Cyber Essentials Guide – An in-depth look at passing first time.

This Cyber Essentials guide has been written by a Cyber Essentials Lead Assessor and is intended to help those companies wishing to certify with Indelible Data Limited. The purpose is to help clients get the submission right at the first attempt and save time. Though this document has not been issued by, or on behalf of, The National Cyber Security Centre (NCSC) or the NCSC’s sole Cyber Essentials Partner, IASME, it has been compiled by a Lead Assessor with extensive knowledge of the scheme. Information in this Cyber Essentials Guide is subject to change without prior notice.

Cyber Essentials Logo
For further details to help you prepare for Cyber Essentials Plus assessment, please familiarise yourself with this guide first, then go to our Cyber Essentials Plus checklist blog.

You may also find helpful information in our Cyber Essentials FAQs

Contents

Overview

Completing the Cyber Essentials question set can, at first, appear daunting. This guide helps take away the uncertainty, guide the applicant through the Cyber Essentials Basic Level submission process and is split into 3 sections:

      1. Describing the journey from initial enquiry through to final submission and subsequent assessor feedback
      2. Helping to scope the assessment
      3. Addressing the requirements of the Cyber Essentials questions and explaining areas where most applicants either misunderstand or simply do not respond to the questions as comprehensively as expected.

The aim is to ensure submissions are not made until the applicant is confident all the questions have been completed correctly – hence increasing the chances of passing the submission first time!

Note: It is tempting to just jump to section 3 and address the questions, however if you have not defined the scope correctly, then the questions cannot be assessed properly.

The question-sets that require completion on the portal each have an associated version name. Up to January 23rd 2022 this is called "Beacon" and from January 24th 2022 onward is called "Evendine".

There is a 6 month change-over period for those accounts created on the portal before the 24th January 2022 (i.e. those using the Beacon question-set). Wherever possible we have included the Evendine requirements alongside the Beacon requirements in this guide - but some sections have been added that related solely to Evendine. Where this happens, we put the questionnaire name next to the section or question number e.g.

  • Cloud systems (Evendine)

Many of the same questions are present with the same numbers on both questionnaire versions. Where they differ, the question will have the version it relates to in brackets  - for example:

  • A2.9 (Beacon) followed by Beacon requirements
  • A2.9 (Evendine) followed by Evendine requirements

Further helpful Cyber Essentials resources can be found at the NCSC's Website.

We are sorry that we can no longer provide free access to our online guide.

Full access to this guide is part of our Cyber Essentials Basic - SILVER and GOLD PACKAGES or can be purchased separately in our shop

Existing clients who (already had access) and Trusted Partners will have received login instructions by email.