Valuechain technology has been certified as a cyber essentials plus approved supply chain management provider.
Cyber Essentials is part of the UK’s National Cyber Security Centre and aims to guard organisations against cyber attacks. Valuechain gained Cyber Essential certified status in 2022, and with user security being a top priority for us we decided to subject our systems to more intense scrutiny over the course of the past year. Acting on feedback and implementing continuous improvement to now become Cyber Essential Plus certified.
Auditing for Cyber Essentials Plus certification is carried out by testing and auditing 5 key areas within an organisations digital ecosystem:
1. Boundary firewalls and Internet gateways
Firewalls and gateways provide a basic level of protection where a user connects to the Internet. While antivirus software helps protect the system against unwanted programs, a firewall helps to keep attackers or external threats from gaining access to your system in the first place. The firewall monitors all network traffic and can identify and block unwanted traffic that could be harmful to your computer, systems and networks. The security provided by the firewall can be adjusted like any other control function (in other words, the firewall ‘rules’).
2. Patch management
Patch management is about keeping software on computers and network devices up to date and capable of resisting low-level cyber attacks. Any software is prone to technical vulnerabilities. Once discovered and shared publicly, these can rapidly be exploited by cyber criminals. Criminal hackers can take advantage of known vulnerabilities in operating systems and third-party applications if they are not properly patched or updated.
3. Malware protection
Protecting against a broad range of malware (including computer viruses, worms, spyware, botnet software and ransomware) and including options for virus removal will protect your computer, your privacy and your important documents from attack.
4. Access control
Protecting user accounts and helping prevent misuse of privileged accounts is essential for any cyber-secure system or network. User accounts, particularly those with special access privileges (e.g. administrative accounts), should be assigned only to authorised individuals, managed effectively, and provide the minimum level of access to applications, computers and networks.
Any organisation whose employees connect to the Internet needs some level of access control in place. Access controls authenticate and authorise individuals to obtain information that they are permitted to see and use. Without appropriate access control there is no data security.
5. Secure configuration
Secure configuration refers to security measures that are implemented when building and installing computers and network devices to reduce unnecessary cyber vulnerabilities. Security misconfigurations are one of the most common gaps that criminal hackers look to exploit. According to a recent report by Rapid7, internal penetration tests encounter a network or service misconfiguration 96% of the time. Both the SANS Institute and the Council on CyberSecurity recommend that, following an inventory of your hardware and software, the most important security control is to implement secure configuration.
For more information, our certification is publicly listed on the Cyber Essentials Website: https://www.ncsc.gov.uk/cyberessentials/search
If you are looking to collaborate with sub-tier suppliers to improve quality, cost and delivery performance, learn more about Supplier Portal.