Why the University is working towards Cyber Essentials certification
The University is working towards achieving Cyber Essentials (CE) certification. Cyber Essentials is a government‑backed scheme, run by the National Cyber Security Centre (NCSC), designed to help organisations protect themselves against common cyber-attacks.
Improving our security posture
Cyber Essentials focuses on a small number of practical controls that protect against the most common cyber attacks. Applying these consistently across the University reduces risk, improves resilience, and helps protect research data, teaching systems and core services.
Aligning with our supply chain expectations
Like the UK Government, the University already requires many suppliers and partners to meet recognised cyber security standards. Achieving Cyber Essentials across our own IT estate ensures we will meet the same expectations we place on others and strengthens assurance across our supply chain.
Benefits for researchers
Supporting eligibility for funding
Cyber Essentials certification is increasingly requested by government funders. This is particularly relevant for defence, security and other public sector-funded research.
Without certification, researchers may be asked to produce additional cyber implementation plans or assurances as part of funding applications.
Reducing administrative burden
By embedding Cyber Essentials controls into everyday University systems and processes, compliance becomes routine rather than project specific. This will reduce the need for individual workarounds and make it easier for researchers to demonstrate the institution’s cyber security requirements for funding.
What does this mean in practice?
IT Services will work with the University community to understand what staff across Academic Schools and Professional Services Units need to do to comply with Cyber Essentials.
This will include focusing on a small number of high-level actions, such as:
- Ensuring all active devices receive regular security updates
Making sure computers, laptops and other devices in use are supported and kept up to date with the latest security patches.
- Reviewing older or unused devices and securely transferring data
Identifying devices that are no longer needed or officially supported, moving any required data to active, supported devices and recycling old equipment securely through our Reusing IT partner.
- Building on existing good security practice across the University
Making best use of measures already in place, such as multi-factor authentication (MFA), phishing simulations and other security controls, while keeping staff informed about progress towards Cyber Essentials.
Our aim is to make compliance as straightforward and low impact as possible and embed good cyber security within normal working practice across the institution.
Next steps
Over the coming months, IT Services will:
- Provide University‑wide awareness materials to help staff understand the Cyber Essentials accreditation process.
- Meet with Computing Officers and administrative teams to support Cyber Essentials work.
- Launch an “old device amnesty” to help colleagues return equipment they no longer use.
- Provide in-person and online information sessions for staff.
- Update Heads of Schools and Professional Service Units and arrange follow‑up meetings where needed.
Cyber Essentials is an important step in strengthening the University’s cyber resilience, supporting research funding opportunities, and protecting our systems and data. We look forward to working with colleagues across the institution as this work progresses.