.svg)
The scope self assessment is a critical aspect of the Cyber Essentials certification process. This security wiki provides information on the scope of assessment and the necessary details to be provided for the certification assessment.
Indicate whether the assessment covers the entire organisation or a specific subset. The scope of the assessment determines the extent to which the organisation's systems and processes are evaluated.
If the assessment does not cover the whole organisation, provide a description of the specific areas or aspects that are excluded from the assessment. This helps clarify the boundaries of the assessment and ensures accurate certification information.
Describe the geographical locations of your business that fall within the scope of the assessment. This can be a broad description or a specific list of locations included in the assessment scope.
Provide a summary of the quantities of laptops, desktops, and virtual desktops within the scope of assessment. Include the respective operating systems of these devices, as they are used for accessing organisational data or services.
Specify the number of thin clients within the scope of assessment, along with their make and operating systems. Thin clients are devices used to connect to organisational data or services remotely.
List the quantities of servers, virtual servers, and virtual server hosts (hypervisors) within the scope. Include the operating system of each server or virtual server. Hypervisors refer to the software or hardware platforms used to create and manage virtual machines.
Provide the quantities of tablets and mobile devices within the scope of assessment. Include the make and operating systems of these devices, as they are used for accessing organisational data or services.
List all the networks included in the scope of assessment. Specify the names, locations, and purposes of each network used in the organisation. This helps identify the network infrastructure that is evaluated as part of the certification process.
Indicate the number of employees classified as home workers at the time of the assessment. Home workers are individuals who work remotely or from home.
Provide a list of network equipment within the scope of assessment, including firewalls and routers. Specify the make and model of each device to give a comprehensive overview of the network infrastructure.
List all the cloud services utilised by the organisation and provided by third-party providers. Include details of IaaS (Infrastructure as a Service), PaaS (Platform as a Service), and SaaS (Software as a Service) offerings used.
Specify the name and role of the person responsible for managing the IT systems covered by the assessment. This helps identify the individual within the organisation who is accountable for the management of the assessed IT systems.
By accurately defining the scope of assessment and providing the necessary details, organisations can ensure a comprehensive evaluation for the Cyber Essentials certification process.
For further information and additional guidance, refer to the Cyber Essentials requirements documentation.
Contact Periculo for expert cyber security solutions tailored to the digital health industry.
