Cyber Essentials Standard

Guided Cyber Essentials Readiness and Compliance

Download Datasheet

Performs The Self-Assessment Required for Cyber Essentials Certification

Compliance Manager GRC is the perfect solution for meeting the requirements of Cyber Essentials as part of your everyday cyber security programme. It allows you to perform a rapid baseline self-assessment against the very same controls specified by the National Cyber Security Centre, and quickly identify any gaps. This helps you get ready for the self-assessment attestation you will need for your annual Cyber Essentials Certification.

Gets You Ready For A “Painless” Third-Party Cyber Essentials Plus Audit

Organisations applying for Cyber Essentials Plus must also pass an on-site or remote assessment, internal vulnerability scans, plus an external vulnerability scan conducted by the certification body. Compliance Manager GRC reduces the likelihood of an audit failure and costly re-audit, by allowing you to perform your own full assessment against the Cyber Essentials requirements, and automatically generating an Auditor’s Checklist and associated evidence of compliance.

Makes Certification Renewal A Snap

Cyber Essentials and Cyber Essentials Plus certificates expire after 12 months, requiring you to recertify annually. As you manage compliance with other standards – and your own IT requirements – Compliance Manager GRC tracks those changes the next time you run an assessment, dramatically reducing the time it takes for recertification.
Featured Product Highlights For This Standard

Compliance Manager GRC allows you to use all of your current IT security tools, software and systems to meet the requirements of The Cyber Essentials framework . . . while you maintain compliance with all your other IT requirements, regardless of source. The built-in Standard Management Template allows you to quickly determine if you can “check the boxes” for every requirement, identifies the gaps, and automatically prepares all of the documents you need to comply with the standard. This gives the organization owner or board the confidence to attest to the responses in your certification form.

Here are a few of the value-added features you get:

  • Rapid Baseline Assessments – Quickly identify gaps required for certification
  • Technical Risk Assessments – Full risk assessment that meets the NYDSF requirements
  • Auditor’s Checklist – Easy access for NYDFS auditors to quickly satisfy their reporting requirements
  • Employee Awareness Training Portal – Tracking and reporting required by the NYDFS
  • Policies & Procedures Manual – Required documentation of everything you need to do;
  • Vendor Risk Management Portal – Required for Third Party Service Provider tracking and documentation
  • Automated Documentation & Storage – Meets the NYDFS Audit Trail requirements for security purposes.
  • VulScan Integration – Satisfies the need for regular scanning and eliminating need for Pen Testing

What’s covered by Cyber Essentials and Cyber Essentials Plus

Assessment and certification should cover the entire IT infrastructure used to perform the business of the Applicant, or if necessary, a well-defined and separately managed sub-set. The requirements apply to all the devices and software that are within the boundary of the scope and that meet the any of these conditions:
  • can accept incoming network connections from untrusted Internet-connected hosts; or
  • can establish user-initiated outbound connections to devices via the Internet; or
  • control the flow of data between any of the above devices and the Internet.

A scope that does not include end-user devices is not acceptable. In addition to mobile or remote devices owned by the organisation, user-owned devices which access organisational data or services (as defined above) are in scope. The default approach is that all corporate or BYOD home working devices used for applicant business purposes within the home location are in scope for Cyber Essentials.


Whether complying with Cyber Essentials, tracking terms of your cyber risk insurance policy, or making sure your own IT policies and procedures are being followed, Compliance Manager GRC helps you Get IT All Done at the same time, and in the same place. No other Compliance Management software gives you this kind of flexibility.


Assuring  Cyber Essentials  compliance – and all your other IT  requirements – is easy with Compliance Manager GRC. You get more work done with less labor, thanks to automated data collection, automated management plans, and automated document generation.


Compliance Manager GRC is affordable, yet boasts the power and functionality most often found in expensive, enterprise-class governance, risk and compliance platforms. Whether you are managing compliance for your own organization, or are an MSP delivering compliance-as-a-service, there’s a sensible subscription for you.

Overcome the Biggest IT Challenges and Responsibilities

  • Reduce Risk
  • Reduce Complexity
  • Save Money
Get a Demo