Checklist
Cyber Essentials scope checklist
Scope is one of the most misunderstood parts of Cyber Essentials. Getting it right makes evidence collection dramatically easier.
Why scope decisions cause confusion
Many SMEs try to scope ‘the whole company’ when they don't need to — or assume something is out of scope when it isn't. Both make assessments harder.
Scope decisions to document
- In-scope users (employees, contractors, BYOD users)
- In-scope laptops, desktops, servers and mobile devices
- Cloud services accessing organisational data
- Sub-set vs whole-company scope decision, with rationale
- Out-of-scope items with justification (segmented, isolated, not used)
How Evaud helps
Asset-level scoping
Mark each asset as in-scope or out-of-scope with notes.
Audit trail
Scope decisions and their reasons are tracked over time.
Cleaner reports
Readiness reports respect scope so out-of-scope assets don't pollute the view.
Frequently asked questions
Start building your Cyber Essentials evidence today.
Free to try. No credit card required.