| Cyber Attack Protection
Protection against unauthorised access or damage to data and systems.
|
× |
✓ |
× |
✓ |
✓ |
| Access Management
Control of who has access to systems and data.
|
- |
✓ |
✓ |
✓ |
✓ |
| Data Protection
Safeguarding personal data from misuse.
|
- |
✓ |
✓ |
✓ |
✓ |
| Incident Response
Managing and responding to security breaches.
|
× |
✓ |
× |
✓ |
✓ |
| Compliance & Legal Requirements
Adhering to laws and regulations for security.
|
- |
- |
- |
✓ |
✓ |
| Physical Security
Preventing physical access to sensitive equipment or data.
|
× |
- |
- |
✓ |
✓ |
| Business Continuity
Planning to keep business functions running during a disaster.
|
× |
- |
- |
✓ |
✓ |
| Secure Configuration
Ensuring systems are properly configured to prevent vulnerabilities.
|
✓ |
✓ |
✓ |
✓ |
✓ |
| Supplier Security
Ensuring third-party suppliers follow security standards.
|
× |
✓ |
- |
✓ |
✓ |
| Employee Awareness and Training
Training employees on how to stay secure.
|
× |
✓ |
✓ |
✓ |
✓ |
| Patch Management
Regularly updating systems to fix security vulnerabilities.
|
- |
✓ |
✓ |
✓ |
✓ |
| Network Security
Protecting the organisation’s network from unauthorised access.
|
✓ |
✓ |
✓ |
✓ |
✓ |
| Monitoring and Logging
Keeping logs of system activities for future review.
|
- |
✓ |
✓ |
✓ |
✓ |
| Risk Management
Identifying and mitigating security risks.
|
× |
✓ |
- |
✓ |
✓ |
| Vulnerability Scanning
Automated scanning of systems to identify security vulnerabilities.
|
× |
✓ |
× |
✓ |
✓ |
| Encryption
Protecting data through encryption both at rest and in transit.
|
- |
✓ |
✓ |
✓ |
✓ |
| Secure Development Practices
Implementing security measures throughout the software development lifecycle.
|
× |
- |
- |
✓ |
✓ |
| Third-party Risk Management
Assessing and managing risks associated with third-party vendors.
|
× |
- |
- |
✓ |
✓ |
| Data Backup and Recovery
Ensuring data is regularly backed up and can be recovered in case of loss.
|
- |
✓ |
- |
✓ |
✓ |
| Multi-factor Authentication (MFA)
Requiring multiple forms of verification to access systems.
|
- |
✓ |
✓ |
✓ |
✓ |
| Certification Renewal Frequency
How often the certification needs to be renewed.
|
Annually |
Annually |
Every 3 Years |
Every 3 Years |
Annually |
| Assessment Type
Whether the framework is self-assessed or requires an external audit.
|
Self-Assessed |
Externally Audited |
Self-Assessed |
Externally Audited |
Externally Audited |
| Documentation Requirements
Extent and detail of documentation required for certification.
|
- |
- |
- |
- |
✓ |
| Certification Process
Process required to achieve certification.
|
- |
✓ |
- |
✓ |
✓ |
| Risk Assessment
Extent and thoroughness of risk assessment procedures.
|
- |
✓ |
- |
✓ |
✓ |
| Continual Improvement
Mechanisms for ongoing improvement of security measures.
|
- |
- |
- |
✓ |
✓ |
| Leadership Involvement
Level of involvement required from organisational leadership.
|
- |
- |
- |
✓ |
✓ |
| Flexibility in Implementation
Degree of flexibility in implementing security controls.
|
- |
- |
- |
✓ |
✓ |
| International Standard
Whether the framework is recognised internationally.
|
✗ |
✗ |
✗ |
✗ |
✓ |
| Adoption & Recognition
How widely the framework is adopted and recognised.
|
High |
High |
Medium |
High |
High |
| Pricing
General cost associated with certification.
|
Low |
Medium |
Low |
Medium |
High |
| Prerequisites |
— |
CE |
CE |
CE, Cyber Assurance Level 1 |
— |