Cyber Essentials & ISO27001

Why organisations still need Cyber Essentials certification, even if they have ISO27001?

It is a question we are often asked, “does a business still need Cyber Essentials certification if they have ISO 27001?”. Businesses sometimes presume that if they have undergone ISO 27001 certification they will not need the seemingly less complex Cyber Essentials controls. 

The reality is, Cyber Essentials is still essential for companies who hold ISO 2700 because, at its heart, ISO27001 is a risk management certification. This means that an organisation decides, after examining its information security risks, which security controls they are going to implement. The organisation may choose to put in place a different set of controls to those in Cyber Essentials and may decide to accept the risk of not implementing certain Cyber Essentials controls.

ENS can help guide you through the Cyber Essentials audit process and gain accreditation in this excellent programme.