Purple has become one of the latest companies to become Cyber Essentials+ certified, indicating that the company takes a proactive stance against malicious cyber attacks.
Cyber Essentials is the UK Government-backed scheme that aims to help small to medium enterprises protect themselves against common cyber threats.
The certification is an externally audited process where Purple’s security services partners came into the business to test the controls they have in place in mitigating some of the most common and persistent threats online businesses face in their day-to-day operations.
The process entails the third party testing a random cross-section of assets in Purple’s scope against common expected controls mandated by the scheme. This included:
- Ensuring that our device assets are patched within our SLAs with no outstanding patches with a CVSSv3 score of above 7
- Ensuring that our antimalware solution doesn’t allow the execution of known malware or download from the internet
- Ensuring that our ESP doesn’t allow for the transmission of malware sent by email
Having already been ISO27001 certified as a business, and due to the maturity of their security program employing advanced toolings such as an in-house SIEM and advanced EDR solution, the Cyber Essentials Plus certification process went smoothly, finding that Purple went above and beyond these basal requirements in many areas.
Those who achieve Cyber Essentials+ certification demonstrate they have considered and committed time to strengthen their defenses against common threats of cybercrime and reduce the vulnerabilities of businesses to an accredited government standard.
Purple hopes that this certification will further reinforce the companies stance on data security with CEO and Founder Gavin Wheeldon having this to say:
“One of the businesses core values is with great data comes great responsibility and we think that the Cyber Essentials Plus certification is another way of highlighting how seriously we take this value as a company”