Vodafone first telecoms company to win new enhanced UK cyber security accreditation

Out-Law News | 12 Aug 2014 | 12:53 pm | 1 min. read

Vodafone has become the first telecoms company accredited with meeting the 'cyber essentials plus' cyber security standard.

The company announced that its systems had been audited and were found to comply with the new standard which was developed by the UK government earlier this year.

“We take cyber security and protection of our customers’ data very seriously," Howard Pinto, head of technology security at Vodafone UK said. "We want our customers to be assured that when they do business with us we are doing everything possible to protect their data, our critical systems and business operations. To be the first telecoms company and the first multinational to have met the new cyber essentials plus standard, highlights our on-going commitment to ensuring the security and protection of our IT and customer systems and online assets.”

The cyber essentials scheme was launched in June alongside new cyber security guidelines that outline basic controls organisations can implement to protect against hacking attacks and other cyber security breaches.

The guidelines recommend businesses take a number of steps to improve the security of their systems and data, including deploying firewalls, ensuring the secure configuration of devices and networks, laying down restrictions on access to systems and data, tackling the threat of malicious software and managing software and security updates appropriately.

Businesses that implement security measures in line with the guidelines can apply for a certificate to indicate their commitment to cyber security. A 'cyber essentials' certificate is issued if a business self-assesses their own compliance with the guidelines and their assessment is independently verified. A 'cyber essentials plus' certificate is only available if a business allows the cyber security measures it has in place to be independently tested for compliance with the 'cyber essentials' guidance.

Businesses hoping to win government contracts that involve handling personal or sensitive data will be required to have obtained a 'cyber essentials' certificate from 1 October this year.

Ed Vaizey, culture minister, said: "Protecting personal data depends on good cyber security, and the threats and challenges are getting ever more sophisticated. Organisations need to take cyber security seriously, so it’s reassuring that Vodafone UK has taken the lead to become the first telecommunications provider in the UK to have achieved the Cyber Essentials Plus accreditation. Cyber Essentials and Cyber Essentials Plus enable businesses to demonstrate that they are taking action to control the risks - critical if they are to protect themselves, their customers and their brand.”