Expert advice from Teamwork Technology: Cyber Essentials and its relevance to the life science sector
Cyber Essentials and its relevance to the life science sector
Businesses involved in the life science sector and its supply chain will almost certainly have valuable Intellectual Property, sensitive and/or personal data that could be either their own or their customers. This data and I.P. is highly vulnerable to cyber crime if adequate awareness and security measures are not in place.
A supplier can also be a vulnerable entry point to a major client, why attack the harder target of the R & D department of a major drug company if you as one of their service providers are an easier target?
As well as the deliberate and orchestrated attempts to commit cyber crime, data and I.P. can be also at risk from the inadvertent user mistake due to a lack of knowledge leaving it wide open to any opportunist, or at the very least the reputation and credibility of your business could be lost, resulting in loss of business and limited success of gaining new customers if it is known you have suffered a breach.
In addition, the introduction of the General Data Protection Regulation (GDPR) from the European Union in 2015/16 will impose serious legal responsibilities to all enterprises that hold any personal data. The GDPR is considerably more substantial than its predecessor, the Data Protection Act (1998).
Rising levels of reported cyber crime have led to the UK Government introducing the Cyber Essentials (CE) certification scheme in 2014, it is a culmination of a universal risk assessment for a typical UK enterprise and produced a blue print of basic security measures that are simple, achievable and yet protect against 80% of recorded cyber incidents reported in the previous 2 years. It is not designed to protect against an all out attempt, but represents a basic level of security and measures that a business should adopt and is appropriate.
Cyber Essentials Certification takes two forms:
- Basic certification (Online self-assessment) provides a basic level of confidence that an organisation has implemented cyber security controls effectively.
- Plus Certification (Audited) at this level tests whether the organisation’s implemented controls are sufficient to protect against internet based threats.
Cyber Essentials is going to be a key requirement in the supply chain; because it comes from the UKGov it is seen by many as a credible stamp of approval that Information Assurance is taken seriously even if it is at only a basic level. Notably all arms of Government, including the Department of Health and the NHS, and many large private organisations that have themselves gone through the process, will require this certification from anyone in their supply chain.
What are the benefits of certification?
- Licence to tender for contracts that specify that companies must be Cyber Essentials certified
- Improved reputation and customer trust
- Legal compliance – from 1st October 2014, the UK Government requires all suppliers bidding for certain sensitive and personal information handling contacts to be certified against The Cyber Essentials Scheme.
- Proven business credentials – through independent verification against recognised standards
- Ability to win more business – particularly where procurement specification require certification as a condition to supply
Teamwork Technology Services is Cyber Essentials certified and can provide advice and support for your Cyber Essentials Certification. If you want to know more, please call 08000 803003 or email email@example.com