Wales mandates Cyber Essentials for suppliers processing personal data

SC Magazine yesterday reported that the Welsh Government have now made it mandatory for third-party suppliers with a ‘moderate’ or ‘high’ level of risk when dealing with sensitive information to be Cyber Essentials certified from 1 April this year.

Of the five levels of risk identified (0 to 4), Cyber Essentials is a requirement from Level 1 upwards. Level 0 is ‘low risk’ and means that no special arrangements are needed when minimal amounts of non-sensitive personal data are processed or where data is in the public domain already, while Level 1 relates to ‘moderate risk’ – where sensitive information may need to be protected. Third-parties at this level would need to adhere to the UK Government’s Cyber Essentials scheme for contracts with low values and small amounts of personal or sensitive data.

Level 2, or ‘sensitive information’, also requires Cyber Essentials, while Level 3 requires Cyber Essentials Plus. Level 4, otherwise known as ‘high risk’ (large nationwide framework contracts), will require IOS27001 together with Cyber Essentials Plus as they are deemed “high value contracts or those with significant amounts of personal or sensitive data.”

Organisations are required to be compliant throughout the term of the contract.

Cyber Essentials is also mandatory for relevant UK government suppliers; the programme won the ‘Editor’s Choice’ award at the SC Awards Europe at the Grosvenor Hotel in Mayfair, London at the beginning of June.

About Cyber Essentials

The UK Government introduced the Cyber Essentials scheme to offer companies of all sizes the chance to demonstrate their commitment to cyber security through independent security certification. The Cyber Essentials scheme has been developed as part of the UK’s National Cyber Security programme in conjunction with industry.

As an IASME-accredited Cyber Essentials certification body, we can provide you with the support and expertise you need to make sure you protect your business and achieve Cyber Essentials certification for your organisation.

We provide three Cyber Essentials Scheme services:

– On-line Cyber Essentials Scheme self-assessment

– Supported Cyber Essentials Scheme self-assessment

– Cyber Essentials Plus assessments

Read more about Cyber Essentials here.

Contact us on 0203 728 6555 or mailto:info@csriskmanagement.co.uk for further information.