Cyber Essentials Self Assessment: Scope of Assessment

The scope self assessment is a critical aspect of the Cyber Essentials certification process. This security wiki provides information on the scope of assessment and the necessary details to be provided for the certification assessment.

A2.1. Coverage of the Assessment:

Indicate whether the assessment covers the entire organization or a specific subset. The scope of the assessment determines the extent to which the organization's systems and processes are evaluated.

A2.2. Scope Description (If Applicable):

If the assessment does not cover the whole organization, provide a description of the specific areas or aspects that are excluded from the assessment. This helps clarify the boundaries of the assessment and ensures accurate certification information.

A2.3. Geographical Locations:

Describe the geographical locations of your business that fall within the scope of the assessment. This can be a broad description or a specific list of locations included in the assessment scope.

A2.4. Summary of Devices (Laptops, Desktops, and Virtual Desktops):

Provide a summary of the quantities of laptops, desktops, and virtual desktops within the scope of assessment. Include the respective operating systems of these devices, as they are used for accessing organizational data or services.

A2.4.1. Thin Clients:

Specify the number of thin clients within the scope of assessment, along with their make and operating systems. Thin clients are devices used to connect to organizational data or services remotely.

A2.5. Servers and Virtual Server Infrastructure:

List the quantities of servers, virtual servers, and virtual server hosts (hypervisors) within the scope. Include the operating system of each server or virtual server. Hypervisors refer to the software or hardware platforms used to create and manage virtual machines.

A2.6. Tablets and Mobile Devices:

Provide the quantities of tablets and mobile devices within the scope of assessment. Include the make and operating systems of these devices, as they are used for accessing organizational data or services.

A2.7. Networks in Scope:

List all the networks included in the scope of assessment. Specify the names, locations, and purposes of each network used in the organization. This helps identify the network infrastructure that is evaluated as part of the certification process.

A2.7.1. Number of Home Workers:

Indicate the number of employees classified as home workers at the time of the assessment. Home workers are individuals who work remotely or from home.

A2.8. Network Equipment:

Provide a list of network equipment within the scope of assessment, including firewalls and routers. Specify the make and model of each device to give a comprehensive overview of the network infrastructure.

A2.9. Cloud Services:

List all the cloud services utilized by the organization and provided by third-party providers. Include details of IaaS (Infrastructure as a Service), PaaS (Platform as a Service), and SaaS (Software as a Service) offerings used.

A2.10. IT Systems Manager:

Specify the name and role of the person responsible for managing the IT systems covered by the assessment. This helps identify the individual within the organization who is accountable for the management of the assessed IT systems.

By accurately defining the scope of assessment and providing the necessary details, organizations can ensure a comprehensive evaluation for the Cyber Essentials certification process.

For further information and additional guidance, refer to the Cyber Essentials requirements documentation.

Find out more about Periculo Cyber Essentials or contact us