Crest welcomes Barclays CES certification

Security certification body Crest has welcomed the first certification by a major organisation under the government’s new Cyber Essentials Scheme

Not-for-profit technical information security industry certification body Crest has welcomed the first certification by a major organisation under the government’s Cyber Essentials Scheme (CES).

Barclays achieved certification for its digital banking service under the guidance and certification scheme launched in June to ensure UK businesses get the basics of cyber security right and to give them a competitive advantage.

Barclays was awarded the Cyber Essentials certification after an assessment by Gotham Digital Science (GDS), which is accredited for CES assessments by Crest.

To demonstrate basic cyber hygiene and achieve certification, Barclays digital banking had to complete a cyber essentials questionnaire.

This was validated by GDS, which carried out an external perimeter vulnerability scan, which is an additional requirement mandated by Crest for CES certification.

“For Barclays the process was straightforward because of the existing security processes it already had in place, along with ISO 27001 certification of the digital banking business,” said Justin Clarke, managing director of GDS.

“The certification gives Barclays an opportunity to showcase its leadership in digital banking, and reinforces the importance the bank places on protecting customer assets and data.” 

Barclays is now working with GDS towards the second level of certification, Cyber Essentials Plus.

The first level of certification offers a basic level of assurance; the second offers a higher level of assurance through external testing of the organisation’s cyber security approach.

“The CES is unique because it has been developed as a collaboration between the UK government and the very best cyber security professionals in the UK,” said Ian Glover, president of Crest. “These professionals utilised their years of experience and invested their own time to extract the security standards that should be applied to all businesses, regardless of size.”

Glover believes it is important that large consumer-facing organisations like Barclays embrace the scheme.

The CES is part of the UK’s National Cyber Security Strategy and provides an independent assessment of the essential security controls that organisations need to have in place to mitigate cyber risks.

Systems within its scope include internet-connected devices such as desktop PCs, laptops, tablets and smartphones, and internet-connected systems including email, web and application servers.

According to the government, by attaining Cyber Essentials certification, organisations lower their risk of serious data and financial loss.

And by displaying the Cyber Essentials badge, organisations demonstrate to customers that they have taken steps to be fundamentally cyber safe.

The UK government plans to implement the CES throughout the public sector and in the longer term to embed in procurement processes wherever possible.

Read more on IT risk management