UK Cyber Essentials Plus

UK Cyber Essentials Plus overview

Cyber Essentials is a UK government-backed scheme designed to help organizations assess and mitigate risks from common cyber security threats to their IT systems. It identifies security controls for an organization to have in place within their IT systems. Cyber Essentials scheme is a requirement for all UK government suppliers handling any personal data. The Cyber Essentials badge helps an organization demonstrate the ability to:

  • Identify potential risks to help organizations better protect against common cyber threats.
  • Demonstrate an organization has adopted the proper security controls to protect customer data.
  • Become compliant with UK government expectations for Cyber Security Essential requirements and eligible to bid for UK government contracts.

The Cyber Essentials Scheme is designed for UK government suppliers to identify potential weaknesses in their IT systems and software that could exploit customer data. The scheme assurance framework has defined two different levels of certification:

  • Cyber Essentials is the first level and includes a self-assessment for organizations to check the most important IT security controls of their IT infrastructure. The responses are independently reviewed by an external certifying body.
  • Cyber Essentials Plus offers the same controls coverage as Cyber Essentials and also includes additional assurance by carrying out systems tests of implemented controls through an authorized third-party certifying body.

Azure and UK Cyber Essentials Plus

Microsoft Azure has attained the Cyber Essentials Plus badge and meets the requirements outlined in the Cyber Essentials Scheme. Azure production systems are frequently tested and audited to provide evidence of an industry-leading compliance portfolio.

Applicability

  • Azure

Audit reports and certificates

You can download the Azure and Dynamics 365 Cyber Essentials Plus certificate and compliance report from the Service Trust Portal (STP) Regional Solutions section for the UK. You must login to access audit reports on the STP. For more information, see Get started with the Microsoft Service Trust Portal.

Alternatively, you can download the certificate and compliance report from the Azure portal by navigating to Home > Security Center > Regulatory compliance > Audit reports or using the following direct link (login required):

You must have an existing Azure subscription or free Azure trial account to download Cyber Essentials Plus audit documents.

Resources