Step 1 of 128%

Does your organisation have a firewall configured on every internet connection?

No, not implementedNo firewalls are currently in place
Planned but not implementedPlanning is underway but firewalls are not yet deployed
Partially implementedFirewalls exist but may not cover all connections or lack proper configuration
Yes, fully implementedFirewalls are configured and actively monitored on all internet connections

Are default administrative passwords changed on all network devices?

No, not implementedDefault passwords remain unchanged on network devices
Planned but not implementedPassword change initiative is planned but not yet executed
Partially implementedMost devices have changed passwords, some may remain with defaults
Yes, fully implementedAll default passwords have been changed to strong, unique passwords

Are unnecessary software, accounts and features removed from all devices?

No, not implementedNo systematic removal of unnecessary software or accounts
Planned but not implementedPlanning to remove unnecessary items but not yet started
Partially implementedSome cleanup has been done but not comprehensively across all devices
Yes, fully implementedAll unnecessary software, accounts, and features have been removed

Are all devices configured with secure settings before deployment?

No, not implementedDevices are deployed without standardized secure configurations
Planned but not implementedSecure configuration standards are being developed but not yet applied
Partially implementedSome devices are hardened, but not all follow a consistent process
Yes, fully implementedAll devices are hardened with secure configurations before deployment

Do you control who has administrative privileges on your systems?

No, not implementedNo formal control over administrative privileges
Planned but not implementedPlanning to implement privileged access controls but not yet deployed
Partially implementedSome control exists but admin rights may be granted too broadly
Yes, fully implementedAdministrative access is strictly controlled, monitored, and limited to necessary personnel

Are user accounts removed or disabled when no longer required?

No, not implementedNo formal process for removing unused accounts
Planned but not implementedPlanning to implement account lifecycle management but not yet active
Partially implementedAccounts are sometimes removed but not consistently or promptly
Yes, fully implementedFormal process exists to promptly remove or disable accounts when no longer needed

Is malware protection software installed on all devices?

No, not implementedNo malware protection software is currently installed
Planned but not implementedPlanning to deploy malware protection but not yet completed
Partially implementedMalware protection exists on most devices but not all
Yes, fully implementedAnti-malware software is installed and active on all devices

Is malware protection kept up to date with latest signatures?

No, not implementedMalware protection is not regularly updated
Planned but not implementedPlanning to implement automatic updates but not yet configured
Partially implementedUpdates occur but may not be automatic or consistent across all devices
Yes, fully implementedMalware definitions are automatically updated on all devices

Are high-risk and critical security patches applied within 14 days?

No, not implementedNo consistent timeline for applying critical security patches
Planned but not implementedPlanning to establish a 14-day patching policy but not yet implemented
Partially implementedPatches are usually applied but may sometimes exceed the 14-day window
Yes, fully implementedCritical patches are consistently applied within 14 days of release

Do you have a documented process for software updates?

No, not implementedNo documented process for managing software updates
Planned but not implementedPlanning to create documented update procedures but not yet completed
Partially implementedSome patching occurs but without formal documented procedures
Yes, fully implementedDocumented, approved process exists for managing all software updates

Are all operating systems and firmware supported by vendors?

No, not implementedSome unsupported operating systems or firmware remain in use
Planned but not implementedPlanning to upgrade unsupported systems but not yet completed
Partially implementedMost systems are supported but some may be near end-of-life
Yes, fully implementedAll OS and firmware versions are currently supported by vendors

Are unsupported systems removed from the network or segregated?

No, not implementedUnsupported systems remain on the network without segregation
Planned but not implementedPlanning to remove or segregate unsupported systems but not yet done
Partially implementedSome unsupported systems have been addressed but not all
Yes, fully implementedUnsupported systems are either removed or properly segregated from the network

Assessment Complete!

You've answered all 12 questions. View your results to see your Cyber Essentials readiness score and personalized recommendations.

View Your Results

Want a copy of your results emailed to you?