Free cyber compliance tools for UK businesses.
UK supply chains are under growing pressure to demonstrate security compliance — but most SMEs can't justify paying a consultant for every questionnaire, policy request, and readiness check. These tools do the heavy lifting, for free.
Each one is built around the questions we hear from suppliers every week: Am I in scope? What do I actually need? How do I prove it? No jargon. No upsell. No obligation.
Saves hours of repeated work
Answer compliance questions once. Stop filling in a bespoke security questionnaire for every customer who asks the same things in a different format.
Free — no consultant needed
Policy templates, readiness checks, scope diagnostics — the tasks SMEs can't cost-justify paying a specialist for. Built for people who aren't security experts.
Built around real supply chain pressure
Every tool is shaped by the questions UK suppliers are actually receiving from large customers — not theoretical frameworks designed for enterprise security teams.
The tools
Five tools covering the compliance challenges UK suppliers face most often. Each one is self-contained — use whichever is relevant to your situation.
Cyber Essentials Readiness Coach
Find out exactly where you stand — before you pay for the test.
Cyber Essentials is the baseline certification UK supply chains ask for, and failing the assessment wastes time and money. This guided self-check maps your current controls against the five Cyber Essentials requirements — firewalls, secure configuration, access control, malware protection, and patch management. It tells you exactly what's failing, how to fix each issue step by step, a rough cost and effort estimate per remediation, and whether you're genuinely ready for the hands-on Cyber Essentials Plus assessment. Effectively a free pre-audit.
What it does
- Mapped to all five Cyber Essentials controls
- Plain-English explanation of every failing area
- Step-by-step remediation guidance per finding
- Cost and effort estimate for each fix
- Clear readiness verdict for Cyber Essentials Plus
Who it's for
Any UK business pursuing Cyber Essentials certification, or facing supply chain pressure to certify.
Am I In Scope? Obligation Diagnostic
Two minutes to know exactly what your customers can actually demand of you.
Most SMEs genuinely don't know what security obligations land on them — and this uncertainty is what gets them in trouble when a large customer sends a questionnaire. Answer a short set of questions about your role in the supply chain — MSP, data centre, critical supplier candidate, or general supplier to a CNI operator — and get a plain-English summary of the obligations that realistically apply to you. Directly via legislation, or indirectly through your customer's contracts. This is the hook that gets suppliers thinking clearly before the pressure arrives.
What it does
- Identifies your specific role in the supply chain
- Maps obligations by legislation and contractual route
- Distinguishes direct vs. trickle-down requirements
- Plain-English output — no statutory jargon
- Flags the questions your customer is likely to ask next
Who it's for
SMEs and suppliers who've received a security questionnaire from a large customer and aren't sure where to start.
Answer Once — Supplier Trust Profile
Build one security profile. Share it with every customer who asks.
Suppliers get hammered with a different bespoke security questionnaire from every large client, each asking essentially the same things in a different format. This tool builds one reusable trust pack — mapped to the common questions and aligned to Cyber Essentials and CAF language — that you can share as a link or export as a document. Answer once, share everywhere. Add a shareable trust badge to your website or include it in a tender response to show customers you take security seriously before they even ask.
What it does
- Single profile mapped to common customer questionnaires
- Aligned to Cyber Essentials and CAF terminology
- Shareable via link or exportable as a PDF
- Trust badge for websites and tender submissions
- Update once — all shared links reflect the change
Who it's for
Any supplier tired of filling in a different bespoke security questionnaire for every customer.
Policy & Playbook Generator
Get your security policies in writing — before your customer asks for them.
Most small suppliers have no written information security policy, incident response plan, or business continuity plan — and their CNI customer is about to ask for all three. Paying a consultant to produce these documents is hard to justify for a small business. A short questionnaire generates tailored, fully editable templates in plain English, covering an information security policy, acceptable use policy, incident response plan, business continuity plan, and data handling policy. Compliant-looking, fast, and built for non-specialists.
What it does
- Information security policy
- Acceptable use policy
- Incident response plan
- Business continuity plan
- Data handling and retention policy
Who it's for
Small suppliers with no formal written policies whose customers are starting to ask for them.
Incident Notification Helper
Something's happened. Who do you tell, by when, and what do you say?
As a supplier you'll often have a contractual duty to notify your CNI customer of a security incident — sometimes within very tight windows. Knowing whether an event actually needs reporting, and to whom, is genuinely hard when you're in the middle of it. Describe what happened and this tool tells you whether it likely needs reporting, who needs to know (your customer, the ICO, or the NCSC), and by when — with a pre-filled notification draft ready to send. No statutory-threshold jargon; just a clear answer when you need it.
What it does
- Quick incident description wizard
- Determines whether reporting is likely required
- Identifies recipients: customer, ICO, NCSC
- Calculates notification deadlines from incident time
- Generates a pre-filled notification draft
Who it's for
Any supplier who has experienced a security incident and needs to understand their notification obligations quickly.
Need help with compliance right now?
Our team can help you work through Cyber Essentials, security policies, supplier questionnaires, and incident notifications directly.