CyberSmart

Cyber Essentials Certification

Assisted completion, submission and certification cloud-based web-portal to enable Cyber Essentials Certification.

We provide Cyber Essentials assistance and Cyber Essentials certification. We also deliver Cyber Essentials Plus certification.

Features

  • Rapid certification of Cyber Essentials, get certified within 24 hours
  • Model answers to assist in achieving certification
  • Live support available during business hours
  • Realtime view of certification progress
  • Easy to use dashboard

Benefits

  • Money back guaranteed certification first time, every time
  • Clear and accessible certification questionnaire
  • Easy to use; no specialist IT or cybersecurity knowledge necessary
  • Compliance as a service: only pay for what you need
  • First class customer support

Pricing

£499 per unit per year

  • Education pricing available

Service documents

G-Cloud 11

680670011378978

CyberSmart

CyberSmart

0207 993 6990

hello@cybersmart.co.uk

Service scope

Service scope
Software add-on or extension Yes, but can also be used as a standalone service
What software services is the service an extension to CyberSmart software
Cloud deployment model Public cloud
Service constraints No
System requirements A web browser to access the cloud based platform

User support

User support
Email or online ticketing support Email or online ticketing
Support response times Within 2 hours for both email and online ticketing support:
0900 - 1830 - Monday to Friday (excluding UK (England) Bank Holidays)

Within 24 hours for weekends and Bank Holidays for both email and online ticketing support.
User can manage status and priority of support tickets No
Phone support Yes
Phone support availability 9 to 5 (UK time), Monday to Friday
Web chat support Web chat
Web chat support availability 9 to 5 (UK time), Monday to Friday
Web chat support accessibility standard WCAG 2.1 A
Web chat accessibility testing Both the web-based portal and the agent have been tested to be accessible for visually impaired users.
Onsite support No
Support levels - At nil cost:
-- Full customer onboarding to the web-based administration dashboard
-- Unlimited customer support to satisfactorily respond to technical questions in support of an application for Cyber Essentials
-- Unlimited access during working hours by telephone and web-based ticket portal
-- Unlimited assess during working hours to technical or administrative support to enable an end-user to manage their certification or ongoing compliance
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started Simple onboarding for the system administrator to the web-based portal. 1:2:1 support is available to assist in certification.
Service documentation Yes
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction - User certification is available at any point from the date of the award - in digital and report format
- User-submitted request with data extraction by CSV or PDF
End-of-contract process At the end of the contract:

- Any certificate awarded will remain valid until its date of expiry

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
Application to install No
Designed for use on mobile devices Yes
Differences between the mobile and desktop service No difference between mobile and desktop service
API No
Customisation available No

Scaling

Scaling
Independence of resources CyberSmart utilises an architectural framework that incorporates elastic service provisioning with load balancing

Analytics

Analytics
Service usage metrics Yes
Metrics types - Cyber Essentials certification progress to achieve satisfactory submission for guaranteed certification
Reporting types
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

Resellers
Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Other security clearance
Government security clearance None

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
  • EU-US Privacy Shield agreement locations
User control over data storage and processing locations No
Datacentre security standards Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency At least once a year
Penetration testing approach ‘IT Health Check’ performed by a CHECK service provider
Protecting data at rest
  • Physical access control, complying with another standard
  • Encryption of all physical media
  • Other
Other data at rest protection approach AES 256 encryption at rest, Physical access control, complying with ISO 27001
Data sanitisation process Yes
Data sanitisation type
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
Equipment disposal approach Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data importing and exporting
Data export approach By request and data exported by CSV
Essential administrative systems reporting is available for immediate export by CSV to systems administrators
Data export formats CSV
Data import formats Other
Other data import formats No requirement to import data

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks TLS (version 1.2 or above)
Data protection within supplier network TLS (version 1.2 or above)

Availability and resilience

Availability and resilience
Guaranteed availability CyberSmart will use commercially reasonable efforts to make your CyberSmart services available with a Monthly Uptime Percentage of at least 99.9% during any monthly billing cycle (the “Service Commitment”). Subject to the SLA Exclusions, if we do not meet the Service Commitment, you will be eligible to receive a Service Credit.
Approach to resilience Confidentially, Integrity and Availability ensured through ISO 27001
Outage reporting Public status page available at https://status.cybersmart.co.uk/
Email updates and outage reports posted

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication
  • 2-factor authentication
  • Username or password
Access restrictions in management interfaces and support channels User system Administrator establishes unique user ID, permissions and passwords, and has the ability to enforce two-factor authentication
Access restriction testing frequency At least every 6 months
Management access authentication
  • 2-factor authentication
  • Username or password

Audit information for users

Audit information for users
Access to user activity audit information Users have access to real-time audit information
How long user audit data is stored for At least 12 months
Access to supplier activity audit information Users have access to real-time audit information
How long supplier audit data is stored for At least 12 months
How long system logs are stored for At least 12 months

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification Yes
Who accredited the ISO/IEC 27001 SOCOTEC Certification International
ISO/IEC 27001 accreditation date 08 September 2017
What the ISO/IEC 27001 doesn’t cover Scope is whole organisation. No Non-conformances were identified during the audit.
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security certifications Yes
Any other security certifications
  • NCSC Proving Ground Pilot v2
  • Cyber Essentials

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified Yes
Security governance standards ISO/IEC 27001
Information security policies and processes IS00 Information Security Documents
IS01 Risk Assessment
IS02 Information Security Policy
IS03 Business Continuity & Disaster Recovery
IS04 Data Classification Policy
IS05 Risk Assessment & Treatment Plan
IS06 Asset Register
IS07 Data Protection Policy

Operational security

Operational security
Configuration and change management standard Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach ISO 27001, under Information Security Policy and Project Initiation Document. Compliance team assess the potential impact before implementation. Peer and security team code review, automated testing and audited code tracking allow for the services to be tracked throughout their lifetime.
Vulnerability management type Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach Daily automated vulnerability tests are performed. Manual penetration tests are performed on a regular basis. Users are able to submit potential threats to security@cybersmart.co.uk. Patches are applied immediately via the cloud-based dashboard. Threat information is from multiple sources under a cycle of continuous review.
Protective monitoring type Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach Potential compromises are reported from stakeholders, discovered through automated assessment tools or via manual periodic review. Potential compromises are responded to immediately, following ISO 27001 Security Incident Management Procedure.
Incident management type Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach Incidents are reported from stakeholders, discovered through automated assessment tools or via manual periodic review. Incidents are responded to immediately, following ISO 27001 Security Incident Management Procedure.

Secure development

Secure development
Approach to secure software development best practice Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Public sector networks
Connection to public sector networks No

Pricing

Pricing
Price £499 per unit per year
Discount for educational organisations Yes
Free trial available No

Service documents

pdf document: Pricing document pdf document: Terms and conditions
Service documents
Return to top ↑