What You Need To Know
Defining the scope of your business can be difficult and is sometimes the hardest section of the Cyber Essentials Scheme to complete. With the information provided in this section we aim to make this as easy as possible for you and your business.
Before both of the Cyber Essentials Scheme’s can be tested for the business and certification must agree on the scope of the business before any of the testing may begin. This only has to be completed once as it will be the same for either of the Cyber Essential Schemes.
All systems and devices that can connect, or are capable, to the internet must be included. These systems include Desktop’s, Laptop’s, Tablet’s, Smartphones and any email or web servers that the business may have.
Not all of the businesses systems are to be included when working out the scope of the business. These systems are usually more bespoke systems that include Programmable Logic Controllers (PLC), Point of Sales (POS) and Pin Entry Devices (PED).
The Scope is the mutually agreed boundary perimeter for examining the security posture of your IT infrastructure with the goal of certification. IT systems out-of-scope will not be tested for certification.
The Cyber Essentials Scheme covers the basics of cyber security in an organisation’s enterprise or corporate IT system. Implementation of these controls can significantly reduce the risk of common but unskilled cyber-attacks. For many organisations, Cyber Essentials will become a practical component of regular cyber security posture checks.