The certification demonstrates that the company’s policies and procedures are strong enough to protect against cyber threats. CE+ requires independent verification by an external auditor who conducts a series of technical assessments to ensure the company is protected against various attack scenarios. The evaluation, completed remotely in view of COVID-19 restrictions, assessed:
- Boundary firewalls
- Secure asset configuration
- Patch management
- User access controls
- Malware protection
- Mobile assets
The certification was awarded by ECSC, an independent certifying body for the Cyber Essentials programme, and it is renewable every 12 months. In total, around 5,500 digital assets, where in scope of the evaluation.
Steve Scrimshaw, Vice President, Siemens Energy UK&I, said: “Cyber-attacks are a daily risk in today’s world and these attacks are also becoming more sophisticated. The Cyber Essentials Plus certification demonstrates that we have robust procedures and protections in place as well as showing our customers and other interested parties that we take the security of their information seriously and have taken the necessary steps to reduce cyber threats. However, we see this as the starting point and will continue to evolve and improve our processes and procedures.”
Judith Wunschik, Global Chief Cybersecurity Officer at Siemens Energy added: “Cyber Essentials Plus is a great achievement for our company and recognizes our hard work for industry-leading cybersecurity standards. This award is a prerequisite for applying for critical national infrastructure projects and yet another proof point to our customers that we provide reliable products, solutions and services in our quest to energize society.”
Sean Fahey, Cyber Essentials Lead Assessor, ECSC, said: "I have witnessed a strong sense of cohesion within Siemens Energy's cybersecurity team who strive to provide and maintain a strong secure network environment in order to uphold the integrity of all assets within their organization. The positive and consistent results from the recent Cyber Essentials Plus assessment demonstrates that the cybersecurity team receive support from all functions within the organization, from the leadership team down, which shows how the general mindset is heavily weighted in favor towards the subject of cybersecurity."
Cyber Essentials is a government-backed scheme that helps companies protect themselves against a wide variety of the most common cyber-attacks and was introduced by the UK Government’s National Cyber Security Centre (NCSC).