| answer text |
<p>This was not a breach of any Government data, but a configuration error in the
Pervade Software platform used by an external third party, which led to system logs
from companies, including assessors of and applicants to the Cyber Essentials scheme,
being exposed. There is no evidence to suggest data was extracted. Cyber Essentials
is an excellent scheme and an important part of our national response to cyber threats.</p><p>
</p><p> </p><p>The National Cyber Security Centre has ensured the relevant third parties
have taken appropriate action in response. The scheme’s Accreditation Bodies are required
to take appropriate security measures through contractual obligations relating to
the storage of data, including using the latest version of anti-virus software. Following
the incident, an independent security audit was conducted on the Pervade software,
which resulted in the implementation of a number of minor recommendations. The software
is regularly penetration tested.</p>
|
 |
