Digital and Technology Services (DTS) are delighted to share that the university has achieved Cyber Essentials Plus certification for specific networks, including the secure endpoint network.

By achieving this certification, the university has shown its dedication to securing its critical IT infrastructure and providing a safe environment for research and learning.

What is Cyber Essentials?

Cyber Essentials is a UK Government accreditation scheme intended to help protect organisations’ against a range of common cyber-attacks, by verifying an organisation’s implementation of critical cybersecurity controls and best practice and is something that is increasingly demanded by research funders. To quote the National Cyber Security Centre:

“Certification gives you peace of mind that your defences will protect against the vast majority of common cyber-attacks simply because these attacks are looking for targets which do not have the Cyber Essentials technical controls in place.”

Michael Skinner, Chief Information Security Officer at the University of Nottingham comments “In addition to achieving basic certification, we underwent the much more challenging Cyber Essentials Plus certification, which included a hands-on technical verification of our controls by the Joint Information Systems Committee (JISC) who provides network and IT services and digital resources in support of further and higher education institutions and research institutions.”

“This significant milestone required tremendous effort from a vast number of DTS colleagues, in particular Mark Hewitt (Head of Cyber Security) and Lizzie Dexter (Cyber Essentials Project Manager).”

Why is Cyber Essentials Accreditation important for the university?

Mark Hewitt, Head of Cyber Security at the university adds “As a government backed scheme, Cyber Essentials accreditation is a mandatory requirement when dealing with many government departments. Furthermore, as a major research organisation, the University of Nottingham is increasingly asked for Cyber Essentials certification when undertaking work for research partners such as NHS, Rolls Royce, BAE systems.”

“It is estimated that around £100 million of university research income per year will become dependent on holding Cyber Essentials certification.”

Mike Relf, Director of Service Delivery within DTS adds “Getting to this point has involved a lot of time and effort on behalf of a lot of people.

“I can’t stress enough what a big step forward this is for the university and how valuable it will be, a point which is underlined by visibility it has at senior levels in the university. Everyone involved should be very proud of the part they and their teams have played.”

What does this mean for research?

The certification currently covers the data centre management networks, virtual desktops network, and secure endpoint networks. Researchers should be aware that the applicability of this certification to their specific research projects depends on the systems and networks being used.

We have launched a dedicated SharePoint page on the Information Security and Compliance SharePoint site, which provides detailed guidance on how the Cyber Essentials Plus certification applies to various research scenarios.

Please click here to read more, or contact Alan Williamson, Information Security Consultant, directly