Checklist
Cyber Essentials document checklist
You don't need a binder full of policies. You do need a small set of documents that demonstrate intent, process and ownership.
Why document evidence matters
Assessors want to see that controls aren't just technical — that there's a documented process people can follow.
Documents to have ready
- Information security policy
- Acceptable use policy
- Patch and update policy
- Access control / joiners and leavers process
- BYOD policy (if applicable)
- Incident response plan
- Device build / hardening baseline
How Evaud helps
One library
Store policies as evidence with owners and review dates.
Linked to controls
Each document maps to the Cyber Essentials control areas it supports.
Review reminders
Get nudged before review dates lapse.
Frequently asked questions
Start building your Cyber Essentials evidence today.
Free to try. No credit card required.