Having held the basic Cyber Essentials certification since January 2016, we are pleased to announce that we have recently achieved the improved Cyber Essentials PLUS grading to this standard.
The PLUS component to this certification means that Zoocha not only adhere to the Cyber Essentials security requirements, but have also had this verified by an independent security testing specialist from an Accredited Certification Body.
The verification of our adherence to the standard involved a site visit by a security specialist who performed a number of spot checks across the range of devices that we utilise within Zoocha. Devices included PC's, laptops, mobiles, that run a variety of operating systems of all flavours; Windows, Linux (Ubuntu, Debian, Slackware, Mint), Android, Mac.
Checks included activities such as verifying that software was up to date and security patched, anti-virus software is installed (and working), firewalls are enabled and properly configured, user accounts are set up securely etc. On top of this, vulnerability scans were conducted against the Zoocha network to verify that external access to our systems is secured against unauthorised access.
Since being awarded the initial Cyber Essentials certification at the start of 2016, it has been clear to us that bar has been raised in terms of the level of expectation of what is deemed to be secure, along with the level of evidence and detail in approach that needs to be presented in order to satisfy the assessor, and meet the standard. This can only be a good thing with the frequency of hacks that we hear about in the news, and the ever increasing sophistication of those looking to exploit security weaknesses in organisations for gain.