add cyber essentials

content/posts/2026-cyber-essentials/index.md

@@ -0,0 +1,53 @@
++++
+title = 'SR2 Communications Achieves Cyber Essentials Certification'
+date = 2026-05-03T09:20:00-00:00
+lastmod = 2026-05-03T09:20:00-00:00
+draft = false
+tags = ['security', 'audit']
+[params]
+  author = 'Iain Learmonth'
++++
+
+We're pleased to announce that SR2 Communications has achieved
+[Cyber Essentials](https://www.ncsc.gov.uk/cyberessentials/overview) certification, the UK government's baseline
+standard for cyber security.
+This milestone represents an important addition to our existing security practices and reinforces our dedication to
+protecting the organisations we serve.
+
+<!--more-->
+
+<figure>
+<img src="/images/2026/cyber-essentials.png" alt="Certificate of Assurance - SR2 Group Limited, incorporating SR2 Communications Limited and SR2 Professional Services Limited, complies with the requirements of the Cyber Essentials scheme">
+<figcaption>Our Cyber Essentials Certificate</figcaption>
+</figure>
+
+Cyber Essentials is a government-backed certification scheme developed by the National Cyber Security Centre (NCSC).
+It establishes five core technical controls designed to prevent the most common cyber security threats.
+According to NCSC, organisations with this certification are protected against approximately 80% of the most common
+cyber attacks that they have observed.
+
+We've always had a strong focus on security (it's the S in SR2!) and have always maintained rigorous security practices
+in our software development and infastructure hosting including external audits of application code and periodic
+penetration testing of our infrastructure. These practices remain in place and will continue to provide project-specific
+assurance. However, Cyber Essentials addresses something equally critical: the foundational security of our
+organisation.
+
+While code audits and pentests examine specific systems and software, Cyber Essentials evaluates how we operate as an
+organisation, covering five primary areas:
+
+* Boundary firewalls and internet gateways
+* Secure configuration
+* User access control
+* Malware protection
+* Patch management
+
+This certification ensures that the foundation upon which our technical work rests is equally secure. The organisations
+we work with include free software projects, charities, non-profits, advocacy groups, and the media.
+They often handle sensitive data related to vulnerable populations, campaign strategies, and confidential stakeholder
+information. They need partners they can trust.
+
+For those partners operating with limited resources, knowing that their technology partners meet recognised security
+standards removes one more concern from their already demanding work.
+
+If your organisation is looking for a technology partner that understands your mission and takes security seriously,
+we'd welcome you to [get in touch](/contact).