8 Businesses with fewer than 10 employees and sole traders – see: http://www.gov.scot/Topics/Statistics/Browse/Business/Corporate/alltables
11 The Cyber Essentials scheme offers a mechanism, endorsed by the National Cyber Security Centre, for organisations to demonstrate to customers, investors, insurers and others that they have adopted five critical network controls to guard against the most common forms of cyber-attack. taken essential precautions. See: https://www.cyberessentials.ncsc.gov.uk/ for further details.
12 A list of certifying bodies operating in Scotland is available at the SBRC website: https://www.sbrcentre.co.uk/services/cyber-services/cisp-and-cyber-essentials/trusted-partners/
16 In line with Article 1 (7) of the Directive, the banking and financial market infrastructures sectors within scope of the Directive will be exempt from aspects of the Directive where provisions at least equivalent to those specified in the Directive will already exist by the time the Directive comes into force. Firms and financial market infrastructure within these sectors must continue to adhere to requirements and standards as set by the Bank of England and/or the Financial Conduct Authority.
17 Some operators in this area will already be subject to the new NIS requirements.
18 See: www.gov.scot/cyberresilience
21 See, e.g. the Global Cyber Alliance’s free DMARC and Protected DNS (Quad 9) services: https://www.globalcyberalliance.org/initiatives.html
22 Proportionate to the size and resources of the member company.
23 This may, for example, take the form of guidance on “Supplying Scotland’s [Finance/Energy/ Pharmaceutical] Sector: Common Core Cyber Resilience Requirements” or “Supplying Scotland’s larger companies: Common Core Cyber Resilience Requirements”.