22 February 2019

Carousel awarded Cyber Essentials Plus certification

We are proud to announce that Carousel has been awarded the world-leading Cyber Essentials Plus (CE+) certification as recommended by UK Government.

Carousel’s security controls were assessed by certification body Crest earlier this month, and after a successful result Carousel has now achieved the CE+ certification which determines whether the solutions, an organisation has in place, comply with the control requirements.

Recent reviews have recommended that providers and suppliers to the healthcare organisations have the CE+ accreditation. The National Cyber Security Centre (NCSC), National Data Guardian Review and Smart review also recently highlighted the need for all organisations to achieve CE+ certification by 2021.

Companies holding the CE+ certification are less likely than those without the certification to become victim to cybercrime activities and in achieving the certification, Carousel’s has highlighted its commitment to protecting its technology, and operations, against cyber-attacks.

Commenting on the certification, Thomas Griese – CTOO at Carousel said: “We are delighted to have achieved this certification that provides even more reassurance to our clients – particularly in the MedTech and healthcare industries – that their supply chains are protected.

“Cyber-attacks, unfortunately, are on the rise and costing businesses more and more each year. In being CE+ certified, we have demonstrated how seriously we take cyber security – adhering to all UK recommended accreditations, and ahead of schedule – and how highly we value the integrity of our clients, which is vital in an age where we rely so heavily on the power of our connected technologies.”

How to obtain CE+
The CE certifications can be achieved at two levels, Cyber Essentials (CE) and Cyber Essentials Plus (CE+).
The base CE certification covers an extensive range of security processes, including firewall configuration, back-up processes and device configuration, plus an external vulnerability scan.

For CE+, a qualified and authorised external tester needs to perform additional tests and checks within the organisation, including an internal scan of the network, verification of account security for both standard users and administrative accounts, testing for defences against malicious software installation via email and web browsing.