FAQs
In here you’ll find our frequently asked questions. If you don’t find your answer please contact us.
Cyber Security FAQs
Cyber security solutions are not a one size fits all. Businesses need a layered approach to defence, monitoring and remediation.
Cyber security doesn’t have to be as difficult to manage and understand as most organisations think; we will guide you through best practices and solutions that will leave you better equipped to deal with the threats to your organisation.
We unfortunately live in a time where all businesses, regardless of size or industry sector are at risk, whether directly or indirectly.
Whilst larger organisations are more likely to have technology, expertise, and processes in place to protect themselves against cyber-attacks, this isn’t always the case. Smaller businesses are less likely to have the necessary resources and so may find themselves at greater risk of attack from hackers.
Without the proper protections in place, this can increase the risk of attack as it opens up a number of factors and vulnerabilities. Employees may be working on unsecured networks or in locations such as coffee shops.
Every business it at risk of a cyber-attack. Cyber criminals will regularly send out completely random attacks such as a phishing email for example, all it takes is one click and your business may be at risk from compromise.
ISO 27001 FAQs
ISO 27001 is an internationally recognised standard that when implemented correctly provides assurance of your commitment to protect your business information. You can read more about the benefits of implementing ISO 27001 on our ISO 27001 Implementation Service page.
ISO 27001 can be implemented into organisations of any size, ranging from micro businesses to global enterprises. The standard is flexible to allow for the controls to be applied in a way that is relevant to you.
How long it takes to achieve ISO 27001 certification very much depends on factors such as the complexity of processes, and how quickly you want to achieve certification. We have carried out implementations from anywhere between 3 months to 2 years.
Both certifications have merit in their own right and also co-exist very nicely together. But fundamentally, they are very different. Think of Cyber Essentials as having an MOT done on your car – there are a list of criteria that you must comply with to gain certification. ISO 27001 is a little different. More like when you go to buy a new car; there are certain things the car must have, (such as lights, brakes and a steering wheel) and then there are options that you get to choose which you have (heated seats, sunroof, colour etc). You can find out more about the differences between ISO 27001 and Cyber Essentials in our dedicated blog.
Cyber Essentials FAQs
By having Cyber Essentials certification, you will be more protected against the most common security threats. It helps build trust with customers by demonstrating that cyber security is important in your organisation. All certified organisations are listed on the NCSC’s certification database. It also strengthens your supply chain. Finally, having Cyber Essentials will also allow you the opportunity to bid for UK Government and MOD tenders. You can read more about Cyber Essentials on our Cyber Essentials Certification Services page.
Cyber Essentials is a verified self-assessment certification that demonstrates an organisation has the required cyber security controls in place. Cyber Essentials Plus is based on the same technical requirements as Cyber Essentials, but it also includes a technical audit of your IT systems, to verify the controls are in place. This gives a higher level of assurance that an organisation has correctly implemented the controls. You can read more about the difference between Cyber Essentials and Cyber Essentials Plus on our Cyber Essentials Certification Services page.
Shift Key Cyber are an Assured Service Provider for NCSC. The Cyber Advisors (Cyber Essentials) scheme is specifically aimed to help UK small and medium organisations by offering reliable and cost-effective cyber security advice, and where required, practical hands-on support to help guide businesses through the Cyber Essentials process and certification. You can find out more about our Cyber Advisor Service on our dedicated page.
Cyber Essentials follows a tiered pricing structure depending on the size of your business. It is a verified self-assessment process which follows the pricing structure shown in the table below.
| Business Size | Cost |
|---|---|
|
Micro organisations (0-9 Employees) |
£320 + VAT |
|
Small organisations (10-49 Employees) |
£440 + VAT |
|
Medium Organisations (50-249 Employees) |
£500 + VAT |
| Large Organisations (250+ Employees) | £600 + VAT |
This depends on the size and complexity of your network. Please contact us for advice and further information and a quote.
Both certifications have merit in their own right and also co-exist very nicely together. But fundamentally, they are very different. Think of Cyber Essentials as having an MOT done on your car – there are a list of criteria that you must comply with to gain certification. ISO 27001 is a little different. More like when you go to buy a new car; there are certain things the car must have, (such as lights, brakes and a steering wheel) and then there are options that you get to choose which you have (heated seats, sunroof, colour etc). You can find out more about the differences between ISO 27001 and Cyber Essentials in our dedicated blog.
Virtual CISO as a Service FAQs
A virtual Chief Information Security Officer provides oversight and strategic leadership in information and cyber security. Our service gives your organisation access to security expertise from a trusted advisor who will work with your team to provide strategic risk management and assurance activities across people, process, and technology.
In our experience, small and medium organisations do not always have the requirement for a full time CISO but still require strategic leadership across the business to advise on risk and oversee governance and regulatory compliance in relation to information and cyber security.
A vCISO can optimise security plans and move from a tactical position to a more strategic one.
Yes, you will have an experienced consultant working with you throughout our time together, offering their extensive expertise and capability.
At our initial discussion we will establish your requirements and then agree a subscription model that will be tailored to your needs. This flexible and cost-effective approach is unique to the specific needs and goals of your organisation and budget.
Our service is flexible and will be based on our understanding of your business and your requirements. We have customers that have the service for an ongoing number of days per month or for the duration of a project. It can be scaled too if your business grows.
Security Manager as a Service FAQs
You may not have the requirement to have a full-time Security Manager in place. Our service gives you the flexibility and access to a dedicated and experienced consultant to help manage information and cyber risk across your organisation whilst providing governance and regulatory assurance.
Yes, you will have a dedicated and experienced consultant with up-to-date knowledge of the latest standards, regulations, and technologies.
At our initial discussion we will establish your requirements and then agree a subscription model that will be tailored to your needs. This flexible and cost-effective approach is unique to the specific needs and goals of your organisation and budget.
Our service is flexible and will be based on our understanding of your business and your requirements. We have customers that have the service for an ongoing number of days per month or for the duration of a project. It can be scaled too if your business grows.
