B. Security Certifications
This domain covers how your organisation maintains compliance with key security certifications.
00) Does your organisation hold any certifications in information security?
Scoping question. If answer is yes please answer questions 2 to 6 of this domain. If answer is no please skip to the next domain.
01) Is your organisation Cyber Essentials certified?
Answer yes if your organisation is certified to the first level Cyber Essentials scheme. Please provide your Cyber Essentials certificate as evidence.
02) Is your organisation Cyber Essentials Plus certified?
Answer yes if your organisation has been certified to the Cyber Essentials Plus scheme by a relevant certification body. Please provide your Cyber Essentials Plus certificate as evidence.
03) Is your organisation ISO27001 certified?
Answer yes if your organisation has a current, valid ISO27001 certification. Please provide your ISO27001 certificate and Statement of Scope as evidence (as a PDF file).
04) Is your organisation aligned with the NIST Cybersecurity Framework?
Answer yes if your organisation is aligned with the NIST Cybersecurity Framework.
05) Are you PCI DSS compliant?
Answer yes if your organisation is compliant with the PCI DSS security standard. If you have certified against the standard, please provide your certificate.
06) Does your organisation have any other certifications or audit reports that cover information security (such as a SOC 2 report)?
Answer yes if your organisation has completed any other information security audits or certifications. If yes, please state the certification or report in the notes and please provide the relevant certification or report as evidence.