20th February 2018 | Phil Etherton | Director, Security Services
Spinnaker Support is proud to announce that on 13th January 2019, we became the first third-party software support provider to achieve Cyber Essentials (CE) certification. In addition to enhancing our growing Oracle and SAP security portfolio, CE certification is designed to specifically reassure our UK customers that we take the risk of cyber security – and their overall data security – very seriously.
What Is Cyber Essentials?
Cyber Essentials (https://www.cyberessentials.ncsc.gov.uk/) is a United Kingdom government-backed and industry-supported set of basic technical controls to help guide organisations of all sizes in protecting themselves against common online security threats.
Cyber Essentials was developed by the National Cyber Security Centre (NCSC) in 2014 when the UK government worked collaboratively with the Information Assurance for Small and Medium Enterprises (IASME) consortium and the Information Security Forum (ISF) to address the rising threat of cyber-attacks.
As of 1st October 2014, the UK government requires all suppliers bidding for contracts involving the handling of certain sensitive and personal information to be certified by one of five NCSC-accredited bodies against the CE scheme. We chose Cyber Essentials because it is backed by industry, including the Federation of Small Businesses, the Confederation of British Industry (CBI), and a number of insurance organisations.
The UK is at the forefront of security. Because many of our customers are located there, the question we asked was not should we be Cyber Essentials certified, but when. Spinnaker Support applied for certification in late 2018 and was approved after passing an assessment of five essential security controls:
- Secured Internet connection
- Secured devices and software
- Controlled access to data and services
- Protected from viruses and other malware
- Kept devices and software up to date
Our Expanding Security and Vulnerability Protection Portfolio
Spinnaker Support adheres to strict standards of compliance. As part of delivering Oracle and SAP support the right way, Spinnaker Support was the first third-party support provider to achieve both ISO 9001:2015 and ISO/IEC 27001:2013 certifications. The ISO 9001:2015 highlights our firm commitment to quality management principles, and the ISO/IEC 27001:2013 drives a systematic approach for managing sensitive company information so that it remains secure.
In 2018, Spinnaker Support became both Privacy Shield-certified and GDPR compliant. We are certified for both the EU-U.S. and Swiss-U.S. Privacy Shield Frameworks (https://www.privacyshield.gov). The frameworks were co-designed by the U.S. Department of Commerce, the European Commission, and the Swiss Administration to provide organisations on both sides of the Atlantic with a mechanism to comply with data protection requirements when transferring personal data from the European Union and Switzerland to the United States – in support of transatlantic commerce.
“We’re very excited to add Cyber Essentials certification to our security and vulnerability protection portfolio,” said Phil Etherton, Spinnaker Support’s Director of Security. “It fits well with our ISO 27001, ISO 9001:2015, GDPR compliance, and US-EU and Swiss Privacy Shield certifications. Because these work well together, our customers can rest assured that we are serious about protecting their privacy and securing their information. We are committed to investing in emerging security improvements into the future.”
If you would like to know more about these certifications and how Spinnaker Support prioritises data security, contact us today.