Cyber Essentials certification – Ashtons takes protecting your data extremely seriously
With the General Data Protection Regulation (GDPR) having come into effect on 25th May 2018, Ashtons, like many other companies, has been ensuring we are fully compliant with all new data protection laws.
Along with this, we have invested time and resources into ensuring that our cyber security is tighter than ever, so our customers can be reassured their data is safe. Ashtons is now proud to announce that we have achieved the Cyber Essentials certification, which is a UK government-backed scheme.
What is the Cyber Essentials certification?
The Cyber Essentials body describes the certification as ‘helping you to guard against the most common cyber threats and demonstrate your commitment to cyber security’. In order to gain the certification, Cyber Essentials had to check that we had appropriate IT infrastructure in place, quizzed us on our IT procedures and requested various forms of evidence to back this up.
Organisations that handle sensitive and personal information or provide certain technical products and services for government contracts are required to have Cyber Essentials certification.
Once Cyber Essentials has agreed that you have suitable IT infrastructure and take cyber security seriously, they will award the certification. After going through this process, Ashtons is now Cyber Essentials certified.
What are the requirements for IT Infrastructure?
To achieve the Cyber Essentials certificate, a company needs to comply with the requirements for IT infrastructure. There are five requirements which include:
Firewalls – every device associated with the company must be protected by a correctly configured firewall.
Secure configuration – there must be continual active management of computers and network devices. This includes removing old user accounts promptly, removing redundant software no longer used and ensuring passwords of an appropriate strength are used.
User access control – user accounts must be assigned only to authorised individuals, with access provided only to those applications, computers and networks necessary for the user to perform their role.
Malware protection – known malware and untrusted software must be restricted to prevent harmful code from causing damage or accessing sensitive data.
Patch management – devices and software must not be vulnerable to known security issues for which fixes are available.
How does this benefit our clients?
Increasing cyber security is always going to be beneficial for any client, but it is even more pertinent to have extra protection for health data. At Ashtons, we have always prided ourselves on keeping data secure, but this Cyber Essentials certification gives our cyber security the seal of approval from industry experts.
Overall, the Cyber Essentials certification should give our clients confidence that Ashtons has been certified cyber secure and takes protecting your data extremely seriously.