TP Transcription has reached a major cybersecurity milestone as it is awarded Cyber Essentials Plus (CE+) certification, a UK government-backed, industry-supported certification for cybersecurity.
The certification demonstrates that the company’s policies and procedures are strong enough to protect against cyber threats. CE+ requires independent verification by an external auditor who conducts a series of technical assessments to ensure the company is protected against various attack scenarios.
The evaluation assessed boundary firewalls, secure asset configuration, patch management, user access controls, malware protection and mobile assets.
Our certification was awarded by Cyberlab, an independent certifying body for the Cyber Essentials programme, and it is renewable every 12 months.
Anna Gresty, Managing Director of TP Transcription Limited said: “Cyber-attacks are a daily risk and these attacks are also becoming increasingly sophisticated. The Cyber Essentials Plus certification demonstrates that we have robust procedures and protections in place as well as showing our customers and other interested parties that we take the security of their information seriously and have taken the necessary steps to reduce cyber threats. We will of course continue to evolve and improve our processes and procedures.”
Jonathan Fagan, Founder and Director at the company added: “Cyber Essentials Plus is a great achievement for our company and recognises our hard work for industry-leading cybersecurity standards. All the staff have worked hard to achieve this accreditation and we are incredibly proud of them and the efforts they have gone to. I have witnessed a strong sense of cohesion within the TP Transcription team who strive to provide and maintain a strong secure network environment for all our clients.”
Cyber Essentials Plus is the highest level of certification offered under the Cyber Essentials scheme and is UK government backed. It is a rigorous test of an organisation’s cyber security systems. Cyber security experts carry out vulnerability tests to make sure that an organisation is protected against hacking and phishing attacks. It was developed and introduced by the UK Government’s National Cyber Security Centre (NCSC).
Cyber Essentials Plus – our experience
TP Transcription Limited is a small to medium sized enterprise based in the UK with extensive experience working with the vast majority of universities across the UK and around the world. Due to the nature of the subject matter of our work for our larger clients, and the requirements of our clients for full I.T. security and protection for their very valuable audio files, we take our IT security responsibilities very seriously indeed.
Our secure file upload service is ISO 27001 accredited, our company follows an ISO 27001 system and we are also ISO 9001 accredited as well. We have completed the NHS Data Security & Protection Toolkit and hold the IASME Cyber Assurance accreditation. We have been Cyber Essentials accredited for over five years.
In 2023 we decided to go through the Cyber Essentials Plus (CE+) assessment, which is an externally audited version of Cyber Essentials. This involves an independent external company testing the security of our systems by applying hacks, attacking our antivirus protection and attempts to install malicious software on our systems.
The actual process itself is very straightforward and this is the purpose of this article to give you a bit of detail about how this takes place. Firstly, the applicant (i.e. us) goes through the standard Cyber Essentials Accreditation. This is a series of questions about the company’s systems and protocols, which are then assessed according to national standards set up by the National Security Agency in the UK and Cyber Essentials is awarded. We’ve always gone one step further here because we also go for IASME GDPR Accreditation at the same time (recently rebranded to IASME Cyber Assurance), which means that we complete an assessment to determine whether or not our systems are GDPR compliant.
Once we completed the Cyber Essentials question and answer session to the satisfaction of our assessor, we then commenced the CE+ process. Cyber Essentials Plus requires the information we are provided to be tested externally by a third-party company to make sure that we are compliant with the answers we’ve given to Cyber Essentials.
The company undertaking our assessment of Cyber Essentials (Cyberlabs) had a session with us recently where they attempted to hack into our system, send us some virus infected software, check out our password protections and run a system check to make sure that our antivirus and firewall were fully operating correctly. They did this by selecting a sample of our computers and spending 30 minutes or so looking at each one to make sure they were safe.
This was then followed up with a full review of all the systems – which ones were running outdated software, if there were any potential weak spots, advisory notes on how to go one step further and add additional security. Training for staff was also suggested.
The final stage was to revisit us again and go through the same process once we had made the suggested changes, to make sure that our systems were now all fully CE+ compliant.
The aim of Cyber Essentials Plus is to give reassurance to clients that not only have we said we are compliant with Cyber Essentials guidelines, but actually we are completely compliant to a higher level of security than is expected for the basic self-assessed Cyber Essentials.
Our tips for others?
Firstly make sure all your laptops, desktops and mobiles are running updated software. Check for any outdated unsupported software and remove it. Ensure you have full availability from staff for a specific day for the audit – it went on for quite a bit longer than we anticipated! Also make sure you have the time to deal with queries from the auditors as they are going through the process. There were a lot of questions to be answered. Finally, ensure you have your IT team on hand to assist with any hitches. We made sure our IT consultants were available to help and we are glad we did.
One of the things that is quite clear from all the various accreditation processes is that unfortunately they are somewhat loaded against the smaller companies in each sector. Larger organisations will almost certainly have departments to handle the workload required to get a business through the process, whereas smaller companies basically have to work through the night to achieve the same effect. Essential to do in terms of providing reassurance as to data security for clients, but unfortunate in terms of the effect on SMEs. I suspect that If we were any smaller we would not have been able to go through the exercise without it costing us substantially in terms of turnover and profit.
We hope that obtaining the Cyber Essentials Plus Accreditation will reduce the administrative burden for us and our clients when setting up new accounts and going through IT security checks and agreements. It wil hopefully provide our clients with reassurance as to how seriously we take IT security but also our systems are now tested externally by UK government regulated organisations and that we conitnue to be trusted by hundreds of well-known and recognised institutions to undertake their transcription and translation work for them.