CSA Cyber Essentials mark
4 min

Comprehensive Checklist for CSA Cyber Essentials Mark

Posted by: Mr. Nur Kamal Kamari Date: 17 Oct 2023


Companies strive to leverage technological advancements and digitisation to drive their business processes in today's digital era. However, the risk of cyber-attacks looms with the shift towards digital storage, communication and operations. Unlike physical theft, cyber-attacks present a more complex challenge. Organisations must prioritise cybersecurity to mitigate this risk and ensure the protection of valuable data and information from digital predators. Effective cybersecurity measures can prevent significant losses that may otherwise occur.

Governments worldwide have taken several initiatives and established standards and guidelines to promote cybersecurity practices among companies. One notable certification is the Cyber Essentials mark, developed by the Cyber Security Agency of Singapore (CSA). This certification helps organisations prioritise essential cybersecurity steps to safeguard their systems and operations from common cyber-attacks.

CSA Cyber Essentials Mark Requirement Checklist

Organisations seeking Cyber Essentials mark certification must prioritise cybersecurity processes and systems. By following the Cyber Essentials checklist aligned with the requirements stated in Annex A of CSA Cybersecurity Certification, companies can effectively track and implement the necessary measures for cybersecurity hygiene.

  • Assets: In cybersecurity, an organisation’s three most critical assets are its people, data, and hardware/software. Safeguarding data is paramount, requiring designated personnel responsible for inventory management, processing, storage, deletion, retrieval and establishing guidelines for data usage within the organisation. Encryption and password protection should be employed to secure sensitive data.

    Employees, while a defensive asset, can also be vulnerable to cyber-attacks like phishing. To protect against such attacks, thorough employee training and awareness is crucial. All employees must be aware and well-equipped to identify, mitigate, and report any suspected cyber-attacks.

    Hardware and software store vital information on which the company relies. If this information falls into the wrong hands, it can lead to financial loss and reputational damage. Proper maintenance and secure disposal of hardware and software are essential. Maintaining an inventory record and securely disposing of hardware while ensuring the removal of confidential information is imperative for effective cybersecurity mechanisms within an organisation.
  • Security and Protection: On security and protection there are two significant factors to consider: access control and secure configuration. Vital information in too many hands is always risky. Thus, controlling access to the organisation’s data on a ‘need to access’ basis is essential. A secure configuration ensures adequate security measures are in place to decrease the risk of attacks due to potential vulnerabilities or weak configurations.
  • Update: It is important to keep systems up-to-date to ensure that all software and hardware assets are protected against any vulnerabilities that may arise from time to time. This includes regular patches for operating systems, among other measures.
  • Backup: Losing data can be devastating. To protect against cybersecurity attacks like ransomware or malware, as well as natural disasters or theft, it is crucial to have proper data backup measures and practices in place. Regular backups of critical data, both online and offline, should be performed regularly based on the criticality of the data. This ensures minimal data loss that may affect business operations, and it is one of the strategies against a ransomware attack.

Cybersecurity is vital for protecting organisations, but ensuring cybersecurity practices align with industry standards is equally important. The CSA Cyber Essentials mark certification assures the organisation and its stakeholders that cybersecurity is maintained at an acceptable level against the most common cyber-attacks. TÜV SÜD's CSA Cyber Essentials mark certification services assist companies in understanding the intricacies of cybersecurity processes. With its expertise and experience, TÜV SÜD ensures that the processes meet the necessary requirements and facilitate a smooth and hassle-free certification process.

Five security controls of cyber essentials

These fundamental practices form a part of five security controls that should be in place to ensure cybersecurity at its best and to obtain Cyber Essentials Mark effortlessly:

  • Secure internet
  • Securing devices and software
  • Restricting access
  • Protection from viruses, social engineering attacks, ransomware and malware
  • Regularly updating cybersecurity systems


In today's digital world, cybersecurity should be the top priority for every business. It helps protect against financial loss, reputational damage, and data breaches. By prioritising cybersecurity, organisations can mitigate the risks associated with cyber threats and ensure the safety of their data and operations. In addition, maintaining robust cybersecurity measures enhances productivity by safeguarding the organisation against potential cyber risks.