Completing the Cyber Essentials questionnaire might seem like a daunting exercise, but the key word to focus on is ‘Essentials’. When you are answering the questions, try to think about your infrastructure as a whole, not just thinking in too much detail about specific devices that you may have in mind. Looking at secure configuration, URM often finds questionnaire respondents just focussing on password protection rather than protection of the whole infrastructure, e.g., servers, end-user devices, mobile phones, Cloud environments and so on.
Most of the questions are phrased in such a way that only a high level response is required, so don’t write ‘War and Peace’ if it’s not needed . It might be a question about admin accounts, your on-boarding process or firewalls and, generally, you should be thinking about just writing one or two paragraphs to provide the assessor with an understanding of what your infrastructure looks like. Some organisations find it useful to have a checklist when they are answering the different questions. For example, if there is a question on password protection, your checklist will be reminding you to bear in mind all the different types of environments and whether the scope is correct.
There can, of course, be exceptions if the organisation that is applying for Cyber Essentials is large with a complex infrastructure and the processes are not as straightforward. In most cases, however, in the Cyber Essentials world less is more. If you have any query, URM has a dedicated Cyber Essentials Team to help you. Just email cyberessentials@urmconsulting.com
Our experience with URM was all around great and seamless, starting with our account manager who organised everything and was very accommodating, working around our schedule and fitting us in as soon as we wanted. This continued with our assessor for the CE questionnaire part; he was very helpful, taking the time to explain some aspects that were a bit unclear to me and guiding me the whole way through. The same was true of our assessor for the CE+, who took the time to answer any questions I had beforehand and guide me through elements that I was unfamiliar with. During the assessment, he was very helpful, made the process very easy and guided me through some points that needed some additional set up in order to ensure a successful process. This was our first year working with URM and I am sure we’ll be talking again next year. Thank you for all your help!
IT Security Services Provider
Do you know where your greatest vulnerabilities sit?
Find out through a Cyber Security Headline Assessment
Find out more
related BLog
Understanding Defence Cyber Certification (DCC)
Published on
22 May
2026
URM’s blog explains how the DCC works, who needs it, the benefits of certification, with clear guidance on how to approach compliance and avoid common mistakes.
Read more
Cyber Security
Published on
22/5/2026
Cyber Security and the Board: The UK Cyber Resilience Pledge in FocusURM’s blog explains the purpose, structure and content of the Government’s new Cyber Resilience Pledge, and what it means for organisations across the UK.
Read more
Cyber Security
Published on
16/4/2026
Mitigating Cyber Risks: Why Cyber Essentials Matters More Than EverURM’s blog highlights the growing threat to cyber security in the UK and the importance of the Cyber Essentials scheme in mitigating these risks.
Read more
Cyber Security
Published on
16/4/2026
Cyber Essentials Requirements UpdateURM’s blog breaks down the latest changes to the Cyber Essentials requirements and outlines why these updates matter for organisations seeking certification.
Read more
"
Our assessor made our CE Plus assessment smooth and easy. We are going back to URM for our CE Plus this year
contact US
Let us help you
Let us help you in your compliance journey by completing the form and letting us know how we can best support you.