HOW DOES A TRADE ASSOCIATION BECOME A CYBER ESSENTIALS CERTIFICATION BODY ?
QG Management Standards is one of four accreditation bodies that has been chosen by Government to set up and manage the Cyber Essentials certification process. We have introduced two levels of opportunities for businesses who wish to become involved in the delivery of the scheme, Accredited Cyber Essentials (ACE) Practitioners and Certification Bodies.
You can be a Certification Body and also an ACE Practitioner but we state that if you advise a company you cannot certify the same company, this is the first point that differentiates us from other Accreditation Bodies.
QG have now certified over 360 companies to the Cyber Essentials or Cyber Essentials PLUS scheme and have over 130 ACE Practitioners in place. Adding to the Government procurement policy the Ministry of Defence have mandated that ALL their supply chain will require Cyber Essentials as part of their new Cyber Security Controls.
Trade Associations can be involved in the Cyber Essentials Scheme by becoming a Certification Body (Trade Association), buying in the expertise to carry out the assessments and displaying the trade associations logo on the Cyber Essentials Certificate. QG Management Standards will introduce you to Accredited Cyber Essentials Assessors who can carry out the assessments for you.
Certification Body Process (Trade Associations)– QG Management Standards are fundamentally a process audit body, our values are influenced by the ISO suite of standards. Therefore we require you to complete a number of template documents, CE Operating Manual, CE Handbook, Cyber Essentials questionnaire and the CE ISMS manual, The process then is pretty straight forward;
- QG will provide free of charge the Certification Body documents and names of accredited cyber essentials assessors.
- QG will invoice for the documentation review fee which is required to be settled prior to the desk top review. We do this so that your investment is minimised if your systems fail to meet the required standard.
- You then send the documents to QG, including your completed Cyber Essentials questionnaire and we will review them. If we have any questions we will contact you.
- We will invoice site assessment fees and agree site visit
- Site visit
- Approval, we will then review your systems within 3 months of delivery.
- If you are applying for Cyber Essentials PLUS you are required to achieve this level of certification (at your own cost) within 12 weeks of becoming a Certification Body.
Certification Body (Trade Association), Cyber Essentials – The Cyber Essentials Certification Body (Trade Association) is responsible for verifying and subsequently approving the Cyber Essentials self-assessment submission from customers prior to recommending approval to QG Management Standards. You will have access to an appropriately qualified and experienced named individual from an Information Security/Information Assurance field.
Certification Body, Cyber Essentials Plus – The Cyber Essentials Plus Certification Body (Trade Association) is responsible for carrying out vulnerability tests to the required standard (as set out in the CE Test Specs), ensuring the tests have been carried out correctly, verifying and subsequently approving the full assessment before recommending approval to QG Management Standards. You will have access to, individually named, appropriately qualified, vulnerability testers who are experienced in an Information Security/Information Assurance field.
Certification Body fees;
Non-returnable Assessment fee of your documentation (documenting how you meet the CE CB requirements) – £600
Cyber Essentials Level 1 only – On site assessment and training – £2,600.
Cyber Essentials Level 1 & Level 2 – On site assessment and training – £3,600.
Annual Compliance fee – £950 (due after first year)
Certification fee – £100/certificate issued
All prices are exclusive of vat and reasonable travel and accommodation expenses.
These documents define the standards and methodology required to become a QG Approved Cyber Essentials Certification Body. The documents and associated documentation is available free of charge, just email to info@qgbiz.co.uk and we’ll send you more details.
If you are interested in becoming a Certification Body or require up to date advice on choosing a certification body please call QG Management Standards on 01228 6316981 or email info@qgbiz.co.uk