April 4th 2016 sees the mandatory introduction of the Defence Cyber Protection Partnership’s Cyber Security Model (CSM) for all companies bidding for contracts with the Ministry of Defence (MOD). This means that any company wanting to work with, or supply to the MOD, either directly or through a longer chain, will be required to have the Cyber Essentials certification as a minimum. More sensitive contracts will need additional security measures in place.
Companies working on projects at all risk levels will be required to be certified to Cyber Essentials standards. The level of cyber risk falls under four categories;