Police unit launches first cybersecurity certificate in the UK

The Police Digital Security Centre enlists Marathon as first trusted partner for channel scheme

Surrey-based MSP Marathon has been named the first "trusted partner" for the UK's first police-approved cybersecurity certificate.

The Police Digital Security Centre (PDSC) was formed in 2015 by the London Mayor's Office in collaboration with the Met and City of London police forces to help SMBs bolster their defences against cybercrime.

It has developed the new Digital Security Provider accreditation in conjunction with the British Standards Institute (BSI) to help SMBs identify trusted cybersecurity providers "in an ever-changing digital marketplace".

Simon Newman, head of cyber and business services for Police Crime Prevention Initiatives (PCPI), told CRN that the scheme was devised to form a list of trusted cybersecurity specialists it could refer to when approached for recommendations by SMBs.

"The police find it very difficult to recommend specific organisations over others," he explained.

"SMBs would often Google ‘cybersecurity' and end up speaking to companies that were selling them products that may not necessarily be right for them and making promises that were not necessarily true.

"We looked to certify certain cybersecurity vendors with the idea that it's built around trust; these are organisations that we put through a process and we can be confident that their products, services or consultancy meet relevant standards."

As part of this accreditation process, the PDSC looks at a company's business cases and methodologies and vets its frontline staff.

"This results in a list of cybersecurity companies that we can say ‘These are companies that we trust' and the SMBs can then approach and deal with them directly to meet their cybersecurity needs," he added.

The policing unit approached VMware and Citrix partner Marathon when it was creating the scheme last year to help develop the standards that underpin it, and Newman said the MSP was "instrumental" in helping to shape the process and operation of the scheme.

It has also appointed MSP Support Tree which works in the financial services space. More than 30 organisations are currently in the application process for the certification, according to Newman.

Peter Speck, head of Marathon's cybersecurity services, stated: "Our existing channel partners will recognise that Marathon already provides a comprehensive range of security services, but to be selected by the Police in partnership with the BSI, as their first trusted partner on this certification scheme, is a huge achievement.

"This underpins Marathon's expertise in cybersecurity and we're looking forward to continuing to help our reseller partners deliver trusted security services to their customers."

The application process

For those interested in applying to the scheme, the first step is to contact the PDSC, which will send a form that requires some basic information.

"We ask them to describe their company a little bit and the products or services or consultancy that they offer, the markets that they support, where they are geographically based and the areas in the country that they serve," Newman said.

"Once we've got that information, we pass it to the BSI, which will take over and liaise directly with that company to walk them through the next part of the process.

"They will ask for evidence of information, documentation, etc and they will also ask for up to five referees from customers. Those referees will be checked to make sure that the company has implemented solutions that work for their end users and customers."

The accreditation is available to all companies in the channel with a cybersecurity focus, though Newman advised that applicant firms should have some pre-requisites fulfilled before initiating the process.

"Having something like Cyber Essentials Plus would be a good start, possibly relevant ISO standards; it very much depends on the size of the applicant organisation and what they are offering," he said.

"For us, it's about demonstrating that you've got systems, processes and standards in place that have been independently assessed as being appropriate for the organisation and the way that it operates."

The PDSC charges an annual membership fee to cybersecurity providers, which is fixed at £2,000 for the first year. The organisation will conduct mystery shopping to ensure that certified companies are maintaining standards and continuing to deliver performance at the same level.

As the PDSC is a non-profit organisation, the fee for the accreditation will go into its community outreach programme, which educates SMBs about cybersecurity.

Newman hopes that it will eventually become the digital equivalent of Secure by Design - the police force's benchmark certification of physical secutrity systems.

He also hopes cybersecurity specialists see it as a means of increasing their reach into the SMB marketplace and that it will ultimately lead to an increase in standards.

"We've seen in recent years a huge increase in the number of cybersecurity vendors out there and some of them are very good, but a lot of them are not so good," he stated.

"This badge is a way of really cutting through some of the poorer providers and help the SME community improve its security posture."