You have landed on this page because you work in the health sector, employ more than 250 people and you either wish to apply for Cyber Essentials Certification or you have been instructed by your customer/funder to meet the requirements prior to being awarded a contract.
As a large organisation your greatest challenge will be scoping your boundary. You can be certified as individual departments/work units/countries if you have a physical boundary to your larger organisations infrastructure. As an easy rule of thumb if the larger infrastructure is infected by ransomware such as Cryptolocker would it infect your work units system. If it would you will need to either add hardware or re-define your scope.
To obtain your certificate you are required to provide evidence, to an accredited certification body, that you meet the Cyber Essentials Requirements. We have made this easy for you by providing a standard questionnaire that asks you the relevant questions, you’ll need to attach some evidence so we’ve provided some guidance notes for you to follow. On completing the questionnaire to the satisfaction of your chosen certification body you will be awarded your Cyber Essentials Certificate.
You can choose your certification body and complete a word doc/pdf here or
If you’d prefer to use an online portal to present your evidence you can choose one here. (the questions are the same)
You may be required to provide further assurance to your customers that you meet the requirements of Cyber Essentials. This is called Cyber Essentials PLUS and involves an audit at your premises, some technical testing as well as the completion of your questionnaire. As this level of assurance needs a site visit costs can vary, so be sure to request quotes from more than one CE+ certification body. All certification bodies test to the same specification and are monitored by ourselves.
If you require assistance you can call on Accredited Cyber Essentials Practitioners to help you implement the requirements. Many already work in the health sector and are familiar with your infrastructure.