Goaco
Speciality: Internal and External Penetration Testing
UK-based cybersecurity consultancy specializing in penetration testing; offers internal/external pentest services and delivers secure, innovative cybersecurity solutions. Registered in the UK with offices in Ebbsfleet/Northfleet and Scotland; recognized for its trusted expertise in cyber security testing.
Cyber Essentials Certification
Origin
Cyber Essentials was created by the UK Government in 2014 in collaboration with industry experts and the National Cyber Security Centre (NCSC). The scheme was developed in response to the growing threat of cybercrime and the recognition that many cyber attacks could be prevented through basic security controls. It was designed to help organizations of all sizes protect themselves against common internet-based threats and establish a baseline of cybersecurity hygiene.
Industry Value and Importance
Cyber Essentials is highly valued in both public and private sectors as it demonstrates an organization's commitment to cybersecurity. UK government contracts involving handling of sensitive and personal information require Cyber Essentials certification as a mandatory prerequisite. Beyond compliance, the certification helps organizations reduce their vulnerability to approximately 80% of common cyber attacks, provides insurance benefits with some providers offering premium reductions, and serves as a trust signal to customers and partners. Many businesses also require their suppliers to hold the certification as part of their supply chain security requirements, making it increasingly important for maintaining competitive advantage in the marketplace.
Cyber Essentials Plus
Origin
Cyber Essentials Plus was created by the UK Government in 2014 in collaboration with the National Cyber Security Centre (NCSC), which is part of GCHQ. The scheme was developed in response to the growing threat of cyber attacks against UK businesses and organizations. It was designed to help organizations of all sizes implement basic cybersecurity controls to protect against the most common internet-based cyber threats, with the "Plus" variant including hands-on technical verification by qualified assessors.
Industry Value
Cyber Essentials Plus is highly valued because it provides verified assurance that an organization has implemented fundamental cybersecurity controls effectively. Unlike the standard Cyber Essentials self-assessment, the Plus certification requires external testing and vulnerability scanning, making it more rigorous and credible. It's increasingly required for UK government contracts involving sensitive information and is recognized by insurance providers, clients, and partners as evidence of a serious commitment to cybersecurity. The certification helps organizations demonstrate due diligence, reduce cyber risk, and differentiate themselves in competitive bidding situations.
ISO/IEC 27001:2013
Origin
ISO/IEC 27001:2013 was developed jointly by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC). The standard was first published in 2005, with the 2013 version representing a major revision that updated the framework to address evolving cybersecurity challenges. It originated from the British Standard BS 7799, which was developed in the 1990s to provide organizations with a systematic approach to managing sensitive information. The standard was created to establish an internationally recognized framework for information security management systems (ISMS), enabling organizations to protect their information assets through a risk-based approach.
Industry Value
ISO/IEC 27001:2013 is highly valued in the industry because it provides organizations with a comprehensive, vendor-neutral framework for establishing, implementing, and continuously improving information security practices. Certification to this standard demonstrates to clients, partners, and regulators that an organization has implemented robust security controls and follows international best practices for protecting sensitive data. Many industries, particularly those handling personal data, financial information, or critical infrastructure, consider ISO 27001 certification essential for vendor selection and compliance with regulatory requirements. The certification also provides competitive advantages in the marketplace and helps organizations systematically identify and mitigate information security risks.
- AditumIM
- Aditum Capital
- Cabinet Office
- Lucidya