All types Page Article White Paper Download
Solutions The best route to security compliance
Hicomply Privacy™ ISO 27001 ISO 9001 ISO 14001 SOC 2 NHS DSPT NIST 800-53 Hicomply GRC™ Services & Customer Support
Platform A powerful suite of ISMS features
Dashboard ISMS Scoping Policy Management Risk Management Information Asset Management Task Management Integrations Hicomply for Enterprises Trust Centre Controls Monitor Hicomply AI
Resources Everything you need to know
Knowledge & Insights Resources Hub Case Studies Sectors Glossary News ROI Calculator
Knowledge Base Learn more about infosec
ISO 27001 Knowledge Base SOC 2 Knowledge Base NHS DSPT Knowledge Base PCI DSS Knowledge Base NIST 800-53 Knowledge Base
Company Security and customers first
About News Partners Careers Contact

Cyber Essentials vs ISO 27001

Choosing the right information security standard is a critical step in securing your business, and the right choice depends entirely on the needs of your business and your customers.

Read More

In this blog post, we take a look at the internationally-recognised ISO 27001 standard, formally known as ISO/IEC 27001, and compare it with the UK government’s Cyber Essentials scheme. We discuss the differences between the two options, and how to identify which one is right for you: Cyber Essentials vs ISO 27001 or maybe both!

Cyber Essentials and Cyber Essentials Plus

This is a UK only standard and there are two levels of Cyber Essentials certification: Cyber Essentials and Cyber Essentials Plus. The difference between these options is that Cyber Essentials is a self-assessed certification, while Cyber Essentials Plus requires technical verification from an independent third party.

Controls

There are five controls that businesses must implement to successfully achieve Cyber Essentials certification, designed to protect devices, services, data and internet connection:

  • Firewalls
  • Secure configuration
  • User access control
  • Malware protection
  • Security update management

The Cyber Essentials scheme is designed to help organisations of any size, from small businesses to enterprise organisations, protect themselves against cyber threats. In addition, some government contracts require Cyber Essentials certification.

In the Cyber Essentials method, the goal is that the five basic controls will reduce the risk of 80% of common cyberattacks being successful against your business. However, it’s important to maintain and update controls as and when necessary to ensure your business protection is sustained.

Cyber Essentials vs ISO 27001 – which is right for you?

If you’re weighing up which information security standard is right for your business, consider the information security requirements of your overall operations and your target markets. Cyber Essentials is often considered a baseline for cybersecurity. As mentioned, implementation of Cyber Essentials can help to protect your organisation against around 80% of cyberattacks, setting up the foundations for security as long as your controls are regularly reviewed.

ISO 27001 requires a higher level of commitment as well as working alongside an external auditor. In line with this, the ISO 27001 framework will enable you to protect all informational and physical assets you identify as part of your information security management system. Prevention is at the core of information security, but reducing the impact of risks occurring is also crucial.

To learn more about ISO 27001 certification and how Hicomply’s software can automate and improve the process for your business, read more in our useful links section – or get in touch to speak to a member of the team. We work with an extensive partner network that can help you achieve either standard.

Useful links