Embed Size (px)
Citation preview
IN CONFIDENCE
Cyber Essentials Scheme
Applicant: Tachart,
Thank you for applying for certification to the Cyber Essentials Scheme Self-Assessment.
Congratulations, you have been successful in your assessment under the Cyber Essentials scheme.
I include below the results from the form which you completed.
Page 1/19
IN CONFIDENCE
Question Answer Score Comments
Acceptance
Please read these terms and conditionscarefully. Do you agree to these terms?
NOTE: if you do not agree to theseterms, your answers will not beassessed or certified.
I accept Compliant
A1.1 Organisation Name
What is your organisation's name (forcompanies: as registered withCompanies House)?
Please provide the full name for thecompany being certified. If you arecertifying the local entity of amultinational company, provide thename of the local entity.
TACHART LIMITED Compliant
A1.2 Organisation Number
What is your organisation's registrationnumber (if you have one)?
If you are a UK limited company, yourregistration number will be provided byCompanies House, in the Republic ofIreland, this will be provided byCompanies Registration Office.Charities, partnerships and otherorganisations should provide theirregistration number if applicable.
01329903 Compliant
A1.3 Organisation Address
Where are you located?
Please provide the legal registeredaddress for your organisation, or yourtrading address if a sole trader.
UKAddress Line 1: BnmBuilding Whitelea RoadSwintonTown/City: MexboroughCounty: S YorkshirePostcode: S64 8BH
Compliant
A1.4 Type of Organisation
What is your main business?
Please summarise the main occupationof your organisation.
Manufacturing Compliant
A1.5 Website
What is your website address?
Please provide your website address (ifyou have one). This can be aFacebook/Linkedin page if you prefer.
https://www.tachart.com/ Compliant
Page 2/19
IN CONFIDENCE
Question Answer Score Comments
A1.6 Size of Organisation
What is the size of your organisation?
Based on the EU definitions of Micro(<10 employees, < €2m turnover), Small(<50 employees, < €10m turnover) ,Medium (<250 employees, < €50mturnover) or Large (>250 Employees or>€50m turnover).
Small (<50 Employeesand <€10m Turnover)
Compliant
A1.7 Home Workers
How many staff are home workers?
Home workers are staff whose mainwork location is their home address andwho work there for the majority of theirtime. This does not include officeworkers who occasionally work at homeor when traveling.
None Compliant
A2.1 Assessment Scope
Does the scope of this assessmentcover your whole organisation?
Please note: Your organisation is onlyeligible for free Cyber Insurance if yourassessment covers your wholecompany, if you answer 'No' to thisquestion you will not be invited to applyfor insurance.
Your whole organisation would includeall divisions and all people and devicesthat use business data.
Yes Compliant
A2.5 Geographic Location
Please describe the geographicallocations of your business which are inthe scope of this assessment.
You should provide either a broaddescription (i.e. All UK offices) or simplylist the locations in scope (i.e.Manchester and Glasgow retail stores).
Single site located onWhitelea Road, Swinton,UK
Compliant
Page 3/19
IN CONFIDENCE
Question Answer Score Comments
A2.6 Devices
Please provide a summary of all laptops,computers and servers that are used foraccessing business data and haveaccess to the internet (for example, "Wehave 25 laptops running Windows 10version 1709 and 10 MacBook Airlaptops running macOS Mojave").
You do not need to provide serialnumbers, mac addresses or furthertechnical information.
It is essential to include the versionnumber for Windows 10 - the assessorwill be unable to mark the assessmentwithout this.
1 server 2012, 3 Windows7 computers, 1 Windows10 computer and 3xWindows XP comuters,The Windows XPmachines are out of scopeas are dicconnected fromthe network and are usedfor running CNC machinesonly so dont contain anybusiness data.
Compliant
A2.7 Mobile Devices
Please list the quantities of tablets andmobile devices within the scope of thisassessment. You must include modeland operating system version for alldevices.
All tablets and mobile devices that areused for accessing business data andhave access to the internet must beincluded in the scope of the assessment.You do not need to provide serialnumbers, mac addresses or othertechnical information.
1 Android phones, version8 2 iphones, version Ios13
Compliant
A2.8 Networks
Please provide a list of the networks thatwill be in the scope for this assessment.
You should include details of eachnetwork used in your organisationincluding its name, location and itspurpose (i.e. Main Network at HeadOffice for administrative use,Development Network at Malvern Officefor testing software). You do not need toprovide IP addresses or other technicalinformation.
main LAN located at thesite office. No remotenetworks and no homeusers.
Compliant
Page 4/19
IN CONFIDENCE
Question Answer Score Comments
A2.9 Network Equipment
Please provide a list of networkequipment that will be in scope for thisassessment (including firewalls androuters).
You should include all equipment thatcontrols the flow of data such as routersand firewalls. You do not need to includeswitches or wireless access points thatdo not contain a firewall or do not routeinternet traffic.
1x Draytek router which isacting as the switch also.
Compliant
A2.10 Responsible Person
Please provide the name and role of theperson who is responsible for managingthe information systems in the scope ofthis assessment?
This should be the person whoinfluences and makes decisions aboutthe computers, laptops, servers, tablets,mobile phones and network equipmentwithin your organisation. This personmust be a member of your organisationand cannot be a person employed byyour outsourced IT provider.
Dean Lancashire Compliant
A4.1 Firewalls
Do you have firewalls at the boundariesbetween your organisation's internalnetworks and the internet?
You must have firewalls in placebetween your office network and theinternet. You should also have firewallsin place for home-based workers, ifthose users are not using a VirtualPrivate Network (VPN) connected toyour office network.
YesApplicant Notes: Yes, thedraytek router is our mainfirewall.
Compliant
Page 5/19
IN CONFIDENCE
Question Answer Score Comments
A4.2 Change Default Password
When you first receive an internet routeror hardware firewall device it will havehad a default password on it. Has thisinitial password been changed on allsuch devices? How do you achieve this?
The default password must be changedon all routers and firewalls, includingthose that come with a unique passwordpre-configured (i.e. BT Hub) You canchange the default password by logginginto the web interface for the device(often located at 192.168.1.1 or192.168.1.254)
When new networkHardware is purchased,per-config work isperformed by IT Desk.This includes changingthe default password to astrong 12 character longone and disabling anyunnecessary features.
Compliant
A4.3 Password Quality
Is the new password on all your internetrouters or hardware firewall devices atleast 8 characters in length and difficultto guess?
A password that is difficult to guess willbe unique and not be made up ofcommon or predictable words such as'password' or 'admin', or includepredictable number sequences such as'12345'.
YesApplicant Notes: Yes, allpasswords are set as perour security policy whichstates that passwordsneed to be complex anddifficult to guess and over8 chars
Compliant
A4.4 Password Management
Do you change the password when youbelieve it may have been compromised?How do you achieve this?
Passwords may be compromised if there has been a virus on your system orif the manufacturer notifies you of asecurity weakness in their product. Youshould be aware of this and know how tochange the password if this occurs.
When we believe apassword has beencompromised, we notify ITDesk. From there IT Deskreset the passwordimmediately to a strongone and check if any otherservices use thatpassword, if any do, theywill reset those also.
Compliant
Page 6/19
IN CONFIDENCE
Question Answer Score Comments
A4.5 Services Enabled
Do you have any services enabled thatare accessible externally from yourinternet routers or hardware firewalldevices for which you do not have adocumented business case?
At times your firewall may be configuredto allow a system on the inside tobecome accessible from the internet(such as a VPN server, a mail server ora service that is accessed by yourcustomers). This is sometimes referredto as 'opening a port'. You need to showa business case for doing this because itcan present security risks. If you havenot enabled any services, answer 'No'.By default, most firewalls block allservices. The business case should bedocumented and recorded.
NoApplicant Notes: yes, allexternal services aredisabled by IT Desk. Thisis reviewed periodically.
Compliant
A4.7 Service Blocking
Have you configured your internetrouters or hardware firewall devices sothat they block all other services frombeing advertised to the internet?
By default, most firewalls block allservices from inside the network frombeing accessed from the internet, butyou need to check your firewall settings.
YesApplicant Notes: Yes, thefirwall dosent advertiseany services to theinternet. this is set by ITDesk.
Compliant
A4.8 Configuration Settings
Are your internet routers or hardwarefirewalls configured to allow access totheir configuration settings over theinternet?
Sometimes organisations configure theirfirewall to allow other people (such as anIT support company) to change thesettings via the internet. If you have notset up your firewalls to be accessible topeople outside your organisations oryour device configuration settings areonly accessible via a VPN connection,then answer 'no' to this question.
NoApplicant Notes: Yes, ourrouter firewall can only beaccessed internally. Allremote access toconfiguration is disabled.
Compliant
Page 7/19
IN CONFIDENCE
Question Answer Score Comments
A4.11 Software Firewalls
Do you have software firewalls enabledon all of your computers and laptops?
You can check this setting on Macs inthe Security & Privacy section of SystemPreferences. On Windows laptops youcan check this by going to Settings andsearching for 'windows firewall'. OnLinux try 'ufw status'. You can also usethe firewall that may be provided by youranti-virus software.
YesApplicant Notes: yes, thebuit in Windows firewall isenabled on all computers.
Compliant
A5.1 Remove Unused Software
Where you are able to do so, have youremoved or disabled all the software thatyou do not use on your laptops,computers, servers, tablets and mobilephones? Describe how you achieve this.
To view your installed applications onWindows look in Start Menu, on macOSopen Finder -> Applications and onLinux open your software packagemanager (apt, rpm, yum). You mustremove or disable all applications,system utilities and network services thatare not needed in day-to-day use.
Yes, all unneccessarysoftware has beenremoved. We reviewauthorised softwareperiodically and request ITDesk to remove unusedapplications.
Compliant
A5.2 Necessary User Accounts
Have you ensured that all your laptops,computers, servers, tablets and mobiledevices only contain necessary useraccounts that are regularly used in thecourse of your business?
You must remove or disable any useraccounts that are no needed in day-to-day use on all devices. You can viewyour user accounts on Windows byrighting-click on Start -> ComputerManagement -> Users, on macOS inSystem Preferences -> Users & Groups,and on Linux using 'cat /etc/passwd'.
YesApplicant Notes: Yes, allunneeded and stale useraccounts have beenremoved. Our offboardingprocess also contains lineitems which require ITDesk to remove useraccounts and profiles fromPC's when a staff memberleaves the company.
Compliant
Page 8/19
IN CONFIDENCE
Question Answer Score Comments
A5.3 Change Default Password
Have you changed the default passwordfor all user and administrator accountson all your laptops, computers, servers,tablets and smartphones to a non-guessable password of 8 characters ormore?
A password that is difficult to guess willbe unique and not be made up ofcommon or predictable words such as'password' or 'admin', or includepredictable number sequences such as'12345'.
YesApplicant Notes: Yes. Oursecurity policy specifiesthe need to use strongpasswords. IT Desk alsouse group policy andchecks their side toensure that all passwordsare strong, are over 8chars long and nonguessable. All phoneshave password over 8chars and non guessablealso.
Compliant
A5.4 Password Quality
Do all your users and administrators usepasswords of at least 8 characters?
The longer a password, the more difficultit is for cyber criminals to guess (or brute-force) it.
YesApplicant Notes: yes. allusers and admin usestrong passwords (over 8chars) in line with oursecurity policy
Compliant
A5.5 Sensitive or Critical Information
Do you run software that providessensitive or critical information (thatshouldn't be made public) to externalusers across the internet?
Your business might run software thatallows people outside the company onthe internet to access information withinyour business via an external service.This could be a VPN server, a mailserver, or an internet application that youprovide to your customers as a product.In all cases these applications provideinformation is confidential to yourbusiness and your customers and thatyou would not want to be publiclyaccessible. This question does not applyto cloud services such as Google Drive,Office365 or Dropbox. If you only usesuch services and do not run your ownservice you should answer no to thisquestion.
No Compliant
Page 9/19
IN CONFIDENCE
Question Answer Score Comments
A5.10 Auto-Run Disabled
Is 'auto-run' or 'auto-play' disabled on allof your systems?
This is a setting which automatically runssoftware on a DVD or memory stick. Youcan disable 'auto-run' or 'auto-play' onWindows through Settings, on macOSthrough System Preferences and onLinux through the settings app for yourdistribution. It is acceptable to choosethe option where a user is prompted tomake a choice about what action willoccur each time they insert a memorystick. If you have chosen this option youcan answer yes to this question.
Yes Compliant
A6.1 Operating System Supported
Are all operating systems and firmwareon your devices supported by a supplierthat produces regular fixes for anysecurity problems?
Please list the operating systems youuse so that the assessor can understandyou setup and verify that all youroperating systems are still in support.Older operating systems that are out ofsupport include Windows XP/Vista/2003,mac OS El Capitan and Ubuntu Linux17.10
Machines that run onoutdated software (suchas Windows XP) are notconnected to the network,do not have internetcapability, do not containany business data and arestandalone machines thatare used to manage CNCmachinery within theplant. A standaloneLaptop is used by theaccounts dept, for theprinting of payslips and isnot connected to thenetwork. Other than thatall devices which are inscope are supported bysuppliers who produceregular security fixes.
Compliant
A6.2 Applications Supported
Are all applications on your devicessupported by a supplier that producesregular fixes for any security problems?
Please summarise the applications youuse so the assessor can understandyour setup and confirm that allapplications are supported. This includesframeworks and plugins such as Java,Flash, Adobe Reader and .NET
Yes, all applications arecovered by their ownsupport. We dont use anyoutdated or unsupportedsoftware.
Compliant
Page 10/19
IN CONFIDENCE
Question Answer Score Comments
A6.3 Software Licensed
Is all software licensed in accordancewith the publisher’s recommendations?
All software must be licensed. It isacceptable to use free and open sourcesoftware as long as you comply with anylicensing requirements.
Yes Compliant
A6.4 Security Updates - OperatingSystem
Are all high-risk or critical securityupdates for operating systems andfirmware installed within 14 days ofrelease? Describe how do you achievethis.
You must install any such updates within14 days in all circumstances. If youcannot achieve this requirement at alltimes, you will not achieve compliance tothis question. You are not required toinstall feature updates or optionalupdates in order to meet thisrequirement, just high-risk or criticalsecurity updates.
IT Desk have installedremote monitoring agentson all devices that links totheir RMM solution. Thismonitors current OS patchlevel and firmwareversion. This agent alsoinstalls security updatesfor the OS automaticallyand notifies whenfirmware needs updatingwhich IT Desk act onwhen released. Checksare done twice a weekand updated within 14days.
Compliant
A6.5 Security Updates - Applications
Are all high-risk or critical securityupdates for applications (including anyassociated files and any plugins such asAdobe Flash) installed within 14 days ofrelease? Describe how you achieve this.
You must install any such updates within14 days in all circumstances. If youcannot achieve this requirement at alltimes, you will not achieve compliance tothis question. You are not required toinstall feature updates or optionalupdates in order to meet thisrequirement, just high-risk or criticalsecurity updates.
The remote monitoringagent mentioned inquestion 41 also doessame for third partyapplications. Checks aredone twice a week andupdated within 14 days.
Compliant
Page 11/19
IN CONFIDENCE
Question Answer Score Comments
A6.6 Unsupported Applications
Have you removed any applications onyour devices that are no longersupported and no longer receivedregular fixes for security problems?
You must remove older applicationsfrom your devices when they are nolonger supported by the manufacturer.Such applications might include olderversions of web browsers, frameworkssuch as Java and Flash, and allapplication software.
YesApplicant Notes: yes, wehave a policy in place tocheck and removeappluications which falloutside their supplierssupport. IT Desk do thisfor us.
Compliant
A7.1 Account Creation
Are users only provided with useraccounts after a process has beenfollowed to approve their creation?Describe the process.
You must ensure that user accounts(such as logins to laptops and accountson servers) are only provided after theyhave been approved by a person with aleadership role in the business.
Yes, We send a supportticket to IT Desk for whena user needs to becreated. This will includewhat accounts theyrequire (Domain Login,Email Account etc) whichfolder shares they arerequire access to and anyspecific software theyneed installing on theirworkstation.
Compliant
A7.2 Unique Login
Can you only access laptops, computersand servers in your organisation (andthe applications they contain) byentering a unique user name andpassword?
You must ensure that no devices can beaccessed without entering a usernameand password. Users cannot shareaccounts.
YesApplicant Notes: Yes
Compliant
A7.3 Leavers Account Management
How do you ensure you have deleted, ordisabled, any accounts for staff who areno longer with your organisation?
When an individual leaves yourorganisation you need to stop themaccessing any of your systems.
We have an offboardingprocess which ensuresthat all staff who leave thecompany have theiraccounts disabled. Wealso perform a routinecheck on accounts toensure that they are stillrequired. IT Desk do thisfor us.
Compliant
Page 12/19
IN CONFIDENCE
Question Answer Score Comments
A7.4 Staff Privileges
Do you ensure that staff only have theprivileges that they need to do theircurrent job? How do you do this?
When a staff member changes job roleyou may also need to change theiraccess privileges to systems and data.
Yes. Dean at our side isthe only person who canauthorise securitychanges. This is done byraising a security changeticket with IT Desk. Wereguilary review thepermissions that thediffernet team membershave to ensure that noonehas security access whichcontradicts their job role.
Compliant
A7.5 Administrator Process
Do you have a formal process for givingsomeone access to systems at an“administrator” level? Describe theprocess.
You must have a formal, written-downprocess that you follow when deciding togive someone access to systems atadministrator level. This process mightinclude approval by a person who is anowner/director/trustee/partner of theorganisation.
Yes. only IT desk haveadmin access to oursystems. Should internalstaff require access theywould need to follow ouradmin access processand complete a requestform.
Compliant
A7.6 Use of Accounts
How do you ensure that staff only useadministrator accounts to carry outadministrative activities (such asinstalling software or makingconfiguration changes)?
You must ensure that administratoraccounts are only used when absolutelynecessary, such as when installingsoftware. Using administrator accountsall-day-long exposes the device tocompromise by malware.
We ensure administratoraccounts are only given tothose who need them todo their job, whichincludes installing newsoftware and changingconfiguration settings. Wealso outline in our securitypolicy that no users wholog in as admin shouldperform any tasks otherthan administrative dutieswhilst logged in.
Compliant
A7.7 Managing Usage
How do you ensure that administratoraccounts are not used for accessingemail or web browsing?
You must ensure that administratoraccounts are not used to accesswebsites or download email. Using suchaccounts in this way exposes the deviceto compromise by malware. You may notneed a technical solution to achieve this,it could be based on good policy andprocedure as well as regular training forstaff.
Our security policyprohibits this. We also setup group policy so thatadmin accounts on theserver cannot be used forweb browsing.
Compliant
Page 13/19
IN CONFIDENCE
Question Answer Score Comments
A7.8 Account Tracking
Do you formally track which users haveadministrator accounts in yourorganisation?
You must track by means of list or formalrecord all people that have been grantedadministrator accounts.
YesApplicant Notes: Yes, wehave an admin accountregister which is reviewedperiodically. This is heldby IT Desk who are theonly ones who haveadmin access.
Compliant
A7.9 Access Review
Do you review who should haveadministrative access on a regularbasis?
You must review the list of people withadministrator access regularly.Depending on your business, this mightbe monthly, quarterly or annually. Anyusers who no longer need administrativeaccess to carry out their role shouldhave it removed.
YesApplicant Notes: Yes, theadmin account register isreviewed regularly.
Compliant
A7.10 Two-factor Authentication
Have you enabled two-factorauthentication for access to alladministrative accounts?
If your systems supports two factorauthentication (where you receive a textmessage, a one-time code, use a finger-print reader or facial recognition inaddition to a password), then you mustenable this for administrator accounts.
No Compliant
A7.11 Two-factor Unavailable
Is this because two-factor authenticationis not available for some or all of yourdevices or systems? List the devices orsystems that do not allow two-factorauthentication.
You are not required to purchase anyadditional hardware or install additionalsoftware in order to meet thisrequirement. Most standard laptops donot have two-factor authenticationavailable. If your systems do not havetwo-factor authentication availableanswer yes to this question.
We use windowscomputers which donehave native 2FAfunctionality.
Compliant
Page 14/19
IN CONFIDENCE
Question Answer Score Comments
A8.1 Malware Protection
Are all of your computers, laptops,tablets and mobile phones protectedfrom malware by either:
A - having anti-malware softwareinstalled,
B - limiting installation of applications toan approved set (i.e. using an App Storeand a list of approved applications) or
C - application sandboxing (i.e. by usinga virtual machine)?
Please select all the options that are inuse in your organisation across all yourdevices. Most organisations that usesmartphones and standard laptops willneed to select both option A and B.
B - Only allowing softwarefrom an App Store orApplication Whitelisting ,C- Application sandboxing(such as a virtual machine(VM)),A - Anti-MalwareSoftware
Compliant
A8.2 Update Daily
(A) Where you have anti-malwaresoftware installed, is it set to updatedaily and scan files automatically uponaccess?
This is usually the default setting for anti-malware software. You can check thesesettings in the configuration screen foryour anti-virus software. You can useany commonly used anti-virus product,whether free or paid-for as long as it canmeet the requirements in this question.For the avoidance of doubt, WindowsDefender is suitable for this purpose.
Yes Compliant
A8.3 Scan Web Pages
(A) Where you have anti-malwaresoftware installed, is it set to scan webpages you visit and warn you aboutaccessing malicious websites?
Your anti-virus software should have aplugin for your internet browser or for theoperating system itself that preventsaccess to known malicious websites. OnWindows 10, SmartScreen can providethis functionality.
Yes Compliant
Page 15/19
IN CONFIDENCE
Question Answer Score Comments
A8.4 Application Signing
(B) Where you use an app-store orapplication signing, are users restrictedfrom installing unsigned applications?
By default, most mobile phones andtablets restrict you from installingunsigned applications. Usually you haveto 'root' or 'jailbreak' a device to allowunsigned applications.
YesApplicant Notes: We don'tallow jailbreaking orrooting so users areunable to install unsignedapps
Compliant
A8.5 list of Approved Applications
(B) Where you use an app-store orapplication signing, do you ensure thatusers only install applications that havebeen approved by your organisation anddo you document this list of approvedapplications?
You must create a list of approvedapplications and ensure users onlyinstall these applications on theirdevices. This includes employee-owneddevices. You may use Mobile DeviceManagement (MDM) software to meetthis requirement but you are not requiredto use MDM software if you can meetthe requirements using good policy,process and training of staff.
YesApplicant Notes: We havean approved software listwhich users referencebefore downloadingsoftware
Compliant
A8.6 Application Sandboxing
(C) Where you use applicationsandboxing, do you ensure thatapplications within the sandbox areunable to access data stores, sensitiveperipherals and your local network?Describe how you achieve this.
If you are using a virtual machine tosandbox applications, you can usuallyset these settings within theconfiguration options of the virtualmachine software.
Sandboxing is performedin an isolated environmentwhich has no access toany external data,peripherals or network
Compliant
A3.1 Head Office
Is your head office domiciled in the UKand is your gross annual turnover lessthan £20m?
This question relates to the eligibility ofyour company for the included cyberinsurance.
Yes Compliant
Page 16/19
IN CONFIDENCE
Question Answer Score Comments
A3.2 Cyber Insurance
If you have answered 'yes' to the lastquestion then your company is eligiblefor the included cyber insurance if yougain certification. If you do not want thisinsurance element please opt out here.
The cost of this is included in theassessment package and you can seemore about itat https://www.iasme.co.uk/cyberessentials/automatic-insurance-cover/.
Opt-In Compliant
A3.3 Total Gross Revenue
What is your total gross revenue? Please provide figure to the nearest£100K. You only need to answer thisquestion if you are taking the insurance.
The answer to this question will bepassed to the Insurance Broker inassociation with the Cyber Insuranceyou will receive at certification. Pleasebe as accurate as possible - figureshould be to the nearest £100K
£3m Compliant
A3.4 FCA
Is the company or its subsidiaries any ofthe following: medical, call centre,telemarketing, data processing(outsourcers), internet service provider,telecommunications or an organisationregulated by the FCA? You only need toanswer this question if you are taking theinsurance.
The answer to this question will bepassed to the Insurance Broker inassociation with the Cyber Insuranceyou will receive at certification.
No Compliant
A3.5 Domiciled Operation
Does the company have any domiciledoperation or derived revenue from theterritory or jurisdiction of Canada and / orUSA?
You only need to answer this question ifyou are taking the insurance. Theanswer to this question will be passed tothe Insurance Broker in association withthe Cyber Insurance you will receive atcertification.
No Compliant
Page 17/19
IN CONFIDENCE
Question Answer Score Comments
A3.6 Email Contact
What is the organisation email contactfor the insurance documents? You onlyneed to answer this question if you aretaking the insurance.
The answer to this question will bepassed to the Insurance Broker inassociation with the Cyber Insuranceyou will receive at certification and theywill use this to contact you with yourinsurance documents and renewalinformation.
[email protected] Compliant
All Answers Approved Have all theanswers provided in this assessmentbeen approved at Board level orequivalent?
Yes Compliant
Cyber Insurance Declaration Signed
Has the attached Cyber InsuranceDeclaration been downloaded (byclicking here), completed and signed (bya Board level or equivalent signatory),then uploaded (using the functionprovided below)?
Please note: The file upload must be in.PDF, .JPG or .PNG format and amaximum file size of 5MB. If your file islarger than 5 MB, please [email protected]
YesApplicant Notes:Insurance PDF attached
Compliant
Certificate of AssuranceTACHART LIMITED
Bnm Building Whitelea Road SwintonMexboroughS Yorkshire
S64 8BHScope: Whole Company
Complies with the requirements of the CyberEssentials Scheme
Date of Certification: 18th October 2019Recertification Due: Oct 2020Certificate Number: IASME-A-013702Profile Published: February 2017
This Certificate certifies that the organisation named was assessed as meeting the CyberEssentials implementation profile published in February 2017 and thus that, at the timeof testing, the organisations ICT defences were assessed as satisfactory againstcommodity based cyber attack. However, this Certificate does not in any way guaranteethat the organisations defences will remain satisfactory against cyber attack.
Certification Body:
Assessor: Shane Hunt
Accreditation Body:
NetcomTechnologies
Ltd
Powered by TCPDF (www.tcpdf.org)
