Cyber Attack Protection
Protection against unauthorised access or damage to data and systems.
|
× |
✓ |
× |
✓ |
✓ |
Access Management
Control of who has access to systems and data.
|
- |
✓ |
✓ |
✓ |
✓ |
Data Protection
Safeguarding personal data from misuse.
|
- |
✓ |
✓ |
✓ |
✓ |
Incident Response
Managing and responding to security breaches.
|
× |
✓ |
× |
✓ |
✓ |
Compliance & Legal Requirements
Adhering to laws and regulations for security.
|
- |
- |
- |
✓ |
✓ |
Physical Security
Preventing physical access to sensitive equipment or data.
|
× |
- |
- |
✓ |
✓ |
Business Continuity
Planning to keep business functions running during a disaster.
|
× |
- |
- |
✓ |
✓ |
Secure Configuration
Ensuring systems are properly configured to prevent vulnerabilities.
|
✓ |
✓ |
✓ |
✓ |
✓ |
Supplier Security
Ensuring third-party suppliers follow security standards.
|
× |
✓ |
- |
✓ |
✓ |
Employee Awareness and Training
Training employees on how to stay secure.
|
× |
✓ |
✓ |
✓ |
✓ |
Patch Management
Regularly updating systems to fix security vulnerabilities.
|
- |
✓ |
✓ |
✓ |
✓ |
Network Security
Protecting the organisation’s network from unauthorised access.
|
✓ |
✓ |
✓ |
✓ |
✓ |
Monitoring and Logging
Keeping logs of system activities for future review.
|
- |
✓ |
✓ |
✓ |
✓ |
Risk Management
Identifying and mitigating security risks.
|
× |
✓ |
- |
✓ |
✓ |
Vulnerability Scanning
Automated scanning of systems to identify security vulnerabilities.
|
× |
✓ |
× |
✓ |
✓ |
Encryption
Protecting data through encryption both at rest and in transit.
|
- |
✓ |
✓ |
✓ |
✓ |
Secure Development Practices
Implementing security measures throughout the software development lifecycle.
|
× |
- |
- |
✓ |
✓ |
Third-party Risk Management
Assessing and managing risks associated with third-party vendors.
|
× |
- |
- |
✓ |
✓ |
Data Backup and Recovery
Ensuring data is regularly backed up and can be recovered in case of loss.
|
- |
✓ |
- |
✓ |
✓ |
Multi-factor Authentication (MFA)
Requiring multiple forms of verification to access systems.
|
- |
✓ |
✓ |
✓ |
✓ |
Certification Renewal Frequency
How often the certification needs to be renewed.
|
Annually |
Annually |
Every 3 Years |
Every 3 Years |
Annually |
Assessment Type
Whether the framework is self-assessed or requires an external audit.
|
Self-Assessed |
Externally Audited |
Self-Assessed |
Externally Audited |
Externally Audited |
Documentation Requirements
Extent and detail of documentation required for certification.
|
- |
- |
- |
- |
✓ |
Certification Process
Process required to achieve certification.
|
- |
✓ |
- |
✓ |
✓ |
Risk Assessment
Extent and thoroughness of risk assessment procedures.
|
- |
✓ |
- |
✓ |
✓ |
Continual Improvement
Mechanisms for ongoing improvement of security measures.
|
- |
- |
- |
✓ |
✓ |
Leadership Involvement
Level of involvement required from organisational leadership.
|
- |
- |
- |
✓ |
✓ |
Flexibility in Implementation
Degree of flexibility in implementing security controls.
|
- |
- |
- |
✓ |
✓ |
International Standard
Whether the framework is recognised internationally.
|
✗ |
✗ |
✗ |
✗ |
✓ |
Adoption & Recognition
How widely the framework is adopted and recognised.
|
High |
High |
Medium |
High |
High |
Pricing
General cost associated with certification.
|
Low |
Medium |
Low |
Medium |
High |
Prerequisites |
— |
CE |
CE |
CE, Cyber Assurance Level 1 |
— |