Cyber Essentials (UK)

The Pulsar Group (formerly Access Intelligence), based in the UK (Pulsar, Vuelio, ResponseSource), has achieved the UK’s Cyber Essentials Plus certification.

Cyber Essentials is a UK government-driven initiative to promote high standards in cyber security practices across all industries and sectors.

Developed as part of the UK’s National Cyber Security Programme, the UK Government worked with the Information Assurance for Small and Medium Enterprises (IASME) consortium and the Information Security Forum (ISF), to provide a clear statement of the basic controls that all organisations should implement to mitigate the risk from common internet-based threats, within the context of the Government’s 10 Steps to Cyber Security.

Cyber Essentials Plus offers greater security assurance than Cyber Essentials by including an independent external audit, which verifies the effectiveness of an organisation’s security measures.

View the Cyber Essentials Plus certificate

Cloud Security Principles

The UK National Cyber Security Centre (NCSC) has outlined a set of 14 Cloud Security Principles to help organisations assess the security of cloud services and ensure they are protecting their data and systems appropriately.

These principles are designed to help organisations make informed decisions when using cloud services by understanding the security measures that should be in place:

  1. Data in transit protection
    Data transmitted between a user’s system and the cloud service, and between cloud services, should be protected against interception and tampering. 
  2. Asset protection and resilience
    User data and the assets storing or processing it should be protected against loss, theft, and unauthorised access.
  3. Separation between users
    A malicious or compromised user of the service should not be able to affect the service or data of another.
  4. Governance framework
    The cloud service provider should have a governance framework in place that ensures its services are secure, complies with relevant laws and regulations, and continuously manages risks.
  5. Operational security
    The service needs to be operated and managed securely to thwart attacks, detect malicious activity, and recover from security incidents.
  6. Personnel security
    Cloud service provider staff should be subject to personnel security screening and processes to minimise insider risk.
  7. Secure development
    SaaS products and services should be designed and developed to identify and mitigate threats to its security.
  8. Supply chain security
    Cloud service providers should ensure that their supply chain upholds the same security standards, protecting the service and user data.
  9. Secure user management
    SaaS products and services should be able to securely manage users’ access to data and services provided by the cloud.
  10. Identity and authentication
    Access to cloud services and resources should be limited to appropriately authenticated and authorised individuals.
  11. External interface protection
    All external or less trusted interfaces of the service should be identified and appropriately defended against attacks.
  12. Secure service administration
    Administration of the cloud service should be conducted securely, with privileged access managed to prevent unauthorised changes.
  13. Audit information for users
    Cloud service users should have access to the audit records they need to monitor access and activity within the service.
  14. Secure use of the service
    Cloud service users have a responsibility to use the service securely. They should understand and fulfil their responsibilities to maintain the security of their data and applications within the cloud.
More about Security