Skip to content

Is Cyber Essentials mandatory for my organization?


Cyber Essentials is a certification scheme developed by the UK Government, offered within APMG’s cybersecurity portfolio. For those of you unfamiliar with the scheme – Cyber Essentials provides a set of requirements for businesses, large or small to measure their cyber security systems against.

Satisfying these requirements means the organization can be confident it’s compliant with basic cyber security best practice – displaying the cyber essentials badge channels that confidence to its customers as well.

Crucially on 1 October 2014 Cyber Essentials was made mandatory for organizations looking to secure government contracts which concern handling personal information and delivering certain ICT products and services.

It is now mandated that suppliers can prove they meet the technical requirements defined in Cyber Essentials when bidding for contracts featuring the characteristics highlighted in the Government’s procurement policy:

  • Where personal information of citizens such as home addresses, bank details, or payment information is handled by a supplier.
  • Where personal information of Government employees, Ministers and Special advisors such as payroll, travel booking or expenses information is handled by a supplier.
  • Where ICT systems and services are supplied which are designed to store, or process, data at the official level of the Government Protective Marking scheme.

The mandate is part of the UK Government’s strategy to reduce the vulnerability of UK businesses and bolster the country’s defences against the prevalent threat of cyber-crime.

Minister for Cabinet Office, Francis Maude said, “It’s vital that we take the steps to reduce the levels of cyber security risk in our supply chain. Cyber Essentials provides a cost-effective foundation of basic measures that can defend against the increasing threat of cyber-attack. Businesses can demonstrate that they take this issue seriously and that they have met government requirements to respond to the threat.”

Francis Maude with APMG CEO, Richard Pharro at DSEI

Francis Maude with APMG CEO, Richard Pharro at DSEI

Ministry of Defence announces Cyber Essentials is mandatory for its suppliers

In further news – the Ministry of Defence announced that as of 1 January 2016 all suppliers to the MOD are also required to comply with the Cyber Essentials scheme. The MOD stated that, “the requirement must be flowed down the supply chain.” So while organizations in direct business with the MOD must be Cyber Essentials certified – it’s mandatory for the other organizations in the supply chain too.

Get Cyber Essentials certified with an APMG Certification Body

APMG appoints its trusted certification bodies to carry out assessments and award the Cyber Essentials badge. APMG currently offers both Cyber Essentials and Cyber Essentials Plus. Getting certified is a straightforward process and APMG’s certification bodies have been rigorously assessed to ensure you’re in safe, expert hands.

You’ll be able to find out more information and contact our certification bodies here.



Posted in Cyber Security.

Tagged with , , , , , .

One Response

Stay in touch with the conversation, subscribe to the RSS feed for comments on this post.

  1. P-c says

    Thanks for this post on Cyber Essentials