However, a Cabinet Office document relating to the Essentials scheme published on 25th September reveals that G-Cloud, Digital Services Framework, the Public Services Network (PSN), the ID assurance framework and Assisted Digital are all exempt from the guidelines.
“GDS is responsible for the management of a number of schemes which already include comprehensive cyber security obligations,” claims the note.
“Suppliers operating under [the above schemes] are therefore exempt from having to conform to the requirements of Cyber Essentials,” it adds.
A number of other organisations have also escaped the need to comply with the Cyber Essentials rules, including the Ministry of Defence (MOD).
“Following work by the Defence Cyber Protection Partnership (DCPP), MOD will be implementing its own Cyber Security Model (CSM) into all new contracts from early 2015,” explains the document.
It adds that this CSM approach aligns with and builds upon the Cyber Essentials Scheme and those wishing to work with MOD who have Cyber Essentials certification will only have to provide the information required by CSM.
“MOD will publish procurement guidance for suppliers in advance of the use of CSM in early 2015. MOD suppliers may wish to obtain a Cyber Essentials certificate in advance of the introduction to CSM,” says the document.
The Cabinet Office has said that suppliers complying who the ISO27001 standard, procurements following requirements outlined in the Supplier Assurance Framework and contracts where the use of Cyber Essentials can be demonstrated to be not relevant are also exempt.