Siemens UK has been awarded the Cyber Essentials Plus (CE+) certification, a prerequisite for organisations applying for critical national infrastructure (CNI) and defence projects in the United Kingdom.
The certification was awarded by ECSC, an independent certifying body for the Cyber Essentials programme, which conducts assessments and reports the outcome to the scheme administrators - the Information Assurance for Small and Medium Enterprises (IASME) consortium.
Cyber Essentials is a cybersecurity standard introduced by the UK government that aims to provide organisations with pragmatic protection against the most common cybersecurity threats. CE+ is a step ahead of the standard Cyber Essentials (CE) assessment, which requires organisations to undertake a series of onsite technical assessments that include internal vulnerability tests against servers and sample workstations.
Siemens was awarded the CE+ following a stringent three-month process conducted at its Manchester and Newcastle premises. The evaluation, which was carried out remotely in view of COVID restrictions, looked at:
- Boundary Firewalls & Internet Gateways
- Secure Configuration
- Patch Management
- Access Gateway (User accounts)
- Malware Protection
The certification is renewable every 12 months and Siemens received its CE certificate in November 2020 followed by its CE+ accreditation in Jan 2021.
Paul Hingley, Business Unit Manager, Industrial Security Services at Siemens said, “the CE+ badge significantly endorses Siemens’ stature as a company that takes cybersecurity very seriously. It demonstrates our commitment to the UK Government Cyber Security initiatives while also demonstrating to our customers that we are a company they can trust. Siemens has also invested heavily in our global internal policies and procedures where we can demonstrate compliance against the IEC62443 standard. Our product development and services all comply with this global standard allowing us to supply solutions and service provisions our customers can rely on. We are the first global company in the Industrial Control Systems (ICS) space to achieve this certification which is a massive achievement for a company with such a complex IT structure that operates on a global platform. This provides Siemens with the ability to demonstrate our competence and credibility in Cyber Security when we compete for major CNI and Defence projects.”