Our annual security commitment, renewed
Anna Westlake
|
News
We're pleased to share that Cursor has been recertified as Cyber Essentials Plus compliant, the higher tier of the UK government-backed Cyber Essentials scheme. Keeping this certification current is an important part of how we look after our clients' data and systems, and this year's renewal feels like a good moment to explain what it means in practice.
What Cyber Essentials Plus actually involves
Cyber Essentials is a government-backed certification scheme, developed by the National Cyber Security Centre (NCSC), that sets a minimum standard for cyber security. There are two tiers: the standard level involves a verified self-assessment, while the Plus tier requires independent technical testing by an accredited external assessor.
That distinction matters. Rather than reviewing our own security controls, an independent body tests them in much the same way an attacker might probe them. This year, our assessment was carried out by Digital Armour. To pass, we need to demonstrate that five core controls are robustly in place: firewalls, secure configuration, user access control, malware protection, and security update management. These are specifically designed to defend against the most common types of cyber attack; the opportunistic, automated threats that can affect organisations of all sizes.
Why it matters to the organisations we work with
Many of our clients, including independent schools, membership bodies, universities, and sector associations, handle sensitive personal data every day. When you're working with an agency to build and run your website, software, or data integrations, you need confidence that they take information security seriously.
Cyber Essentials Plus provides that assurance. It's a government-endorsed mark that tells you our systems and practices have been independently verified, not just self-declared. For organisations in sectors where data protection responsibilities are high, choosing a certified supplier isn't just good practice; it's increasingly becoming a baseline expectation.
It's also worth saying that this is an annual certification, and the scheme itself evolves each year. IASME, which manages the scheme on behalf of the NCSC, updates the requirements regularly to keep pace with changing threats and technology. That means recertifying isn't simply a repeat of the previous year; it's a genuine check that our practices are still fit for purpose against the current landscape.
A team effort
Maintaining Cyber Essentials Plus isn't just a job for the infrastructure team. It requires everyone here to be engaged, from how we manage devices and access rights to how promptly we apply security updates. Thanks to everyone at Cursor who helped make this year's recertification straightforward, and to Digital Armour for a thorough and efficient audit process.
If security certification is something that matters to your organisation when choosing a digital partner, we'd be happy to discuss it. Get in touch, or take a look at some of our recent work.
