FAQs
In here you’ll find our frequently asked questions. If you don’t find your answer please contact us.
Cyber Security FAQs
Cyber security solutions are not a one size fits all. Businesses need a layered approach to defence, monitoring and remediation.
Cyber security doesn’t have to be as difficult to manage and understand as most organisations think; we will guide you through best practices and solutions that will leave you better equipped to deal with the threats to your organisation.
We unfortunately live in a time where all businesses, regardless of size or industry sector are at risk, whether directly or indirectly.
Whilst larger organisations are more likely to have technology, expertise, and processes in place to protect themselves against cyber-attacks, this isn’t always the case. Smaller businesses are less likely to have the necessary resources and so may find themselves at greater risk of attack from hackers.
Without the proper protections in place, this can increase the risk of attack as it opens up a number of factors and vulnerabilities. Employees may be working on unsecured networks or in locations such as coffee shops.
Every business it at risk of a cyber-attack. Cyber criminals will regularly send out completely random attacks such as a phishing email for example. All it takes is one click and your business may be at risk from compromise.
Cyber Resilience Audit FAQs
There are two CAF Profiles
- The Baseline (sometimes called Basic) Profile is sector-agnostic and defines a suggested target level for each of the CAF outcomes. This Profile represents a level of cyber resilience matched to basic attacker capability and unsophisticated threats.
- The Enhanced CAF Profile is a more tailored, sector-specific target level for the CAF outcomes. It corresponds to a level of cyber resilience matched to a moderate attacker capability moderately sophisticated attack.
It is primarily designed for organisations operating within Critical National Infrastructure such as Energy, Transport, Government, Healthcare and Digital Infrastructure. However, it can be used by any organisation of any size.
Yes, the CAF is an outcome-based assessment that can be scaled to the size of your organisation to evaluate and improve your cyber resilience.
Virtual CISO as a Service FAQs
A virtual Chief Information Security Officer provides oversight and strategic leadership in information and cyber security. Our service gives your organisation access to security expertise from a trusted advisor who will work with your team to provide strategic risk management and assurance activities across people, process, and technology.
In our experience, small and medium organisations do not always have the requirement for a full time CISO, but still require strategic leadership across the business to advise on risk and oversee governance and regulatory compliance in relation to information and cyber security.
A vCISO can optimise security plans and move from a tactical position to a more strategic one.
Yes, you will have an experienced consultant working with you throughout our time together, offering their extensive expertise and capability.
At our initial discussion we will establish your requirements and then agree a subscription model that will be tailored to your needs. This flexible and cost-effective approach is unique to the specific needs and goals of your organisation and budget.
Our service is flexible and will be based on our understanding of your business and your requirements. We have customers that have the service for an ongoing number of days per month or for the duration of a project. It can be scaled too, if your business grows.
Security Manager as a Service FAQs
You may not have the requirement to have a full-time Security Manager in place. Our service gives you the flexibility and access to a dedicated and experienced consultant to help manage information and cyber risk across your organisation whilst providing governance and regulatory assurance.
Yes, you will have a dedicated and experienced consultant with up-to-date knowledge of the latest standards, regulations, and technologies.
At our initial discussion we will establish your requirements and then agree a subscription model that will be tailored to your needs. This flexible and cost-effective approach is unique to the specific needs and goals of your organisation and budget.
Our service is flexible and will be based on our understanding of your business and your requirements. We have customers that have the service for an ongoing number of days per month or for the duration of a project. It can be scaled too, if your business grows.
Defence Cyber Certification
This will be decided by the MOD and details provided for each contract offered.
The scope of the certification concerns the cyber resilience of the critical business operations of your organisation. All parts of your business that are essential for you to operate must be included within the scope.
There is no defined timescale for how long it may take. This depends on:
- The preparedness of the applicant.
- Whether the applicant needs to remediate any gaps before applying.
- The availability of the CB to carry out the assessment.
The certification lasts three years, but an annual attestation will be needed to maintain the certificate, along with annual recertification to Cyber Essentials or Cyber Essentials Plus.
Cyber Essentials FAQs
By having Cyber Essentials certification, you will be more protected against the most common security threats. It helps build trust with customers by demonstrating that cyber security is important in your organisation. All certified organisations are listed on the NCSC’s certification database. It also strengthens your supply chain. Finally, having Cyber Essentials will also allow you the opportunity to bid for UK Government and MOD tenders. You can read more about Cyber Essentials on our Cyber Essentials Certification Services page.
Cyber Essentials is a verified self-assessment certification that demonstrates an organisation has the required cyber security controls in place. Cyber Essentials Plus is based on the same technical requirements as Cyber Essentials, but it also includes a technical audit of your IT systems, to verify the controls are in place. This gives a higher level of assurance that an organisation has correctly implemented the controls. You can read more about the difference between Cyber Essentials and Cyber Essentials Plus on our Cyber Essentials Certification Services page.
Shift Key Cyber are an Assured Service Provider for NCSC. The Cyber Advisors (Cyber Essentials) scheme is specifically aimed to help UK small and medium organisations by offering reliable and cost-effective cyber security advice, and where required, practical hands-on support to help guide businesses through the Cyber Essentials process and certification. You can find out more about our Cyber Advisor Service on our dedicated page.
Cyber Essentials follows a tiered pricing structure depending on the size of your business. It is a verified self-assessment process which follows the pricing structure shown in the table below.
| Business Size | Cost |
|---|---|
|
Micro organisations (0-9 Employees) |
£320 + VAT |
|
Small organisations (10-49 Employees) |
£440 + VAT |
|
Medium Organisations (50-249 Employees) |
£500 + VAT |
| Large Organisations (250+ Employees) | £600 + VAT |
This depends on the size and complexity of your network. Please contact us for advice and further information and a quote.
Both certifications establish controls needed to protect your business from cyber threats and are beneficial in their own rights, but also can co-exist together. Cyber Essentials provides you with five fundamental controls to protect against common threats, making it a reliable and cost-effective certification to demonstrate basic cyber compliance. ISO 27001 takes this a step further, offering a risk based and more comprehensive, in-depth set of optional controls that can be tailored to your organisation. You can find out more about the differences between ISO 27001 and Cyber Essentials in our dedicated blog.
ISO 27001 FAQs
ISO 27001 is an internationally recognised standard that, when implemented correctly, provides assurance of your commitment to protect your business information. You can read more about the benefits of implementing ISO 27001 on our ISO 27001 Implementation Service page.
ISO 27001 can be implemented into organisations of any size, ranging from micro businesses to global enterprises. The standard is flexible to allow for the controls to be applied in a way that is relevant to you.
Both certifications establish controls needed to protect your business from cyber threats and are beneficial in their own rights, but also can co-exist together. Cyber Essentials provides you with five fundamental controls to protect against common threats, making it a reliable and cost-effective certification to demonstrate basic cyber compliance. ISO 27001 takes this a step further, offering a risk based and more comprehensive, in-depth set of optional controls that can be tailored to your organisation. You can find out more about the differences between ISO 27001 and Cyber Essentials in our dedicated blog.
ISO 9001 FAQs
ISO 9001 can be implemented into organisations of any size from micro to enterprise.
Yes, you can achieve certification whether you sell products or services the quality principles apply to delivering consistent and high-quality services or products.
As part of the implementation stage, we will help you choose a suitable certification body and guide you through the process, we will also attend the audit if you would like us there.