review was over 90 days ago.


Due for Renewal:

  • Your certificate has been uploaded, but it is just for renewal in the next 45 days.



Status' in a critical state appear as a red exclamation mark, alongside the words Expired or Review Overdue. Overall, these statuses indicate that your Cyber Essentials certificate has either expired or is overdue for a review.

Review Overdue:

  • It has been over 180 days since your Cyber Essentials was last reviewed.

Expired:

Your Cyber Essentials certificate was not renewed in time and has expired. 


Find your Status Details:


You can see the specific details and reasons for your Compliance Status by hovering over the information icon located at the bottom-left of your certificate:

Doing so will trigger a small information box to appear. This box contains the reason for your status, along with the details:

  • Last Audit: the date you last reviewed your Cyber Essentials.
  • Uploaded: the date you uploaded your certificate
  • Cert Body: the name of the certification body who granted your certificate




How to Use the Cyber Essentials Module:


Managing your Certificate:

 Upload/Download Certificate

Upload your Certificate:


To upload your CE certificate, click either the + icon or up the Upload button located in the box titled Cyber Essentials Certificate. 


This will open a new window to the side:


To attach your certificate, either drag and drop the file from a folder on your PC, or click the words choose a local file to search through your folders for the file you want.

Next, use the drop-down arrows in the CE Certificate Details section to add the details for:

Certification Body: this is the name of the organisation that granted the certificate (not to be confused with IASME who are the sole Accreditation Body for Cyber Essentials).
Date of Certification: the date that the certification was awarded.
Type: whether it is a basic Cyber Essentials certificate, or a Cyber Essentials Plus certificate.

After, click Save.

And that's it! You have uploaded your CE certificate.

Download your Certificate:


To download your CE certificate, click the three dots to the bottom-right of the Cyber Essentials Certificate box, then click Download Certificate.

Your certificate should now be accessible on your device.

And that's it! You have downloaded your certificate.

Update Certificate

To update your Cyber Essentials certificate, click the Update button:

This will open a new window:

To attach your latest certificate, either drag and drop the file from a folder on your PC, or click the words choose a local file to search through your folders for the file you want.

Next, use the drop-down arrows in the CE Certificate Details section to update the details for:

Certification Body: this is the name of the organisation that granted the certificate (not to be confused with IASME who are the sole Accreditation Body for Cyber Essentials).
Date of Certification: the date that the certification was awarded.
Type: whether it is a basic Cyber Essentials certificate, or a Cyber Essentials Plus certificate.

After, click Save.

And that's it! You have uploaded your CE certificate.

Delete

Delete Certificate

Click the three dots to the bottom-right of the certificate, and click the Delete option.


That's it! You've deleted the certificate.


Managing Audits:

Overview of Cyber Essentials Audits


Delete

NOTE

We recommend performing Cyber Essentials Audits every 90 days. This will have a positive impact on your CyberCompliance KPI.

Your IT infrastructure is continually changing - staff changes, new devices and software, and new technologies to solve business challenges to name a few. It is essential that you ensure these comply with the Cyber Essentials standards, otherwise your certification is becoming increasingly meaningless. Performing regular audits of your Cyber Essentials is the best way to do this. 

At a minimum, you will have to perform an annual audit when you come to renew your certification.

At the bottom of the Cyber Essentials module you will see the Cyber Essentials Audit Results section:

Here you can see all your scheduled and conducted audits, along with the following information:

  • Date: the date that the Cyber Essentials Audit was performed.
  • Cyber Essentials Type: the type of certification you hold and are auditing (Basic or Plus).
  • Audit Frequency: the frequency at which you performed the Cyber Essentials Audit. You define this when you perform the audit.
  • Audit Type: 
    • Default: the Cyber Essentials Audit is the default audit provided by HighGround and has not been edited.
    • Custom: the default questions in the Cyber Essentials Audit have been edited, deleted, or new questions have been added. 
  • Results: whether the Cyber Essentials Audit has been Completed or is Incomplete. 
  • Auditor: the name of the person who performed the Cyber Essentials Audit.
Delete

Perform a Cyber Essentials Audit

Navigating Audits in HighGround

At the side of the review window is a progress section. Here you can see the various sections of the review, which sections you have completed, which are incomplete, and which are yet to be viewed:

  • Progress bar: indicates how much of the audit/review you have completed.
  • Blue circle: indicates a section which has not been started yet.
  • Orange tick: indicates the section has been started but is incomplete. This will occur if you leave a section without completing all questions.
  • Green tick: indicates all questions have been answered in this section.


Additionally, you can click on any of the sections to quickly navigate to that stage of the review.


Delete

Once you have uploaded your Cyber Essentials certificate, you will need to audit it at least once every year before renewal. There are three stages within a Cyber Essentials Audit; adding the details, reviewing the questions, and providing a summary.

Follow the steps below to learn how to complete these stages:


STEP 1: Go to Cyber Essentials Audits


At the bottom of the Cyber Essentials window is an area where you can perform your Cyber Essentials Audit:


Click either of the Complete CE Audit buttons located in the centre or top-right of this section. This will open a new window. 


STEP 2: Add the Cyber Essentials Audit Details


In this new window, use the drop-down arrows and text box to supply the following details:

  • Audit Date: the date that you are performing your Cyber Essentials Audit.
  • Audit Frequency: the frequency which you are performing this audit at, for example your recommended 'Quarterly' audit.
  • Cyber Essentials Type: the type of Cyber Essentials certification you are auditing. Certificates come in Basic or Plus variants. 
  • Auditor: the name of the person responsible for conducting the audit should also be added at the bottom. 

After you have added these details, click Next.

INFO

You can save at any time (even if the Cyber Essentials Audit has not been completed yet) by pressing the Save button located towards the top-right of the audit window. You can also get back to the previous stage at any time by scrolling to the bottom of the page and clicking the Previous button.


STEP 3: Review the Questions


Delete

INFO

You can add, delete or edit the audit questions. To add a question, click 'Add Question' at the top-right of the window. To delete a question, click the bin icon next to each question. To edit a question, click the pencil icon next to each question.

You will now see a list of items for you to review.

Read through each question carefully and perform any actions/checks required to answer the question. After, toggle the 'Reviewed' slider to on (blue). 

You may also want to add notes to each question. You can do so by typing in the notes box below the toggle slider.

After you have reviewed all the questions, click the Next button located at the bottom-right of the page.


STEP 4: Complete the Summary


The last stage of the Cyber Essentials Audit involves completing the summary. 

To complete this, you will need to select either Yes or No to the questions (adding notes if relevant), and leave any relevant notes/comments at the bottom.


After completing the summary, click the Complete button at either the top-right or bottom of this window. This will take you to a new window where you will see your completed Cyber Essentials Audit.

And that's it! You have completed a Cyber Essentials Audit.

Add/Edit/Delete the Audit Questions

The audit is fully customisable. Both the number and content of the audit questions may be modified.

Add a Question:


STEP 1: Edit the Audit

If you are already inside the audit currently, skip to the next step!

First, click the three dots to the right of the audit that you want add a question to, and click the Edit option.

STEP 2: Add a Question

Now you can add a question by clicking the Add Question button towards the top-right of the window.


This will open a window where you can write your question, and decide the answer type (options include a Note Field, Yes/No box, or Date/Time selector).

After composing your question, click Add Question.

That's it! You've added a question. 


Edit a Question:


STEP 1: Edit the Audit

If you are already inside the audit currently, skip to the next step!

First, click the three dots to the right of the audit that you want to edit, and click the Edit option.

STEP 2: Edit the Question

Next, select the pencil icon next to the question you would like to edit. 


This will give the option to rewrite the question, or change the answer to the question (by clicking Yes or No). Remember to click Save afterwards to maintain your changes. 


That's it! You've edited a question. 



Delete a Question:


STEP 1: Edit the Audit

If you are already inside the audit currently, skip to the next step!

First, click the three dots to the right of the audit that you want to change, and click the Edit option.



STEP 2: Delete the Question

Now, select the bin icon next the question you would like to delete: 


And that's it! You've deleted a question. 

Delete an Audit

To delete an entire audit, click the three dots to the right of the audit that you want to delete, and click the Delete option.


That's it! You've deleted an audit.

Print an Audit

To print an audit, click the three dots to the right of the audit that you want  to print, and click the Print option.

This will trigger a download of a PDF file (or open it in a browser tab) so you can print the Audit.




upload certificate

Was this article helpful?

Yes
No
Give feedback about this article

Related Articles

  • Overview of the CyberCompliance KPI

    Learn more about how your CyberCompliance is determined

  • Guide to the Compliance Manager

  • Guide to the Incident Response Plan Module

    How to Manage your Incident Response with HighGround

  • Guide to the Annual Cyber Review Module

    How to Perform a Cyber Review with your Board using HighGround

Create Ticket

Reach out to our support team

Open a Ticket

Copyright 2023 – m3 Networks Limited.

Knowledge Base Software by Helpjuice

0
0
Expand