Compliance & Accreditation Schemes

Compliance & Accreditation Schemes

The information security industry has evolved significantly in recent years; to ensure its continued improvement, government and regulators are continuing to introduce schemes and frameworks that your organisation may need to comply with.

Context are accredited by a number of these schemes to provide the services to ensure your organisation meets the necessary standards. 

Cyber Essentials & Cyber Essentials Plus

The UK Government's Cyber Essentials scheme is designed to make the UK a safer place to conduct business online. The Cyber Essentials scheme identifies some fundamental technical security controls that an organisation needs to have in place to help defend against internet-borne threats. Context is an IASME Consortium licensed Certification Body for the Cyber Essentials and Cyber Essentials Plus Scheme.

The scheme consists of 5 baseline controls that businesses should have in place as their presence reduces the risk of data breaches from internet based attacks. 

These five controls are: 

  • Boundary Firewalls
  • Secure Configuration
  • Access Control
  • Malware Protection
  • Patch Management

Being certified for Cyber Essentials is now mandated for businesses that require access to UK Government information.

The Cyber Essentials scheme has two parts:

  1. Cyber Essentials - This first stage consists of a questionnaire to ensure best practice is in use for internal processes. Once this stage has been passed the organisation will be Cyber Essentials certified.
  2. Cyber Essentials Plus - The second stage encompasses a detailed assessment of your infrastructure, with detailed examination of the technologies and servers in use within the organisation. Once an organisation has demonstrated that they have created a secure environment they will be Cyber Essentials Plus certified.

By offering the Cyber Essentials Plus assessment Context can ensure that organisations undergoing the program have a smooth journey toward certification. It is our goal to encourage all our customers to undergo this program and reach Cyber Essentials Plus certification. This assessment offers a higher level of assurance than the foundation Cyber Essentials assessment alone as it entails both an onsite and remote verification that controls have been met, and is an important step toward establishing good information security practices that meet business needs.

Businesses that satisfy the verification requirement will be issued a certificate demonstrating they meet the criteria. The certificate is valid for a maximum of a year. Re-certification may be required in the event there are changes to the environment.

Further detail of the Cyber Essentials scheme, are available here

CREST STAR Assessments

Simulated Target Attack and Response (STAR) services represent a platform for financial services and critical national infrastructure businesses to share threat and intelligence systems. The assessments or tests are primarily threat intelligence-led penetration tests and are considered to be the most realistic form of assurance service within the sector.

The test takes threat intelligence information to deliver highly targeted attacks against an organisation to simulate sophisticated threat actors, our consultants then deliver realistic attack simulations. These simulations provide assurance that organisations have appropriate countermeasures and responses to detect and prevent cyber-attacks.

Context has been performing simulated targeted attack and response engagements for global clients for several years. Using real-world data about attackers from our Response team, we perform focused and realistic exercises that map to sophisticated attacks. 

STAR assessments allow Context to identify weaknesses that go beyond the technical vulnerabilities typically found in a penetration test, and to assess an organisation's overall capability to prevent, detect, and respond to a compromise. 

NCSC CHECK IT Health Check

A NCSC CHECK IT Health Check (ITHC) identifies vulnerabilities in HMG IT systems and networks to assure the confidentiality, integrity or availability of information held on that IT system. Using certified testers who are regularly assessed to validate their penetration testing knowledge and capability, an ITHC is as much about risk assessment as it is penetration testing, and assesses the security posture of the environment as well as the data stored within.

Context has one of the UK’s largest pools of CESG CHECK certified penetration testers.

GDPR Compliance

Our team can also advise on all aspects of GDPR compliance, from data management and classification, to key control maturity assessments.

CREST
CREST STAR
CHECK IT Health Check Service
CBEST
Cyber Essentials
CESG Certified Service
First - Improving Security Together
BSI ISO 9001 FS 581360
BSI ISO 27001 IS 553326
PCI - Approved Scanning Vendor
NCSC CCSC - Assured Service Provider
ASSURE Cyber Supplier - CAA