ASSET DISPOSAL

The Cyber Essentials programme has been designed to help protect organisations operating in cyberspace.  It is both size and industry agnostic, although it is found to be very suitable for small/medium size enterprises. 
Cyber Essentials has been designed to mitigate the most common internet-borne threats.
It is part of the UK's National Cyber Security Programme and is now mandatory for any organisation wishing on bid on UK central government contracts.
This guide provides valuable information for any organisation looking to certify against Cyber Essentials.
As a Certifying Body for IASME, Synovum can carry out Cyber Essentials assessments, Cyber Essentials Plus technical audits and a IASME Governance Standard/GDPR readiness audits. 
 
Depending on your requirements, your organisation can be certified against Cyber Essentials, Cyber Essentials Plus and the IASME Governance Standard at the same time.  Please contact us for further information.
 

Data Eliminate provides destruction and disposal services for  hard drives, ICT equipment, media and sensitive electronics.  All destruction and shredding services are certified to ISO 27001: 2005 , ISO 9001 and ISO 14001.  They are are the only one with a shredding and disposal facility in Central London.

 

Please contact us for more information regarding your data/equipment disposal requirements. 

* If initial submission is unsuccessful, advice will be provided as to improvements to be made. Re-verification will then be provided at no additional cost.

Cyber Essentials Plus Certification

This certificate is awarded upon successful completion of an independent technical audit of the organisation.  This technical audit is carried out onsite using industry standard tools.  Please contact us for further information regarding Cyber Essentials Plus certification.

 

CE Test scope

  • Up to one day* of on-site testing including the following: 

  • Audit of externally facing IP addresses at organisational perimeter for potentially exposed ports/services 

  • Vulnerability assessment of web based applications (if used)

  • Desktop/laptop/mobile device vulnerability assessment (patches/updates)

  • Issue of test report and award of Cyber Essentials Plus (subject to successful verification)**

* If more than one day on-site is required, due to organisational size/complexity or as the result of client technical issues, this may result in additional charges being incurred by the client.

** If initial submission is unsuccessful, advice will be provided as to improvements to be made. Re-verification will then be provided at no additional cost.

IASME Governance Standard certification

The IASME governance standard was developed as an affordable and achievable alternative to the ISO/IEC-27001:2013 standard for information management security systems.

It allows organisations to demonstrate that they have formal governance measures in place and that they are taking care of both their own and more importantly their customers' information.

Compliance with the IASME standard can also be viewed as a first step for organisations looking to implement the ISO standard, as many foundation elements are contained within the IASME standard.

The scope of the IASME governance standard covers the following areas and correspond with the NIST Cybersecurity Framework headings:

  • Identify

    • Planning

    • Organisation

    • Assets

    • Assessing the Risks

    • Legal and Regulatory landscape

    • People

  • Protect

    • Policy Realisation

    • Physical & Environmental Protection

    • Secure Business Operations

    • Access Control

  • Detect and Deter

    • Malware and Technical Intrusion

    • Monitoring, Review & Change

  • Respond and Recover

    • Backup and Restore

    • Incident Management

    • Business Continuity,  Disaster Recovery and Resilience

In terms of compliance options, organisations can complete the IASME Governance questionnaire (which includes Cyber Essentials and GDPR-related questions) and carry out a 'self-assessment' which is subsequently verified;  alternatively they can complete the questionnaire and receive an on-site verification audit.  If an organisation passes the on-site audit they are awarded the IASME 'Gold certification'.

The IASME standard compliance 'option' is often included with the Cyber Essentials or Cyber Essentials Plus certification (which requires an on-site visit) or it can be carried out as a separate item following initial certification to Cyber Esentials/Plus.  Please contact us for further information regarding IASME Governance standard certification.

 

IASME standard (self-assessment)

  • Access to assessment portal

  • Verification of questionnaire responses

  • Telephone/email support during certification process 

  • Award of IASME compliance (subject to successful verification)**

IASME standard (on-site audit)

  • Access to assessment portal

  • Formal verification of questionnaire through on-site audit visit (up to one day*)

  • Telephone/email support during certification process 

  • Award of IASME Bronze/Silver/Gold level compliance (subject to successful verification)**

* If more than one day on-site is required, due to organisational size/complexity or as the result of client technical issues, this may result in additional charges being incurred by the client.

** If initial submission is unsuccessful, advice will be provided as to improvements to be made. Re-verification will then be provided at no additional cost.

General Data Protection Regulations (GDPR) readiness

The GDPR is a new set of regulations introduced to ensure data protection and privacy for all individuals within the European Union. It also addresses the export of personal data outside the EU.

The UK's Information Commisisoners Office (ICO) has produced a guide for business to help them ensure that they are compliant with these regulations and can be found here.

 

The GDPR readiness 'option' can be included with the Cyber Essentials or Cyber Essentials Plus certification (which requires an on-site visit) or IASME Governance Standard Audit or it can be carried out as a separate item following initial certification to Cyber Essentials/Plus.  Please contact us for further information regarding GDPR readiness assessment.

© 2019 Synovum Limited