Information security isn’t a once-a-year exercise for us, it’s embedded in how we work every day. As we approach our seventh consecutive year of Cyber Essentials and Cyber Essentials Plus certification, we wanted to share what we’ve been doing behind the scenes to prepare for this year’s independent assessment in July.

What is Cyber Essentials Plus?

Cyber Essentials is a UK Government-backed scheme that helps organisations protect themselves against the most common cyber threats. While the standard Cyber Essentials certification is a self-assessment, Cyber Essentials Plus (CE+) requires an independent, hands-on technical audit carried out by an accredited assessor. It verifies that five key technical controls are properly implemented:

• Firewalls — boundary protection between your network and the internet
• Secure configuration — ensuring systems are configured to reduce vulnerabilities
• User access control — restricting access to authorised users only
• Malware protection — defending against viruses and other malicious software
• Security update management — keeping software and devices up to date

What we’ve been doing to prepare

CE+ touches every area of our business — from our hosted cloud infrastructure to the laptops our team use day to day. In the lead-up to this year’s assessment, we’ve been focused on:

• Keeping infrastructure current — following last year’s programme of Postgres 16 and Python 3.12 upgrades across iShare in the Cloud, we continue to ensure all components run on supported, patched versions
• Ongoing patching and update management — regular update cycles across all servers, endpoints and applications to address known vulnerabilities promptly
• Staff security training — our team complete NCSC-certified cyber security training, ensuring everyone understands their role in keeping systems and data secure
• Reviewing access controls and backup routines — regular audits of user permissions and verification of backup and disaster recovery procedures

Keeping you informed

If any preparation work requires changes that could affect your services — for example, planned maintenance or expected downtime — we will contact you directly via the support portal with full details, including timelines and any actions you may need to take. As always, our aim is to minimise disruption and keep you fully informed throughout the process.

Why this matters for our customers

Organisations that hold Cyber Essentials certification are statistically 92% less likely to make a claim on their cyber insurance. For our customers, many of whom are local authorities and public sector bodies handling sensitive geospatial and resident data, our CE+ certification provides independent assurance that the systems hosting your data meet a recognised standard of security.

As the World Economic Forum’s Global Risks Report continues to rank cyber threats among the top risks facing organisations worldwide, we believe this annual investment in independent verification is more important than ever.

What happens next

Our CE+ assessment is scheduled for July. Once we’ve successfully completed the audit, we’ll share the results and our updated certification. In the meantime, if you have any questions about our security practices or how CE+ applies to the services we provide to you, please don’t hesitate to get in touch.