Work through all five controls to see exactly where you stand before applying for certification. Tick each item you have in place - your score updates as you go.
Tick each item below as you confirm it is in place for your organisation.
Boundary firewalls must protect every device in scope from the internet. Question numbers below match the official IASME Cyber Essentials (Danzell) self-assessment, so you can map each check straight onto your application.
Computers, devices and cloud services must be configured to reduce inherent vulnerabilities - unnecessary software, accounts and features removed or disabled.
All software in scope must be supported and patched. High-risk and critical updates must be applied within 14 days - A6.4 and A6.5 are automatic-failure questions under Danzell.
Accounts must be unique, approved, and given only the access each person needs. MFA on cloud services is an automatic-failure question under Danzell.
Every device must be protected by anti-malware software (Option A) and/or an approved application allow list (Option B). Tick the items for the option(s) you use.
Our UK-based team will review your environment, identify any remaining gaps, and guide you through every step of certification. View pricing →
Also pursuing CE Plus? CE Plus adds an independent technical audit on top of CE basic. Use the dedicated checklist to confirm your environment is ready for the audit across all seven tested control areas. Open the CE Plus readiness checklist →
This checklist is based on the Cyber Essentials v3.3 (Danzell) requirements effective April 2026. It is provided as a self-assessment guide only - formal certification requires assessment by an IASME Approved Certification Body. For a formal gap analysis, contact our team.