Changes to Cyber Essentials Scheme Operating Model

The NCSC is planning changes to the Cyber Essentials commercial operating arrangements as part of its process to transform its commercial assurance schemes.

Since Cyber Essentials was introduced in 2014 with the support of CREST, the NCSC has been studying the pros and cons of the scheme from an end-consumer perspective. It also conducted a series of consultation workshops earlier this year.

The NCSC believes that one of the key messages from this exercise is that the current operating model is too complicated for a large part of the target audience. As a result, the NCSC has initiated plans to simplify its commercial arrangements.

There are currently five Accreditation Bodies (ABs) that operate the Cyber Essentials scheme on behalf of the NCSC including CREST and the result of this project may result in a reduction in the number of ABs.

The NCSC will be working closely with CREST and other accreditation bodies to agree arrangements for transition and the planned timescale:

1. Expression of Interest issued by the end of September 2018
2. ITT issued by the end of January 2019
3. New commercial arrangements in place by July 2019
4. Existing AB contracts end December 2019

Guidance notes for the transition period will be issued by NCSC by the end of 2018.

CREST will be responding to the Expression of interest with the view to submitting a response to the ITT when it is issued.  In the meantime, we will continue to support our CBs keep them informed with any updated information.  The Cyber Essentials Scheme will continue without any disruption.