The University of Kent has again been awarded Cyber Essentials (CE) certification, which means our procedures for protecting against online threats have been independently recognised for the third year running.
Cyber Essentials is a Government-backed, industry-supported scheme to help organisations protect themselves against common online threats.
To get this independent verification we showed that we appropriately apply and manage a set of five security controls:
- securing our internet connection
- securing our computers and software
- controlling the access to our data and services
- protecting our computers from viruses and other threats
- keeping our software and computers up to date.
Cyber Essentials certification should reassure our students and staff that their data and the services they use are well protected.
Kent can demonstrate to our partners, customers and suppliers that it meets a national standard for Cyber security. We can use the above logo to promote Kent’s certification and if necessary we can direct requests for evidence to the online service: searching for ‘University of Kent’ will show our most recent certificate.
Cloud services are not covered by Kent’s Cyber Essentials certification. We can and do still use cloud services, but we exercise caution over what we place in the different types of ‘cloud’. The Microsoft Office 365 cloud service is covered by Microsoft’s own Cyber Essentials certification.
Sometimes the University enters into a contract, grant or data sharing agreement that specifies Cyber Essentials as a requirement, in which case it cannot use cloud services and rely solely on Kent’s Cyber Essentials certification as this would put it in breach of contract. The contract would have to show how the sub-contracted cloud service was also compliant.