What it means to be a JOSCAR Registered Supplier

For organisations working on defence programmes, supplier qualification is a necessary but time-consuming part of the process. JOSCAR simplifies that by holding a single, validated supplier profile that buying organisations can access directly – covering capability, compliance, information security, and financial standing.

In practical terms, if you’re looking for an IT or cyber security supplier for a defence programme and need to verify that they meet the required standards, we’re already on the register. Which means that’s one less thing for you to worry about.

How this fits alongside our other credentials

JOSCAR registration sits naturally alongside Base3’s existing defence sector credentials:

• We are an approved Defence Cyber Certification (DCC) body, supporting MOD suppliers through the DCC scheme against Defence Standard 05-138
• We are an approved Cyber Essentials and Cyber Essentials Plus certification body, recognised by IASME and the NCSC
• We are ISO 9001:2015 certified, demonstrating independently audited quality management across all our services
• We are an AWS Partner, bringing certified cloud expertise to defence and security environments

Together, these credentials reflect a consistent commitment to meeting the standards that defence sector organisations expect from their suppliers – not as a box-ticking exercise, but as part of how we work.

Working with Base3 in the defence sector

If you’re working in or around the defence supply chain and need IT or cyber security services from a JOSCAR registered supplier that already meets the required standards, get in touch to start the conversation.

The post Base3 is now JOSCAR Registered appeared first on Base3 Solutions Ltd.

Here’s a plain-language breakdown of what each one is, what it involves, and how to know which is right for your organisation.

What is Cyber Essentials?

Cyber Essentials is a UK Government-backed certification scheme designed to help businesses protect themselves against the most common cyber threats. It focuses on five core technical controls that, when properly implemented, significantly reduce your exposure to the vast majority of internet-based attacks.

The certification is annually renewable and is recognised across the public and private sector as a credible baseline of cyber security.

Cyber Essentials is a mandatory requirement for any organisation bidding for UK Government contracts that involve handling personal data or providing certain technical products and services. If you’re looking to work with the public sector, you’ll need it. Find out more at NCSC.gov.uk.

What does it cover?

The five technical controls are:

1. Firewalls and internet gateways
2. Secure configuration
3. User access control
4. Malware protection
5. Security update management

How does it work?

Cyber Essentials is a verified self-assessment. You complete an online questionnaire answering questions about how your organisation has implemented each of the five controls. The answers are reviewed by a certification body – and if they meet the required standard, you receive your certificate.

It’s straightforward, fixed-price, and achievable for businesses of any size.

What is Cyber Essentials Plus UK?

Cyber Essentials Plus covers exactly the same five controls – but instead of a self-assessment, it includes an independent technical audit carried out by a qualified assessor. Your systems are actually tested, not just described.

This means you’re not only telling someone your controls are in place – you’re proving it.

Cyber Essentials Plus includes internal and external vulnerability scanning, on-site or remote device assessment, and malware protection testing. It’s the same framework as Cyber Essentials, but independently verified – which provides a significantly higher level of assurance to customers, partners, and supply chain stakeholders.

What does the audit involve?

A Cyber Essentials Plus assessment typically includes:

• Internal vulnerability scanning across your devices and network
• External vulnerability testing of your internet-facing systems
• Verification of user accounts and access privileges
• Testing of malware protection across endpoints
• Remote or on-site device assessment depending on your setup

Important: you must hold a valid Cyber Essentials certificate before you can achieve Cyber Essentials Plus.

What’s the difference in cost?

Cyber Essentials is fixed-price, set by IASME:

Cyber Essentials Plus is not fixed-price. The cost depends on the number of users, devices, sites, and the complexity of your network. Contact us for a tailored quote.

Which one do you need?

For most small businesses with no specific contractual requirements, Cyber Essentials provides a solid, credible baseline that demonstrates you take cyber security seriously.

Cyber Essentials Plus is worth considering if:

• You work with government departments or public sector bodies
• Your contract specifically requires it
• You handle sensitive or confidential client information
• You are part of a defence or government supply chain
• You want independently verified confirmation of your security controls

Cyber Essentials Plus is increasingly being specified as a requirement in defence supply chain contracts – particularly as the Ministry of Defence rolls out its Defence Cyber Certification (DCC) scheme. DCC Level 2 and above require Cyber Essentials Plus as a prerequisite. You can read more about DCC on our Defence Cyber Certification page.

Not sure which applies to you?

If you’re unsure which level is right for your organisation – or whether you’re ready to start the process – Base3 can help. As an approved certification body for Cyber Essentials Plus in the UK, we support businesses through the entire process, from initial readiness through to certification.

Get in touch and we’ll point you in the right direction.

The post Cyber Essentials vs Cyber Essentials Plus: What’s the Difference? appeared first on Base3 Solutions Ltd.

That’s a problem. Because cyber threats don’t take a January break. In fact, the start of a new year is one of the most common times for businesses to discover that the security decisions they deferred throughout the previous year have quietly become serious risks.

So before you finalise your plans for 2026, it’s worth asking honestly: is your business technology actually fit for purpose – and is it secure?

Start with an honest audit

You don’t need a specialist to begin. A simple review of the following questions will tell you a lot:

• When did you last update your software, operating systems, and firmware across all devices?
• Do your staff use strong, unique passwords – and is multi-factor authentication enabled on critical systems?
• Who has access to what in your business – and is that access still appropriate?
• When did you last review your backup process, and have you ever tested a restore?
• Do you have a plan for what to do if you suffer a cyber incident?

If any of those questions made you uncomfortable, you’re not alone. Most small and medium businesses have at least one of these gaps – and often several.

Getting cyber security for small business right doesn’t have to be complicated – but it does need to be deliberate.

The threats that matter most to SMEs in 2026

Cyber criminals don’t only target large organisations. SMEs are frequently targeted precisely because they are perceived as easier to breach than larger enterprises – and because they often hold valuable data, financial information, or access to larger supply chains.

The most common threats facing UK SMEs right now are:

Phishing: deceptive emails designed to steal credentials or trick staff into transferring money or data. These have become significantly more convincing with the use of AI-generated content.

Ransomware: malicious software that encrypts your files and demands payment for their return. A single successful attack can bring a business to a standstill for days or weeks.

Credential theft: reused or weak passwords remain one of the most common entry points for attackers. Once inside one system, criminals move laterally to access others.

Supply chain attacks: attackers increasingly target smaller suppliers as a route into larger organisations. If you work with government, defence, or large enterprises, your cyber security posture affects theirs.

The UK Government’s Cyber Security Breaches Survey found that 50% of UK businesses reported a cyber attack or breach in the past 12 months. For medium-sized businesses, that figure rises significantly. Yet many of the most common attacks are preventable with basic controls – the kind covered by Cyber Essentials, the UK Government-backed certification scheme. You can read more about the survey findings at gov.uk.

What good cyber security for small business looks like

You don’t need an enterprise-grade security operation to protect your business effectively. What you do need is a clear baseline – consistent controls applied across your entire environment.

The five areas that make the biggest difference are:

Firewalls and secure configuration: ensuring your devices and networks are set up securely from the outset, not left on default settings.

Access control: making sure only the right people have access to the right systems, and that access is removed promptly when staff leave.

Malware protection: keeping endpoint protection up to date across all devices, including mobile.

Patch management: applying security updates promptly. The majority of successful attacks exploit known vulnerabilities that already have patches available.

Multi-factor authentication: adding a second layer of verification to critical accounts, making stolen passwords significantly less useful to an attacker.

These five controls form the basis of Cyber Essentials – the UK Government-backed certification that provides independent verification that your business has the fundamentals in place.

Is your IT infrastructure keeping up?

Cyber security doesn’t exist in isolation. It’s directly connected to the state of your IT infrastructure. Outdated hardware, unsupported operating systems, and poorly managed cloud environments all create vulnerabilities that attackers can exploit.

If your IT setup hasn’t had a structured review in the last 12 months, the start of a new year is the right time to do it. Not just to identify risks – but to make sure your technology is actually supporting your business rather than holding it back.

Making 2026 the year you get this right

The businesses that handle cyber incidents best aren’t necessarily the ones with the biggest budgets. They’re the ones that took the time to get the basics right – clear ownership, up to date systems, and a plan for when things go wrong.

If you’re not sure where your business stands, Base3 can help. We specialise in cyber security for small business across Cheltenham, Gloucester, Tewkesbury, Herefordshire, and the wider region.

Get in touch to start the conversation.

The post New Year, New IT Strategy: Is Your Cyber Security Fit for 2026? appeared first on Base3 Solutions Ltd.