Cyber Essentials Alignment Policy

Effective Date: 28 Sept 2025

Last updated: 28 September 2025

At AIC Professional Services UK Ltd, we are committed to maintaining the highest standards of cybersecurity to protect our people, partners, and clients. We align our practices with the UK Government–backed Cyber Essentials scheme to reduce the risk of cyber threats and ensure our IT infrastructure remains resilient, secure, and compliant.

Our Approach

We follow the five key technical controls set out in Cyber Essentials:

  1. Firewalls & Internet Gateways

    • All devices and networks are protected by firewalls, configured to block unauthorised access.

    • Inbound and outbound rules are documented, approved, and regularly reviewed.

  2. Secure Configuration

    • Devices, applications, and cloud services are configured to industry best practice.

    • Unnecessary software, services, and accounts are disabled or removed.

  3. User Access Control

    • Accounts are created only after managerial approval and follow the principle of least privilege.

    • Administrator accounts are separated from standard accounts and protected with multi-factor authentication (MFA).

  4. Malware Protection

    • All endpoints are protected with licensed, supported malware protection that updates automatically.

    • Suspicious activity is logged, monitored, and investigated.

  5. Security Update Management

    • All critical and high-risk updates (CVSS v3.0 score ≥7) are applied within 14 days of release.

    • Where auto-updates are not possible, we follow a strict patch management process with central oversight.

Ongoing Commitment

  • Regular staff training is delivered to raise awareness of cyber threats and promote safe behaviours (e.g., using strong, unique passwords in line with NCSC guidance).

  • We operate robust incident response and leaver/joiner processes to ensure user accounts and access rights remain tightly controlled.

  • Annual reviews are conducted to ensure alignment with evolving Cyber Essentials requirements.

Reference

For full details of the Cyber Essentials requirements, please refer to the official guidance published by the National Cyber Security Centre (NCSC):
Cyber Essentials Requirements for IT Infrastructure v3.2 (PDF)

Let’s Shape the Future of Defence Together

Strategic consultancy, secure technology, and mission-ready expertise, connect with AIC to deliver change where it matters most.

Let’s Shape the Future of Defence Together

Strategic consultancy, secure technology, and mission-ready expertise, connect with AIC to deliver change where it matters most.

Let’s Shape the Future of Defence Together

Strategic consultancy, secure technology, and mission-ready expertise, connect with AIC to deliver change where it matters most.