Siemens UK has been awarded the coveted Cyber Essentials Plus (CE+) certification required for organisations applying for UK critical national infrastructure and defence.
The certification was awarded by ECSC, the independent certifying body for the Cyber Essentials programme.
The award followed a three month remote process conducted at Siemens’ Manchester and Newcastle premises, with certification renewable annually. Siemens has more than 900 assets at both of the sites that went through the process and nearly 300 machines connected remotely throughout the UK.
Paul Hingley, business unit manager, industrial security services at Siemens said: “The CE+ badge significantly endorses Siemens’ stature as a company that takes cyber security very seriously. It demonstrates our commitment to the UK Government Cyber Security initiatives while also demonstrating to our customers that we are a company they can trust.
He added that the firm Siemens had invested heavily in its global internal policies and procedures to demonstrate compliance against the IEC62443 standard.
Administrated by the Information Assurance for Small and medium Enterprises (IASME) consortium, Cyber Essentials is a cyber security standard introduced by the Government that aims to provide organisations with pragmatic protection against the most common cyber security threats.
CE+ represents a higher level of certification than the standard Cyber Essentials (CE) assessment, which requires organisations to undertake a series of onsite technical assessments that include internal vulnerability tests against servers and sample workstations.
“We are the first global company in the Industrial Control Systems (ICS) space to achieve this certification which is a massive achievement for a company with such a complex IT structure that operates on a global platform,” stated Hingley.
“The CE+ certification together with our internal IEC62443 compliance and governance procedures implies to our clients they are dealing with a company whose products can be validated and verified into security architectures, solutions, processes and systems.”
The company said that other sites in the UK are following the same route and will all be CE+ certified before the end of 2021.