The mock audit · marked against Cyber Essentials (2025)

Find your gaps before the real audit does.

Ten questions, ten minutes, marked the way an assessor would think. You see your grade without giving an email address. That is the point: the grade is yours, not ours.

Before the paper: two things about you

Assets

People, hardware, software, data. Most gaps hide in the list nobody keeps.

1. Is there a written list of every laptop, phone and server the business uses, updated in the last six months?
2. Have your staff had any cyber awareness training in the past year?

Secure and protect

The locks the auditor will actually rattle.

3. Does every company computer run anti-malware that someone actually checks?
4. When someone leaves the company, is their access switched off within days, every time?

Update

Patched on a schedule you can show, not a habit you describe.

5. Are software updates installed on a schedule you could show on paper?
6. Do you know which of your software is still supported by its maker?

Backup

Backed up, and restored at least once on purpose.

7. Is your essential data backed up automatically?
8. Have you ever tested restoring from that backup?

Respond

The one-page plan for the bad day.

9. If ransomware hit tomorrow at 9am, does everyone know who calls whom first?
10. Is there a written incident plan, even a simple one-pager?

Answered 0 of 10

Marked instantly, on this page. Nothing leaves your browser.

Rather talk it through with a person?

Thirty minutes with a consultant who marks these for a living. Bring the grade, or nothing at all.