How to become a Certification Body
HOW TO BECOME A CERTIFICATION BODY
QG Management Standards is one of five accreditation bodies that has been chosen by Government to set up and manage the certification process. We have introduced two levels of opportunities for businesses who wish to become involved in the delivery of the scheme, Accredited Cyber Essentials (ACE) Practitioners and Certification Bodies.
You can be a Certification Body and also an ACE Practitioner but we state that if you advise a company you cannot certify the same company, this is the first point that differentiates us from other Accreditation Bodies.
QG have now certified over 600 companies to the Cyber Essentials or Cyber Essentials PLUS requirements and have over 130 ACE Practitioners in place. Adding to the Government procurement policy the Ministry of Defence have mandated that ALL their supply chain will require Cyber Essentials as part of their new Cyber Security Controls.
Certification Body Process – QG Management Standards are fundamentally a process audit body, our values are influenced by the ISO suite of standards. Therefore we require you to complete a number of template documents, CE Operating Manual, CE Handbook, Cyber Essentials questionnaire and the CE ISMS manual, The process then is pretty straight forward;
- QG will provide free of charge the Certification Body documents
- QG will invoice for the documentation review fee which is required to be settled prior to the desk top review. We do this so that your investment is minimised if your systems fail to meet the required standard.
- You then send the documents to QG, including your completed Cyber Essentials questionnaire and we will review them. If we have any questions we will contact you.
- We will invoice site assessment fees and agree site visit
- Site visit
- Approval, we will then review your systems within 3 months of delivery.
- If you are applying for Cyber Essentials PLUS you are required to achieve this level of certification (at your own cost) within 12 weeks of becoming a Certification Body.
Certification Body, Cyber Essentials – The Cyber Essentials Certification Body is responsible for verifying and subsequently approving the Cyber Essentials self-assessment submission from customers prior to recommending approval to QG Management Standards. You will be appropriately qualified and experienced in an Information Security/information Assurance field.
Certification Body, Cyber Essentials Plus – The Cyber Essentials Plus Certification Body is responsible for carrying out vulnerability tests to the required standard (as set out in the CE Test Specs), ensuring the tests have been carried out correctly, verifying and subsequently approving the full assessment before recommending approval to QG Management Standards. You will be, or have access to, appropriately qualified penetration testers and be experienced in an Information Security/Information Assurance field.
Certification Body fees;
Non-returnable Assessment fee of your documentation (documenting how you meet the CE CB requirements) – £600
Cyber Essentials Level 1 only – On site assessment and training for up to 4 personnel – £3,400.
Cyber Essentials Level 1 & Level 2 – On site assessment and training for up to 4 personnel – £3,600.
Annual Compliance fee – £950 (due after first year)
Certification fee – £100/certificate issued
All prices are exclusive of vat and reasonable travel and accommodation expenses.
These documents define the standards and methodology required to become a QG Approved Cyber Essentials Certification Body. The documents and associated documentation is available free of charge, just email to firstname.lastname@example.org and we’ll send you more details.
If you are interested in becoming a Certification Body or require up to date advice on choosing a certification body please call QG Management Standards on 01228 6316981 or email email@example.com