ECA has produced a policy template for smaller businesses on cyber security. The document, which draws on the principles of Cyber Essentials, has been produced in response to the recent addition of several cyber security questions in the industry prequalification Common Assessment Standard (CAS).
The template, which can be amended to suit particular business needs, refers to measures such as:
- designing information (IT system and network) security into the business;
- adopting a proactive approach to IT security management;
- acting in a timely and cooperative manner to prevent, detect and respond to any IT security incidents; and
- reviewing and assessing the security risk with regard to information - and acting on the conclusions.
According to ECA’s Paul Reeve “As part of a recent update, the CAS asks several questions on Information Security and GDPR, including “Do you have a cyber security policy?” The new template has been produced to help smaller businesses engage with this and the other cyber security questions. It draws on measures advocated in Cyber Essentials which can help smaller businesses to manage - and show they are managing - cyber security issues”.
Cyber Essentials is at: www.ncsc.gov.uk/cyberessentials/overview
Last updated 26 July 23