The Route to a Successful Application
The ESFA intend for providers to eventually obtain the ISO 27001 certificate in Information Security Management.
The ESFA planned an incremental process of:
- Initially attaining Cyber Essentials (CE) by September 2020; and
- Cyber Essentials Plus (CE+)by September 2021
The pandemic has prompted the ESFA to relax their timescales but in 2021 the ESFA did reiterate that ’ In circumstances where the Training Provider has yet to gain Cyber Essentials certification, the ESFA reserves the right to require the Training Provider to achieve the relevant Cyber Essentials certification on giving notice.
The ISO27001 aspiration remains on the security improvement radar but no date for this has been set by the ESFA.