What 10 steps should you follow to prepare for Cyber Essentials certification?

The following checklist applies to both Cyber Essentials and Cyber Essentials Plus requirements, the difference being that with the latter a technical expert conducts a vulnerability scan and remote audit of your IT systems, including a representative set of user devices, all Internet gateways and all servers with services accessible to unauthenticated Internet users.

The questions that will need to be answered include:

  1. Ensure all your operating systems are still being supported by the manufacturer (including mobile phones, servers, tablets etc.)
  2. Apply all operating systems’ security patches within the 14-day time period.
  3. If you are using the Office suite, it must be on a supported version with all the security patches applied.
  4. Ensure the anti-malware agent is up to date and functional.
  5. Update the web browser to the latest version, or at least apply the latest version with a patch for a high-risk or critical vulnerability.
  6. Disable auto-run and ensure you have a process for new starters and leavers and providing role-based access control.
  7. Ensuring administrator accounts are not used for non-administrative tasks.
  8. Ensure all default passwords are changed on the firewall, on the systems and ensure they are changed to a secure password.
  9. Ensure all unnecessary applications are removed. This can either be achieved with a ‘gold image’ or manual removal of relevant software.
  10. Ensure all the software you are running is supported and up to date.
This was a useful information gathering exercise for us.
Apply for Cyber Essentials certificationApply for Cyber Essentials Plus

Lexcel: Deconstructing Your Information Management and Security Policy

Published on
16 Jun
2025

URM explains each control law firms must include in an information management and security policy that complies with the Lexcel Practice Management Standard.

Read more
Thumbnail of the Blog Illustration
Cyber Security
Published on
6/6/2025
Understanding Lexcel and the Specialist Quality Mark (SQM): How Cyber Essentials Can Benefit Your Practice

URM’s blog explores how Cyber Essentials can help your legal practice enhance its security posture and achieve/maintain its SQM or Lexcel accreditation.

Read more
Thumbnail of the Blog Illustration
Cyber Security
Published on
28/5/2025
Complying with Cyber Essentials and Cyber Essentials Plus

URM’s blog answers key technical questions about Cyber Essentials and Cyber Essentials Plus, what’s in scope, CE compliant use of BYOD, and more.

Read more
Thumbnail of the Blog Illustration
Cyber Security
Published on
12/5/2025
Mitigating Cyber Risks: Why Cyber Essentials Matters More Than Ever

URM’s blog highlights the growing threat to cyber security in the UK and the importance of the Cyber Essentials scheme in mitigating these risks.

Read more
"
Cyber security has never been higher on our agenda. We’re very pleased to have gained our Cyber Essentials Plus Certification. We are committed to providing the most secure and robust solutions to our customers and partners. This certification helps to demonstrate this commitment – through independent vulnerability testing and to test the awareness of information security across our teams. We’re very pleased with the support and expertise provided by URM.
Speech Technologies Provider
contact US

Let us help you

Let us help you in your compliance journey by completing the form and letting us know how we can best support you.