Automated Intelligence has been successful in obtaining a challenging Government-backed certification demonstrating stringent security practices.
Cyber Essentials PLUS is an award which recognises organisations which have implemented controls against a wide range of destructive cyber-attacks.
In this special interview with our Security and Operations Manager, Colin Flack, we discover what this means for AI.
Can you give us the lowdown on what Cyber Essentials PLUS is?
Cyber Essentials is a qualification which looks at all our IT security, from how staff handle passwords and access the internet, to how our teams interact with their emails and devices.
Last year we were awarded Cyber Essentials, but this year we wanted to take our cyber security one step further by going for the advanced certification.
This involved rigorous on-site testing by an independent Certification Body, and an auditor meticulously verifying our security measures.
How difficult is it moving up from Cyber Essentials to Cyber Essentials PLUS?
It’s no mean feat. When we started this well over a year ago, we had people on different operating systems and patch levels, so it was a long process to get everybody on to the same supported system.
We had to implement an Enterprise Management Server to centrally manage all of our devices so that we can monitor and resolve vulnerabilities and patch levels, for example. Various policies have been designed and pushed out to implement numerous checks and controls.
As a fast-paced development company, we had to work closely with all the teams when designing our policies to ensure that any impact to productivity was kept to an absolute minimum.
A substantial amount of work went into getting to this next stage, so we were delighted to have been verified.
Why is it important that we have this qualification?
Even though this started as a Public Sector qualification, a lot of customers and prospective customers, across industries, are now asking for this certification. It’s important to our customers so it’s important to us.
It gives them the confidence that we’re handling their data sensitively and securely, especially with the GDPR now in place.
We work with some of the largest organisations worldwide who have some of the most sensitive data and we need to assure these customers that we have a robust cyber security plan and policy.
But, of course, it’s not just a box-ticking exercise. This is increasing our principle of ‘security at the heart of design” such as our regular pen testing.
This is just the start for us we will be looking at further certifications and putting in further security measures in the months ahead.
Finally, a lot of hard work went into this, but it isn’t job done…?
No, this is an ongoing process. In 12 months’ time, we will repeat the procedure and have the auditors in again. We can’t sit back and rest on our laurels but we do now have a firm foundation to work from.
We will be frequently reviewing, improving and advancing our cyber security measures to protect our information and that of our customers, partners and suppliers.
To read our previous Security Series Q&A, please visit our pen testing blog.
For more information, please contact us firstname.lastname@example.org