Completing the Cyber Essentials questionnaire might seem like a daunting exercise, but the key word to focus on is ‘Essentials’. When you are answering the questions, try to think about your infrastructure as a whole, not just thinking in too much detail about specific devices that you may have in mind. Looking at secure configuration, URM often finds questionnaire respondents just focussing on password protection rather than protection of the whole infrastructure, e.g., servers, end-user devices, mobile phones, Cloud environments and so on.
Most of the questions are phrased in such a way that only a high level response is required, so don’t write ‘War and Peace’ if it’s not needed . It might be a question about admin accounts, your on-boarding process or firewalls and, generally, you should be thinking about just writing one or two paragraphs to provide the assessor with an understanding of what your infrastructure looks like. Some organisations find it useful to have a checklist when they are answering the different questions. For example, if there is a question on password protection, your checklist will be reminding you to bear in mind all the different types of environments and whether the scope is correct.
There can, of course, be exceptions if the organisation that is applying for Cyber Essentials is large with a complex infrastructure and the processes are not as straightforward. In most cases, however, in the Cyber Essentials world less is more. If you have any query, URM has a dedicated Cyber Essentials Team to help you. Just email cyberessentials@urmconsulting.com
We have been a partner with URM Consulting for many years. They offer a great service and are a team of real experts in all things cyber security.
IT support company
Do you know where your greatest vulnerabilities sit?
Find out through a Cyber Security Headline Assessment
Find out more
related BLog
Understanding Defence Cyber Certification (DCC)
Published on
29 May
2026
URM’s blog explains how the DCC works, who needs it, the benefits of certification, with clear guidance on how to approach compliance and avoid common mistakes.
Read more
Cyber Security
Published on
22/5/2026
Cyber Security and the Board: The UK Cyber Resilience Pledge in FocusURM’s blog explains the purpose, structure and content of the Government’s new Cyber Resilience Pledge, and what it means for organisations across the UK.
Read more
Cyber Security
Published on
16/4/2026
Mitigating Cyber Risks: Why Cyber Essentials Matters More Than EverURM’s blog highlights the growing threat to cyber security in the UK and the importance of the Cyber Essentials scheme in mitigating these risks.
Read more
Cyber Security
Published on
16/4/2026
Cyber Essentials Requirements UpdateURM’s blog breaks down the latest changes to the Cyber Essentials requirements and outlines why these updates matter for organisations seeking certification.
Read more
"
The feedback on URM’s report was that it was the best document the developer had ever received due to it being so concise and clear. He has saved it on his desktop and suggested that the business should use a similar template for internal docs. This great feedback reflects not only on the URM penetration tester who conducted the test, but also on the senior members of URM’s Cyber Team for all the work they have put in to producing such a brilliant reporting template.
contact US
Let us help you
Let us help you in your compliance journey by completing the form and letting us know how we can best support you.