Is this list official?

No. It's an SME-friendly working checklist. The official requirements come from the Cyber Essentials scheme and your assessor.

What if I'm missing something?

Use the gap as a task and aim to close it before submission.

Start with the asset register and policies — most other evidence references them.

Checklist

Cyber Essentials evidence checklist

Use this checklist as a starting point for the evidence your assessor will expect. It covers the five Cyber Essentials control areas at an SME-friendly level of detail.

Start free See features

Why checklists matter

Most failed Cyber Essentials applications miss one or two pieces of evidence that a checklist would have caught. Working from a single list makes it harder for things to fall through the cracks.

What to gather, by control area

Firewalls: admin screenshots, password change, inbound rules
Secure configuration: device baselines, auto-lock, admin separation
User access: admin list, joiners/leavers, MFA evidence
Malware protection: console coverage report, policy
Patching: patch report, supported OS list, unsupported software plan
Asset register, policies and review notes

How Evaud helps

Built-in checklist

The workspace surfaces what's approved, in progress or missing.

Tasks for gaps

Turn checklist gaps into tasks with owners and due dates.

One source of truth

Evidence is stored, mapped and shared from the same workspace.

Frequently asked questions

Start building your Cyber Essentials evidence today.

Free to try. No credit card required.

Start free Contact us