The following checklist applies to both Cyber Essentials and Cyber Essentials Plus requirements, the difference being that with the latter a technical expert conducts a vulnerability scan and remote audit of your IT systems, including a representative set of user devices, all Internet gateways and all servers with services accessible to unauthenticated Internet users.
The questions that will need to be answered include:
- Ensure all your operating systems are still being supported by the manufacturer (including mobile phones, servers, tablets etc.)
- Apply all operating systems’ security patches within the 14-day time period.
- If you are using the Office suite, it must be on a supported version with all the security patches applied.
- Ensure the anti-malware agent is up to date and functional.
- Update the web browser to the latest version, or at least apply the latest version with a patch for a high-risk or critical vulnerability.
- Disable auto-run and ensure you have a process for new starters and leavers and providing role-based access control.
- Ensuring administrator accounts are not used for non-administrative tasks.
- Ensure all default passwords are changed on the firewall, on the systems and ensure they are changed to a secure password.
- Ensure all unnecessary applications are removed. This can either be achieved with a ‘gold image’ or manual removal of relevant software.
- Ensure all the software you are running is supported and up to date.
Our assessor has been amazing and a pleasure to work with on the assessments. He always goes above and beyond to help, reassure, and advise, and is an asset to the company.
IT company
Do you know where your greatest vulnerabilities sit?
Find out through a Cyber Security Headline Assessment
Find out more
related BLog
Mitigating Cyber Risks: Why Cyber Essentials Matters More Than Ever
Published on
16 Apr
2026
URM’s blog highlights the growing threat to cyber security in the UK and the importance of the Cyber Essentials scheme in mitigating these risks.
Read more
Cyber Security
Published on
16/4/2026
Cyber Essentials Requirements UpdateURM’s blog breaks down the latest changes to the Cyber Essentials requirements and outlines why these updates matter for organisations seeking certification.
Read more
Cyber Security
Published on
16/4/2026
Cyber Essentials Update 2026 URM’s blog breaks down key changes to the Cyber Essentials scheme coming into force on 27 April 2026, including the new Danzell Question Set.
Read more
Cyber Security
Published on
9/4/2026
NHS Cyber Security Open Letter: What Does it Mean for Suppliers?URM’s blog explains the recent open letter to suppliers issued by the NHS, what it means, why it matters, and the practical steps you can take to prepare.
Read more
"
We are delighted to partner with URM Consulting on a wide range of information and cyber security projects and service solutions. Working with URM Consulting has proved to be extremely successful, with them consulting / advising clients and then utilising our SMART Services. These are specifically aimed at supporting organisations to achieve Detection, Compliance & Response (DCR) to support Digital Transformation outcomes. In addition, we have achieved Cyber Essentials certification with URM and are now partnering on ISO 27001 and Cyber Essentials Plus projects. We have been impressed by the breadth of URM’s governance, risk, compliance and technical expertise along with their holistic, pragmatic and tailored advice.
Specialised Managed Service Partner
contact US
Let us help you
Let us help you in your compliance journey by completing the form and letting us know how we can best support you.