Barclays says it has become the first major organisation to gain the new Government Cyber Essentials certification for its digital banking services, including MyBarclays, BMB and Pingit.
The certification was awarded to Barclays following assessment of its security by certification-body Gotham Digital Science (GDS). GDS is accredited by CREST to carry out Cyber Essentials and Cyber Essentials Plus certification services.
“We identified this new government scheme as an important part of our plans to help customers in the digital age transact completely safely and securely,” said Philip Sowter, mobile banking director at Barclays. “We are now working with GDS towards the Cyber Essentials Plus certification.”
To demonstrate "basic cyber hygiene" and reach Cyber Essentials certification through GDS, Barclays Digital Banking had to complete the Cyber Essentials Questionnaire. An external perimeter vulnerability scan was also carried out, which is an additional requirement for Cyber Essentials certification that is mandated by CREST.
“For Barclays the process was straightforward because of the existing security processes it already had in place, along with ISO27001 certification of the digital banking business,” said Justin Clarke, managing director of GDS. “The certification reinforces the importance the bank places on protecting customer assets and data.”
The first batch of SMEs to be awarded the certification was confirmed last month. The Cyber Essentials Scheme is part of the UK government’s National Cyber Security Strategy, and provides an independent assessment of the essential security controls that organisations need to have in place to mitigate risks from internet-borne threats.
CREST is a not-for-profit organisation that represents the technical information security industry. As part of this, CREST provides internationally recognised certifications for organisations and individuals, providing penetration testing, cyber incident response and security architecture services.