Name: Cyber Essentials Pack
Brand: Ridgeline Cyber Defence
Price: 200 USD
Availability: InStock

Cyber Essentials is a self-assessment. Passing it is a documentation exercise.

The questionnaire is short. The catch is that every "yes" has to be true and you have to be able to show it: a documented firewall standard, a secure-configuration baseline, evidence that updates get applied inside the deadline, accounts that follow least privilege. Most organizations stall not on the controls but on writing down the controls they already half-run.

This pack is that written layer. You answer the IASME self-assessment from a documented position instead of improvising, and you can show your working when a customer or insurer asks.

The five technical controls

What the assessment checks, and the documents in the pack that cover each one.

1

Firewalls and network security

A Firewall and Network Security Policy with a Firewall Rule Review Form to evidence boundary and host firewall configuration over time.

2

Secure configuration

A Secure Configuration Standard for hardened builds across laptops, servers, and mobile, with defaults changed and unnecessary services removed.

3

Security update management

A Patch and Vulnerability Management Policy and Vulnerability Management Procedure with defined timeframes and the records that show updates land on time.

4

User access control

User Access Control and Authentication and Password policies with a joiners, movers, and leavers process, covering least privilege, MFA, and admin separation.

5

Malware protection

A Malware Protection Policy that maps endpoint protection settings directly to what the question set asks you to confirm.

The governance behind the answers

A credible "yes" assumes a program around those controls. The pack carries the policies, registers, and plans that program needs.

Information Security Policy

The apex policy the whole set hangs from, with a Roles and Responsibilities document so ownership is explicit.

Access, devices, and remote work

Acceptable Use, Mobile Device and BYOD, and Home and Remote Working policies, the surface a quick self-assessment glosses over.

Assets and data

An Asset Management Policy with a working Asset Inventory, Data Classification and Handling, and a Retention Schedule.

Incident response and continuity

Incident Response Policy and Plan, a Disaster Recovery Plan, and a Business Continuity Policy, written before you need them.

Suppliers and people

A Supplier Security Policy with a ready questionnaire, plus HR Security and Security Awareness and Training.

Risk and registers

A scored Risk Register, with Privileged Access, System Owners, and Legal and Regulatory Obligations registers.

From documents to a submission you can defend

The pack is built to move you through the assessment in order, then keep you certified.

Step 1 · Map

The Self-Assessment Question Mapping ties each document to the IASME question it answers.

Step 2 · Check

The Readiness Checklist walks the current question set so you find gaps before the assessor does.

Step 3 · Prove

The Implementation Guide and Evidence Pack help you apply each control and assemble what you submit.

Step 4 · Maintain

A Maintenance Calendar and Compliance Matrix make next year's recertification a review, not a rebuild.

What this looks like in practice

A customer contract requires Cyber Essentials

You complete the self-assessment from documented controls and answer the procurement questionnaire the same week, instead of stalling for a fortnight.

An insurer asks how you manage security

You point to the risk register, access controls, and patching records that already exist, rather than writing them under deadline.

You are re-certifying next year

You reopen the same pack, check the maintenance calendar, and refresh the evidence, instead of starting over.

Walk into the self-assessment already able to answer it.

Editable Word and Excel · Worked examples, not placeholders · Buy once, and we send you every future update

What you are actually getting

Every policy is content you can adopt and edit, not a skeleton with "insert text here." The Excel registers and trackers open with sample rows, scoring, and the columns an assessor expects to see. You can read a complete answer before you adapt it to your own organization.

Certification itself is carried out by an IASME-appointed certification body and is not included. This pack gets you ready to pass it the first time.

Who it's for

Organizations going for Cyber Essentials for the first time, anyone re-certifying who would rather not rebuild the evidence every year, and consultants or MSPs who need a consistent, editable baseline to deploy across clients. No prior certification experience is assumed. Every document is written to be read, edited, and used.

Going for the audited tier? The Cyber Essentials Plus Pack is this full set plus the runbooks and evidence for the hands-on assessment.