ECC are regulatory practices and frameworks, established by national or global regulators (NCA), that contain the measures and countermeasures that organizations must implement to detect, prevent, or address security risks, and to manage threats to information and technology assets. 

Who does it apply to?

  • All ministries, national authorities, institutions, agencies and companies affiliated with them
  • Private sector companies that provide their services to national authorities
  • Companies and institutions that operate or host the infrastructure of government agencies.
  • Other organizations/companies can benefit from these controls, even if compliance is not mandatory

What is its purpose?

ECC-1:2018 has the following features: 

It focuses on the basic objectives of protection, which are: confidentiality, integrity and availability of information. 

Built on best practices, standards and regulatory frameworks (both local and international). 

These controls pay close attention to the main themes of cybersecurity (strategy, people, processes and technology). 


What does it consist of?

Implementation of ECC-1:2018 controls, apart from being mandatory for some entities, gives many benefits to organizations, including:
– Assists in designing cyber security strategy in the organization.
– Ensures the commitment of top management to the management and implementation of cybersecurity programs.
– Drafting, implementing and reviewing cybersecurity policies and procedures.
– Defining and documenting the organizational structure, roles and responsibilities of cybersecurity within the organization.
– Achieving national legislative and regulatory requirements related to cyber security.
– Addressing cybersecurity risks related to human resources.
– Protect the organization’s information and technology assets from cyber security risks and internal and external threats.
– Detecting technical vulnerabilities in a timely manner and addressing them effectively.
– Address cyber risks and implement cyber security requirements for cloud computing and hosting appropriately and effectively.

How long does it take to implement the ECC in an organization?

It depends on the size of the organization, the field in which it operates, the number of employees, the state of the current policies implemented, and the number and type of ICT components within its infrastructure. Some organizations can roll out the ECC in a few weeks, others may require months or years. If you are interested in implementing Essential Cybersecurity Controls in your organization, contact us to schedule a gap analysis audit and get a better assessment of the lead time and the costs.

Clients and Partners