You have landed on this page because you work in the defence industry and employ more than 250 people. It is likely that you are bidding for a contract directly with the MoD or within the MoD supply chain and you have been asked to achieve Cyber Essentials or Cyber Essentials PLUS as part of that procurement process.
Scope
As a large organisation your greatest challenge will be scoping your boundary. You can be certified as individual departments/work units/countries if you have a physical boundary to your larger organisations infrastructure. As an easy rule of thumb if the larger infrastructure is infected by ransomware such as Cryptolocker would it infect your work units system. If it would you will need to either add hardware or re-define your scope.
To obtain your certificate you are required to provide evidence, to an accredited certification body, that you meet the Cyber Essentials Requirements. We have made this easy for you by providing a standard questionnaire that asks you the relevant questions, you’ll need to attach some evidence so we’ve provided some guidance notes for you to follow. On completing the questionnaire to the satisfaction of your chosen certification body you will be awarded your Cyber Essentials Certificate.
You can choose your certification body and complete a word doc/pdf here or
If you’d prefer to use an online portal to present your evidence you can choose one here. (the questions are the same)
You may be required to provide further assurance to your customers that you meet the requirements of Cyber Essentials. This is called Cyber Essentials PLUS and involves an audit at your premises, some technical testing as well as the completion of your questionnaire. As this level of assurance needs a site visit costs can vary, so be sure to request quotes from more than CE+ one certification body. All certification bodies test to the same specification and are monitored by ourselves.
If you require assistance you can call on Accredited Cyber Essentials Practitioners to help you implement the requirements. Many work as contractors in large organisations and are familiar with a broad range of systems.