Cyber Essentials Readiness Coach
Find out exactly where you stand — before you pay for the test.
Cyber Essentials is the baseline certification UK supply chains ask for, and failing the assessment wastes time and money. This free guided self-check maps your current controls against the five requirements, tells you what's failing, explains how to fix each issue step by step, and gives you a realistic verdict on whether you're ready for the formal test — including the hands-on Cyber Essentials Plus assessment.
Effectively a free pre-audit, built for non-technical business owners.
How it works
Three steps from start to a clear remediation plan.
Answer the self-check questions
Work through a structured set of yes/no questions for each of the five Cyber Essentials controls. No technical jargon — each question is written in plain English with guidance on what to look for.
See your gap analysis
Each control gets a colour-coded status — pass, partial, or fail — with a plain-English explanation of exactly what is missing or incorrectly configured and why it matters.
Get your remediation plan
For every failing area, the tool generates step-by-step fix instructions, a rough cost and effort estimate, and a verdict on whether you're ready for the formal Cyber Essentials or Cyber Essentials Plus assessment.
What the tool checks
The tool is mapped to all five Cyber Essentials controls. Here's exactly what it assesses in each area.
Firewalls
Boundary firewalls and internet gateways are the first line of defence against external attacks.
- Boundary firewall present and actively managed
- Default admin passwords changed on all devices
- Firewall rules reviewed and unnecessary ports closed
- Remote access restricted and authenticated
- Unapproved inbound connections blocked by default
Secure Configuration
Devices and software should be configured to reduce the attack surface as much as possible.
- Default software and accounts removed or disabled
- Unnecessary applications and features removed
- Auto-run and auto-play disabled
- Screen lock enabled on all devices
- Software firewall enabled on laptops and workstations
Access Control
Only authorised users should have access to systems, and only the access they actually need.
- User accounts created for named individuals only
- Admin accounts used only for administrative tasks
- Multi-factor authentication on internet-facing services
- Password policy meets minimum complexity requirements
- Leavers' accounts disabled or removed promptly
Malware Protection
Protection against viruses and malware should be active and up to date across all devices.
- Anti-malware software installed and active on all devices
- Malware definitions updated automatically
- Email filtering in place for malicious attachments and links
- Web filtering prevents access to known malicious sites
- Malware scans run on a regular schedule
Patch Management
Software and operating systems must be kept up to date to prevent exploitation of known vulnerabilities.
- Operating systems patched within 14 days of release
- Applications and browser plugins kept up to date
- Firmware updates applied to network devices
- Unsupported software identified and removed or isolated
- Automatic updates enabled where possible
Who this tool is for
- Businesses pursuing Cyber Essentials certification for the first time
- Suppliers who have been told by a customer to get certified
- Businesses that failed a previous assessment and want to understand why
- Organisations considering Cyber Essentials Plus who need a pre-assessment
- Anyone unsure which controls they already meet and which they don't
Already need help now?
Our team can run a Cyber Essentials readiness review with you directly — get in touch for a no-obligation conversation.
Talk to our teamReady to check your CE readiness?
The Readiness Coach is free. No credit card, no consultant fees — just a clear picture of where you stand.