Infotex have been audited as Cyber Essentials Plus compliant to the latest 2025 standard.
We have undergone these independent audits for each of the last 4 years to validate that we are applying best practices for cyber security to help keep ourselves – and our clients – safe against the rising threat of data breach and ransomware.
Why does Infotex undertake this audit annually?
Many of our clients place a great deal of trust in us. We appreciate the responsibility of this trust and want to reassure all our clients that we are looking after their data safely. Going through a detailed audit like this helps us to ensure that we are doing all that we can.
With the Internet and IT in general being a constantly evolving space, it is important to not rest on past accolades. By utilising external consultants there are always new things to learn and improvements to that can be made. The Internet can be a scary place and worldwide companies are being breached, hacked and ransomed on a daily basis. However, data shows that having controls in place increases the resistance to attack by around 90%.
What is Cyber Essentials
Cyber Essentials is a scheme overseen by the UK Government’s National Cyber Security Centre (NCSC) and backed by the Federation of Small Businesses (FSB) and Confederation of British Industry (CBI). Within this framework, there are two levels of compliance : Cyber Essentials and Cyber Essentials Plus.
To be compliant with the base Cyber Essentials, an organisation must answer around 70 questions providing technical information and policies for evaluation. These questions cover a wide spectrum, from password policies and storage through to individual computer configuration, networking, software choices and maintenance, and also includes HR policies. It is designed to ensure that the applicant has to evaluate whether they are following current best practice rather than following outdated guidance or beliefs.
Cyber Essentials Plus takes this to the next level. An independent auditor spot-checks a sample number of devices (PC’s and servers) and interview staff members of their choosing to ensure that the policies and practices are being followed across the business. The auditors also perform a range of technical tests to ensure appropriate segregation and security are in place.
Out of an estimated 5 million UK businesses, only around 50,000 successfully complete Cyber Essentials audits each year. There is still a long way for the country as a whole to go to increase its cyber security and is likely to be part of the reason why the Government are bringing forward the UK Cyber Resilience Bill. This will formalise requirements for entities which are in scope, and many of these requirement are based on the underlying pillars of Cyber Essentials.
What’s new for 2025
In recent years we have worked to a limited scope meaning that, from a Cyber Essentials auditing perspective, there were elements of our business which were not able to be fully evaluated. We have been working hard over the last few years to ensure that we have full visibility and follow best practice consistently across the whole business. We have also completed the purchase of additional software to help us monitor all our devices and ensure that we are applying these standards consistently across all our platforms. We are therefore pleased that for 2025 we have been awarded the certification for the whole of Infotex UK Ltd.
2025 also saw a new set of evaluation criteria called “Willow” for the assessment which tightened some controls and in turn required some minor changes to our configurations, however, pleasingly, the majority of the specification changes were to elements where we already exceeded the requirements.
Security is tough
Anyone who works within IT knows how tough it is to be secure because the defender has to be effectively perfect at all times, whereas the attacker only has to find one weakness to be able to get access.
This is why we talk consistently about security, both internally and externally, as we know that it really matters to our clients and there need to be more conversations around what people are doing to protect themselves. With phishing and other scams on the rise, by increasing your own security you are also helping to protect the security of the friends, family, colleagues and businesses around you.
