The CESG, the information security arm of GCHQ, is tightening up the process for certifying cyber security consultancy companies.
The Information security arm is clamping down on companies applying more than three times in a year – Photo credit: Flickr, RBerteig
Consultancies that want to join the pool of companies certified the CESG as a trusted expert can now only apply three times in a 12-month period.
They will also have to register for and undertake a mandatory briefing before they are allowed to submit a full application.
The CESG says this will help speed up the overall process, as it will ensure successful applicants are informed of an interview date around 8 weeks after the CESG receives the application.
The CESG says that the interview should be with the service owner and the head consultant.
According to the CESG, the certification scheme makes it quicker and easier for public sector customers to procure cyber consultancy services, by offering a central route that uses the Crown Commercial Service’s Cyber Security Services agreement.
It is open to companies of any size and requires them to demonstrate that they can provide customers with an assurance that they will deliver a suitable service. The requirements depend on the service for which the company is seeking certification.
The scheme was launched in June 2015, and was then updated to certify companies rather than individuals, with the first six companies being awarded the certification in February this year.