Home Compliance & Certification

Compliance & Certification

Step-by-step instructions and resources to help you generate compliance evidence, prepare for audits, and meet regulatory requirements.
Sir Stonk
By Sir Stonk
50 articles

Access Request Process Guide

1. Purpose of this Guide This artefact shows that your company has a clear and controlled way to grant, change, and revoke access to systems. Cyber Essentials (and most other standards) want proof that you don’t just hand out accounts like free samples at a mall — every access change is requested, approved, recorded, and revoked properly. This reduces the risk of ex-staff or unauthorised users slipping through the gates. 2. What You Will Submit You will need: - Your Access Request Process document (usually a short policy or procedure doc). - It should outline the steps for: - Requesting new access or role changes - Getting approval - Recording the change - Revoking access when no longer needed - (Optional) A short description, e.g. “This is our company’s official access request procedure, last updated 1 Jul 2025.” 3. How to Collect / Obtain / Generate This Evidence - Use StrongKeep's provided template, which can be found in the document library. - If you don’t have one yet or want to create your own template: 1. Draft a simple 1–2 page document. 2. Include the four key stages: Request → Approval → Recording → Revocation. 3. Make sure to state who is responsible at each stage (manager, approving authority, IT). 4. Evidence Format - Accepted file types: PDF, DOCX, or JPG/PNG screenshot (if your process is in a tool). - Suggested naming format: YourCompanyName_AccessRequestProcess_YYYY-MM-DD.pdf 5. What “Good” Looks Like A strong submission will show: - Clear steps for requesting, approving, recording, and revoking access. - Defined roles (e.g. “Manager requests, HR approves, IT updates inventory”). - Specific details captured (staff name, department, system, role, dates). - Revocation process (important! shows that accounts don’t stay open forever). Why this matters: Auditors want to see that your process isn’t just “ask IT nicely.” It proves you’ve thought about who should have access — and who shouldn’t. 6. Tips - Keep it short and readable — one or two pages is plenty. - Redact personal details if you use a real example (e.g. don’t show actual staff names).

Last updated on Sep 23, 2025

Account Inventory List Guide

1. Purpose of this Guide This artefact proves that your company keeps track of all user accounts across systems. This is vital because it shows you know: - Who has access, - What level of access they have, and - Whether their account is still active or should be closed. It’s your master roll call of accounts — making sure no “ghost logins” sneak past your defences. 2. What You Will Submit You will need: - An Account Inventory List document or spreadsheet. This should include: - Name and username of the account holder - Department / role - Role or account type (e.g. user, admin, read-only) - System accessed - Approved by (who authorised the account) - Date of account creation - Last logon date - Current account status (active, disabled, etc.) - Remarks if relevant (e.g. “required for role,” “temporary account,” etc.) 3. How to Collect / Obtain / Generate This Evidence - Use StrongKeep's template, which can be found in the document library. - List each system your staff use (email, HR, cloud tools, developer platforms, etc.). - Record the required fields for each account, where possible. - Keep this updated — add new hires, remove leavers. - Export or save a copy (XLSX or PDF). - If you use an IT management tool (e.g. Microsoft 365 Admin Center, Google Workspace Admin Console, AWS IAM, Atlassian, GitLab), you can export a list of users and roles, then combine these into a single master file. - If you don’t yet have a consolidated list: 1. Create a new spreadsheet. 2. List each system your staff use (email, HR, cloud tools, developer platforms, etc.). 3. Record the required fields for each account as listed above. 4. Keep this updated — add new hires, remove leavers. 4. Evidence Format - Accepted file types: XLSX, CSV, or PDF. - Suggested naming format: YourCompanyName_AccountInventoryList_YYYY-MM-DD.xlsx 5. What “Good” Looks Like A strong submission will show: - Comprehensive coverage (all systems and accounts, not just email). - Up-to-date logon dates — proves accounts are actively reviewed. - Clear status (active, disabled, revoked) so auditors see you manage leavers. - Approval trail — someone authorised each account. Why this matters: Auditors want assurance that accounts aren’t created ad hoc, and that dormant or risky accounts don’t linger. 6. Tips - Update your inventory at least quarterly — stale records weaken your evidence. - Shared accounts (e.g. admin@company.com) should be minimised and well justified — note why they exist. - Redact sensitive notes before uploading (e.g. internal comments that don’t add value to the evidence).

Last updated on Oct 06, 2025

Admin Account Screenshot Guide

1. Purpose of this Guide This artefact proves that admin rights aren’t handed out like free samples. It shows that any administrator account access was: - Properly requested, - Approved by senior management, and - Documented with oversight. Admin accounts are the “master keys” of your systems — if they fall into the wrong hands, dragons get in. 2. What You Will Submit You will need: - A screenshot that shows administrator account approval. - The screenshot must clearly display: - The admin account being created/assigned. - The approval or authorisation trail (e.g. manager approval, ticket approval, or workflow confirmation). - Context that ties the account to a legitimate business purpose. 3. How to Collect / Obtain / Generate This Evidence Here are some common ways to capture the right screenshot: Microsoft 365 / Azure AD (Entra): 1. Go to Microsoft Entra Admin Center → Users. 2. Select the user → check Roles and administrators. 3. Screenshot the page showing the Global admin / privileged role assignment. 4. If approval was logged in your ticketing/email system (e.g. ServiceNow, Jira, Outlook), screenshot the approval note or email. Google Workspace: 1. Log into Google Admin Console → Directory → Users. 2. Select the user → open Admin roles and privileges. 3. Screenshot the role assignment with timestamp. 4. If approval was logged in your ticketing/email system (e.g. ServiceNow, Jira, Outlook), screenshot the approval note or email. AWS IAM: 1. Log into AWS Console → IAM → Users. 2. Select a user with AdministratorAccess policy. 3. Screenshot the attached policy and creation/modification date. 4. If approval was logged in your ticketing/email system (e.g. ServiceNow, Jira, Outlook), screenshot the approval note or email. Other systems (Atlassian, GitLab, etc.): - Go into the system’s user management / role assignment screen. - Take a screenshot showing admin rights and approval/authorisation notes. 4. Evidence Format - Accepted file types: PNG, JPG, PDF. - Suggested naming format: YourCompanyName_AdminAccountApproval_YYYY-MM-DD.png Example: AcmeCorp_AdminAccountApproval_2025-07-01.png 5. What “Good” Looks Like A strong submission will include: - The specific admin account (username visible). - The system or tool (e.g. Microsoft 365, AWS, Atlassian). - Proof of approval (manager or senior-level authorisation). - A date/timestamp to show recency. Why this matters: Auditors want to see that admin rights weren’t just quietly granted by IT — but signed off at the right level. 6. Tips - Redact sensitive info before uploading (e.g. personal email addresses, full internal ticket numbers). - Pair the screenshot with an approval note or workflow log if the system doesn’t show approval inline. - Keep screenshots recent (within the audit cycle) to prove the process is active, not just historic.

Last updated on Sep 23, 2025

Antivirus Agent Logs Guide

1. Purpose of this Guide This artefact proves that all your company’s devices are actively protected by anti-virus or endpoint detection and response (EDR) software. Cyber Essentials demands proof that: - Anti-malware tools are installed on every endpoint. - Agents are deployed and reporting in. - Connection status and updates are monitored. Think of it as your “shield wall” — showing no device is left exposed. 2. What You Will Submit You will need: - A screenshot from your anti-virus / EDR system showing: - A list of protected devices (endpoint inventory). - Their status (active, installed, connected, last check-in). - Agent version or update status. - Examples of suitable systems: Palo Alto Cortex XDR, Microsoft Defender for Endpoint, CrowdStrike, SentinelOne, Sophos Central, Kaspersky, Avast Business. 3. How to Collect / Obtain / Generate This Evidence Palo Alto Cortex XDR (bundled with StrongKeep): 1. Navigate to PROTECTION > ENDPOINTS in your StrongKeep dashboard 2. Capture a screenshot showing: - Endpoint names, timestamps, and policy actions. - Status (Success, Informational, High severity alerts). - Agent version. Microsoft Defender for Endpoint (included with Microsoft 365 Business Premium): 1. Go to the Microsoft 365 Security & Compliance Center → Endpoints → Device inventory. 2. Filter the view to show all registered devices. 3. Capture a screenshot that includes: - Device names (showing multiple endpoints) - Antivirus/EDR status (Active, Healthy, Not reporting) - Last seen or last update time - Agent version (if visible) Sophos Central: 1. Log in to the Sophos Central Admin Console. 2. Navigate to Devices. 3. Take a screenshot showing: - Device list with user/hostname - Protection status (green ticks for healthy devices) - Last check-in time - Policy compliance status (enabled, disabled, out of date) CrowdStrike Falcon: 1. Log in to the CrowdStrike Falcon Console. 2. Go to Host Management → Host setup. 3. Screenshot the table that shows: - Hostname / user - Sensor version - Last seen timestamp - Connection status (Online, Offline) 4. Evidence Format - Accepted file types: PNG, JPG, PDF. - Suggested naming format: YourCompanyName_AntivirusAgentLogs_YYYY-MM-DD.png 5. What “Good” Looks Like - Visible endpoint names (shows coverage across multiple devices). - Agent status (installed, active, last logon, last update). - Version number or timestamp (to prove agents are current). - Clear evidence of monitoring/alerts (audit logs or dashboards). Why this matters: auditors want to see that you’re not just relying on “we think it’s installed” — but that there’s proof in the logs. 6. Tips - Redact sensitive details (e.g. usernames, hostnames) if needed. - Make sure the screenshot is recent — ideally within the last 3 months. - Capture enough rows/devices to show broad coverage, not just one machine.

Last updated on Sep 22, 2025

Antivirus Screenshot Guide

1. Purpose of this Guide This artefact shows that endpoints are actively protected by anti-virus (also known as anti-malware or Endpoint Detection & Response). Most compliance standards requires evidence that: - Anti-malware tools are installed and running, - Agents are deployed across company devices, and - Status is visible and monitored. It’s your digital health check — proving your systems are protected, connected, and up to date. 2. What You Will Submit You will need: - A screenshot from your anti-virus or endpoint protection system showing: - Device/endpoint coverage (inventory list). - Protection status (Protected, Active, Connected). - Agent version installed. - Last check-in time (to prove recency). 3. How to Collect / Obtain / Generate This Evidence Using StrongKeep: 1. Navigate to PROTECTION > ENDPOINTS > MANAGEMENT on StrongKeep dashboard 2. Generate a report or take a screenshot of the page. Palo Alto Cortex XDR: 1. Open the Cortex XDR agent on the endpoint. 2. Ensure the status shows “Protected”, version number, and last check-in. 3. Capture a screenshot of this view. Microsoft Defender for Endpoint: 1. Go to the Microsoft 365 Security Portal → Endpoints → Device inventory. 2. Show the list of devices with status “Active/Healthy.” 3. Take a screenshot including device names, status, and last seen. Sophos Central: 1. Log in to the Sophos Central Admin Console. 2. Go to Devices and view the device list. 3. Screenshot showing user/device name, protection status (green tick), and last check-in. CrowdStrike Falcon: 1. Log into the CrowdStrike Falcon Console. 2. Go to Hosts → Host Management. 3. Screenshot showing hostnames, sensor version, last seen, and protection state. 4. Evidence Format - Accepted file types: PNG, JPG, PDF. - Suggested naming format: YourCompanyName_AntivirusScreenshot_YYYY-MM-DD.png 5. What “Good” Looks Like - Screenshot clearly shows “Protected/Active” status. - Version number and last check-in time visible. - Covers multiple endpoints (not just one, if possible). - Demonstrates the tool is running and current. Why it matters: auditors want more than “we installed AV once” — they need proof it’s live, monitored, and protecting your company right now. 6. Tips - Make sure the screenshot is recent (within 3 months). - Redact sensitive hostnames or emails before uploading. - If you use multiple tools (e.g. Defender + Cortex XDR), pick one as your primary screenshot for clarity.

Last updated on Sep 23, 2025

Application Control List Guide

1. Purpose of this Guide This artefact proves your company has rules about what software and file types are allowed (and which are banned). Cyber Essentials requires this because unmanaged or dodgy apps are a common way malware sneaks in. A written Application Control List is your “spellbook of allowed tools” — helping staff know what’s safe, and showing auditors you’ve locked the gates. 2. What You Will Submit You will need: - Your Application Control List document or template (Word, PDF, or spreadsheet). - It should clearly state: - The objective (why this policy exists). - Scope (who it applies to — employees, contractors, systems). - How authorised software is managed (e.g. via IT, MDM, or endpoint tools). - Which software and file types are prohibited (e.g. torrents, pirated software, .exe attachments, password-protected zips). - Version history showing reviews/updates. 3. How to Collect / Obtain / Generate This Evidence Using StrongKeep's Policy Template - If you already using StrongKeep's application control policy, edit it as required and export it to PDF. - If you’re starting fresh: 1. Open the provided Application Control List Template. 2. Fill in your company name, version history, and review date. 3. List approved/authorised software (or state “all not-prohibited software is allowed”). 4. List prohibited software and file types — include common risky items (torrents, pirated apps, third-party app stores, executable attachments). 5. Save the document and circulate to staff. Using Mobile Device Management Software If you are using a Mobile or Endpoint Device Management software to standardise controls and configuration across your organisation, you can implement an application control policy via that tool. Microsoft Intune (Endpoint Manager) 1. Log in to Microsoft Endpoint Manager admin center. 2. Go to Apps → App protection policies. 3. Open the relevant policy → Screenshot the section showing restricted apps or allowed apps. Google Endpoint Management: 1. Open Google Admin Console → Devices → Settings → Apps & Extensions. 2. Select the organisational unit. 3. Screenshot the policies showing which apps are allowed or blocked. 4. Evidence Format - Accepted file types: PNG, JPG, DOCX, PDF, XLSX. - Suggested naming format: YourCompanyName_ApplicationControlList_YYYY-MM-DD.pdf 5. What “Good” Looks Like - Document is clear and specific — not vague statements like “don’t install bad software.” - Includes both authorised and prohibited categories. - Version and review dates are present — shows it’s maintained, not abandoned. - Covers both software and attachments/file types. Why this matters: auditors want to see not just that you thought about risky apps, but that you’ve formally documented and communicated it. 6. Tips - Keep the prohibited list practical — too many entries makes it unreadable. - Update this document at least annually or when new risks arise. - Pair it with your Endpoint/MDM settings if you use them — consistency matters.

Last updated on Sep 23, 2025

Asset Inventory List Guide

1. Purpose of this Guide This artefact shows your company has a complete and accurate inventory of IT assets — devices, systems, and accounts. Most cyber compliance standards require this because you can’t secure what you don’t know exists. An Asset Inventory makes sure no laptops, servers, or cloud accounts slip under the radar. 2. What You Will Submit You will need: - Your Asset Inventory List document or spreadsheet. - It should capture details such as: - Asset name (device, account, or system). - Owner/assigned user. - Department / role. - Asset type (laptop, phone, server, software licence, cloud account). - System or service linked to the asset. - Approval / assigned by. - Date created or assigned. - Last used / last logon date. - Status (active, inactive, decommissioned). - Remarks (e.g. “required for role,” “shared account,” “spare laptop”). 3. How to Collect / Obtain / Generate This Evidence - If you already track assets using a tool: - Export your inventory from your IT management system (e.g. Intune, Jamf, Google Admin, AWS Console) into Excel/PDF. - If you wish to track assets using a template: 1. Use the StrongKeep template, or create a new spreadsheet. 2. List all devices (laptops, desktops, servers, mobile phones, tablets). 3. Add all cloud systems or major SaaS accounts (e.g. Microsoft 365, Google Workspace, AWS, GitHub). 4. Fill in the key details listed above. 5. Update the file regularly — especially when new assets are bought or staff leave. 4. Evidence Format - Accepted file types: XLSX, CSV, or PDF. - Suggested naming format: YourCompanyName_AssetInventory_YYYY-MM-DD.xlsx 5. What “Good” Looks Like - Covers all major asset categories (devices, software, cloud). - Shows ownership/accountability (each asset tied to a person/role). - Status field clearly marks assets as active/inactive/retired. - Regularly updated with last activity dates (not just a one-off snapshot). Why it matters: auditors want confidence you know exactly what tech you own and use — no forgotten laptops or abandoned accounts floating about. 6. Tips - Keep shared assets to a minimum and note the justification. - Tag decommissioned assets clearly — don’t just delete them. - Review your inventory quarterly to keep it sharp and up to date.

Last updated on Sep 23, 2025

Asset Onboarding and Removal Process Guide

1. Purpose of this Guide This artefact demonstrates that your company has a formal process for introducing and retiring IT assets. Compliance standards require this because assets (like laptops, servers, or phones) need to be approved, tracked, and securely removed — not left floating around where they could pose a risk. 2. What You Will Submit You will need: - Your documented Asset Onboarding and Removal Process (policy or procedure). - It should cover: - How new assets (e.g. laptops, phones, software licences) are requested and approved. - How asset details are recorded (e.g. make, model, serial number, assigned owner). - The authorisation workflow (who signs off). - How decommissioned assets are securely removed (data wiped, hardware recycled, accounts closed). - Example forms or emails showing real approvals. 3. How to Collect / Obtain / Generate This Evidence - If you already maintain this process: - Export the policy/procedure to PDF or Word. - Include references to the forms/templates you use (e.g. onboarding authorisation forms, removal checklists). - If you don’t have one yet: 1. Start with the Asset Onboarding and Removal Process Template provided in StrongKeep. 2. Document the steps for: - Onboarding: request → approval → record entry in asset inventory. - During lifecycle: periodic review of ownership and use. - Removal: manager request → approval → data sanitisation/disposal → update inventory. 3. Attach or reference samples of the actual approvals (like a signed authorisation form or an email approval screenshot) to show the workflow in action. 4. Save the document in PDF/DOCX format. 4. Evidence Format - Accepted file types: DOCX, PDF, JPG. - Suggested naming format: YourCompanyName_AssetOnboardingRemovalProcess_YYYY-MM-DD.pdf 5. What “Good” Looks Like - Clearly written steps for both onboarding and removal. - Defined approval roles (e.g. Product Manager, CEO, IT Manager). - Integration with your Asset Inventory List (so assets aren’t tracked in isolation). - Secure removal procedures (data wiping, hardware disposal, account deactivation). Why this matters: auditors want confidence that assets don’t just appear or disappear without oversight, creating gaps in security. 6. Tips - Include a form or checklist for both onboarding and removal — auditors love seeing evidence of real approvals. - If you outsource disposal (e.g. to an e-waste vendor), keep the disposal certificates. - Review the process yearly to make sure it reflects your current IT setup.

Last updated on Sep 23, 2025

Auto Software Updates Screenshot Guide

1. Purpose of this Guide This artefact demonstrates that your company’s devices are set to automatically install security updates, patches, and fixes. Cyber compliance requires this because attackers often exploit unpatched systems — turning “patch later” into “breach now.” Automatic updates are your armour polish: they keep your systems shining and secure without relying on memory or manual effort. 2. What You Will Submit You will need: - A screenshot showing automatic update settings enabled. - This must clearly display: - The operating system (Windows, macOS, Linux). - That automatic updates are turned on. - (If possible) Confirmation that app and anti-malware updates are also enabled. 3. How to Collect / Obtain / Generate This Evidence macOS: 1. Open System Settings → General → Software Update. 2. Ensure Automatic Updates is enabled (OS updates + security responses). 3. Screenshot this settings page. Windows 10/11: 1. Go to Settings → Update & Security → Windows Update. 2. Ensure “Receive updates automatically” or “Check for updates → Advanced Options” is set to automatic. 3. Take a screenshot showing the toggle enabled. Linux (Ubuntu example): 1. Open Software & Updates → Updates tab. 2. Ensure Automatic updates and security patches are enabled. 3. Capture a screenshot of the settings. Anti-malware / Endpoint Protection (e.g., Microsoft Defender, Sophos, CrowdStrike): - Go to update or policy settings. - Screenshot showing auto-updates for virus signatures and security definitions. 4. Evidence Format - Accepted file types: PNG, JPG, PDF. - Suggested naming format: YourCompanyName_AutoUpdates_YYYY-MM-DD.png 5. What “Good” Looks Like - Screenshot shows auto-updates enabled, not manual only. - Covers OS and security patches (not just optional feature updates). - Settings are clearly labelled so auditors know the screenshot is genuine. Why it matters: auditors want to see your machines won’t miss critical security patches if someone forgets to click “Update now.” 6. Tips - Capture the setting from a real, in-use device. - Redact personal info (like user account names) if it appears. - For best coverage, include both OS and anti-malware auto-update screenshots.

Last updated on Sep 23, 2025

Autorun Disabled Configuration Guide

1. Purpose of this Guide This artefact shows that your company has disabled autorun and auto-launch features on devices. Cyber compliance requires this because malware often relies on auto-execution (e.g. USB autorun, startup scripts) to sneak in. By turning this off, you close a common attack path and prove your devices are hardened. 2. What You Will Submit You will need: - A screenshot from your device settings showing autorun or startup programs disabled. - This should clearly show: - No items set to auto-launch at login/startup, OR - A system control panel / configuration window confirming autorun is blocked. 3. How to Collect / Obtain / Generate This Evidence macOS: 1. Open System Settings → General → Login Items & Extensions. 2. Confirm the list is empty (or shows only security-critical apps). 3. Take a screenshot of the panel. Windows 10/11: 1. Press Ctrl + Shift + Esc to open Task Manager. 2. Go to the Startup tab. 3. Ensure non-essential apps are disabled (status shows “Disabled”). 4. Take a screenshot showing the list. Linux (Ubuntu example): 1. Open Startup Applications (from Activities search). 2. Ensure no risky/unnecessary programs are set to auto-start. 3. Take a screenshot of the empty or minimal list. MDM / Centralised Management (Intune, Jamf, Workspace ONE): - Navigate to device configuration profiles. - Show the policy that enforces “disable autorun” or controls startup apps. - Capture a screenshot of the applied policy. 4. Evidence Format - Accepted file types: PNG, JPG, PDF. - Suggested naming format: YourCompanyName_AutorunDisabled_YYYY-MM-DD.png 5. What “Good” Looks Like - Screenshot clearly shows no unnecessary startup apps. - If a startup app is present, it must be business-critical (e.g. antivirus, backup agent). - Settings panel is labelled (so auditors can see it’s from the system itself). Why it matters: auditors want assurance that malware or unauthorised apps can’t sneak in through auto-run. 6. Tips - Redact usernames if they appear in the screenshot. - For Windows, disable “OneDrive auto-launch” if not required — auditors often check this. - Take the screenshot from a real, actively used device — not just a test VM.

Last updated on Sep 23, 2025

Backup Automation Guide

1. Purpose of this Guide This artefact demonstrates that your company has automated backup schedules in place, even for non-critical systems. Compliance auditors want to see that data protection isn’t left to chance — backups are configured, running regularly, and not just manually triggered when someone remembers. 2. What You Will Submit You will need: - A screenshot from your backup solution showing: - The system or dataset being backed up. - The backup frequency (e.g. daily, weekly, monthly). - The schedule or automation settings. - (Optional but strong) recent backup job completion status. 3. How to Collect / Obtain / Generate This Evidence Microsoft 365 / OneDrive / SharePoint: 1. Go to the Microsoft 365 Admin Center. 2. Under Settings → Security & Privacy → Backup, review configured backup policies. 3. Screenshot the page showing backup automation (frequency, retention). Google Workspace: 1. Open the Google Admin Console. 2. Navigate to Apps → Google Workspace → Drive and Docs → Backup & Retention. 3. Screenshot the settings showing automatic backups or retention rules. AWS Backup (for EC2, RDS, DynamoDB, etc.): 1. Log in to the AWS Console. 2. Open AWS Backup → Backup Plans. 3. Select the relevant plan and screenshot the schedule (frequency, backup vault, lifecycle). Other popular SMB backup solutions: - Acronis Cyber Protect: Go to Backup Plans → Screenshot the schedule and status. - Veeam Backup & Replication: Open the console → Jobs → Backup Job Properties → Screenshot the schedule tab. - Datto / MSP solutions: Navigate to Backup Management → Device Settings → Capture automation schedule. 4. Evidence Format - Accepted file types: PNG, JPG, PDF. - Suggested naming format: YourCompanyName_BackupAutomation_YYYY-MM-DD.png 5. What “Good” Looks Like - Screenshot shows automation clearly configured (not just a manual backup). - System or dataset identified (so it’s clear what’s being backed up). - Frequency visible (daily, weekly, monthly). - Timestamp or last run info (to prove the schedule is active). Why it matters: auditors want to see that backups are happening by design, not by accident. 6. Tips - Avoid screenshots of blank or inactive schedules — that will be flagged as insufficient. - Show at least one completed job in the logs if possible, to prove it’s not theoretical. - Redact sensitive system names if needed before uploading.

Last updated on Sep 22, 2025

Business Critical Data Inventory List Guide

1. Purpose of this Guide This artefact proves that your company has identified and catalogued its most valuable data — the crown jewels. Cyber Essentials requires this because without knowing what your critical data is, you can’t protect it. An inventory ensures sensitive data is properly safeguarded, backed up, and only accessible to those who need it. 2. What You Will Submit You will need: - Your Business-Critical Data Inventory List document or spreadsheet. - It should include: - Data type/category (e.g. customer PII, financial records, health data, intellectual property). - Location (where it’s stored — e.g. local server, AWS S3, M365 SharePoint). - Data owner (department or role responsible). - Sensitivity/criticality rating (e.g. High/Medium/Low). - Access permissions (who can view/edit). - Backup method/frequency. - Retention or disposal schedule. 3. How to Collect / Obtain / Generate This Evidence - If you already manage a data register: - Export your document into XLSX or PDF. - Ensure it includes both business value and security handling details. - If starting from scratch: 1. Use the Business Critical Data Inventory List Template from StrongKeep . 2. List each category of business-critical data (start with customer, financial, HR, legal/compliance). 3. For each, capture its location, owner, access rights, backup method, and retention period. 4. Review the list quarterly and after major business/IT changes. 4. Evidence Format - Accepted file types: XLSX, CSV, PDF. - Suggested naming format: YourCompanyName_DataInventory_YYYY-MM-DD.xlsx 5. What “Good” Looks Like - Covers all major categories of business-critical data. - Assigns owners and responsibilities (no orphaned data). - Shows security controls (restricted access, backups, retention). - Updated regularly, not a one-time snapshot. Why it matters: auditors want to see that you know where sensitive data lives, who touches it, and how it’s protected. 6. Tips - Use consistent sensitivity labels (e.g. Confidential / Restricted / Public). - Cross-reference this inventory with your backup records and asset inventory. - If outsourcing storage (e.g. cloud), make sure the service and backup responsibilities are clearly noted.

Last updated on Sep 23, 2025

Business Critical Data Protection Guide

1. Purpose of this Guide This artefact proves that your organisation’s most valuable data — customer records, financial systems, intellectual property — is properly safeguarded. Cyber Essentials requires this because it’s not enough to know what critical data you have (that’s covered by your Inventory List); you must also show it’s protected by technical controls like encryption, access management, and secure backups. 2. What You Will Submit You will need: - A screenshot showing protection measures applied to business-critical data. - Acceptable evidence sources include: - Encryption settings enabled (e.g. BitLocker, FileVault, AWS KMS). - Access controls (e.g. user permission matrix, restricted folders). - Backup protection (e.g. immutable backups, retention policies, MFA for restores). - The screenshot should show: - Service or system name. - Security control in action (enabled/active). - Timestamp or version (to prove recency). 3. How to Collect / Obtain / Generate This Evidence Operating System Encryption: - Windows: Open Control Panel → BitLocker Drive Encryption → Screenshot showing BitLocker “On” for system drives. - macOS: Go to System Settings → Security & Privacy → FileVault → Screenshot showing FileVault “On.” Cloud Storage (SharePoint / Google Drive): - SharePoint (Microsoft 365): 1. Open the Microsoft 365 Security & Compliance Center. 2. Go to Information Protection → Sensitivity Labels / Retention Policies. 3. Screenshot showing that sensitive SharePoint sites are labelled as Confidential/Restricted and covered by retention/encryption policies. 4. Alternatively, open a specific SharePoint site → Settings → Site Permissions and capture the restricted access list (only specific groups/users can access). - Google Drive (Google Workspace): 1. Open the Google Admin Console. 2. Navigate to Apps → Google Workspace → Drive and Docs → Sharing Settings. 3. Screenshot showing restricted sharing settings (e.g. only internal users, restricted external sharing). 4. For critical folders, open Google Drive → File/Folder → View details → Manage Access and screenshot the limited permissions (only authorised users, no public links). Database Protection (e.g. MongoDB Atlas, AWS RDS): 1. Open the database console. 2. Navigate to Security → Encryption or Backups. 3. Screenshot showing “Encryption at Rest” enabled and access restricted. Backup Protection: - Microsoft 365: Open Compliance Center → Information Protection → Retention Policies → Screenshot showing critical data under retention lock. - Google Workspace: Use Vault (if licensed) → Screenshot showing retention rules applied to Drive content. 4. Evidence Format - Accepted file types: PNG, JPG, PDF. - Suggested naming format: YourCompanyName_DataProtection_YYYY-MM-DD.png Example: AcmeCorp_DataProtection_2025-07-01.png 5. What “Good” Looks Like - Control is enabled and visible (not just a greyed-out option). - Screenshot clearly shows encryption, access restriction, or backup immutability. - Includes timestamps, policy names, or system identifiers. - Demonstrates protection for critical, not just general, data. Why it matters: auditors need to see more than a policy statement — they want real proof that security controls are switched on and active. 6. Tips - Redact sensitive names (e.g. database IDs, customer names) before uploading. - Pair multiple screenshots if needed (e.g. one showing encryption, one showing backup immutability). - Update your evidence at least annually — stale screenshots may be rejected.

Last updated on Sep 23, 2025

Cloud Backup Service Guide

1. Purpose of this Guide This artefact shows that your company is using cloud provider backup services to protect data. Cyber Essentials requires this because relying on the cloud alone is not enough — you must prove backups are configured, running, and monitored. This evidence demonstrates that data stored in SaaS, PaaS, or cloud systems is recoverable in case of failure, corruption, or cyberattack. 2. What You Will Submit You will need: - A screenshot from your cloud provider’s backup or version control feature. - Acceptable sources include: - Database snapshots (e.g. MongoDB Atlas, AWS RDS). - File storage version history (e.g. SharePoint, Google Drive, Dropbox). - Source code repository history (e.g. GitLab, GitHub). - Screenshot should clearly show: - Service name and environment (e.g. “MongoDB Atlas → Backups”). - Backup schedule or snapshot list (timestamps, frequency). - Retention policy (e.g. 7 days, 30 days). 3. How to Collect / Obtain / Generate This Evidence SharePoint / OneDrive (File storage): 1. Navigate to a critical document in SharePoint. 2. Open Version history. 3. Screenshot showing multiple saved versions with dates, sizes, and user IDs. Google Workspace / Drive: 1. Right-click on a business-critical file → choose Version history. 2. Screenshot with dates and editors displayed. GitLab / GitHub (Code repositories): 1. Open your repository → Commits page. 2. Screenshot the commit log showing date, author, and version history. AWS Backup / RDS / S3: 1. In AWS Console, go to AWS Backup. 2. Open your Backup Plans or Vaults. 3. Screenshot showing policy schedule and completed backup jobs. MongoDB Atlas (Database backups): 1. Log in to MongoDB Atlas Console. 2. Select the cluster → open Backups tab. 3. Screenshot showing snapshot schedule and retention (e.g. daily/hourly). 4. Evidence Format - Accepted file types: PNG, JPG, PDF. - Suggested naming format: YourCompanyName_CloudBackupService_YYYY-MM-DD.png 5. What “Good” Looks Like - Screenshot shows real, configured backups — not just a blank page. - Includes timestamps and frequency/retention details. - Identifies the cloud service name (e.g. AWS, MongoDB, SharePoint). - Shows multiple entries/versions to prove continuity. Why it matters: auditors want to confirm that cloud-stored data isn’t just “assumed safe,” but actively protected by provider tools with your oversight. 6. Tips - Always redact sensitive project or database names before uploading. - Pair multiple screenshots if needed (e.g. one from DB, one from SaaS). - Review provider SLAs — some cloud services don’t back up by default.

Last updated on Sep 23, 2025

Cloud Logging Guide

1. Purpose of this Guide This screenshot demonstrates that your organisation enables and retains logging of system activities on cloud platforms. 2. What You Will Submit A screenshot of a cloud logging dashboard that shows: - The cloud system (e.g. Microsoft Entra ID, Google Admin, AWS, GitHub) - Actual log entries with timestamps and event types - (Optional) Filters applied, such as "Security Events", "Admin Actions", "Sign-ins" 3. How to Obtain This Screenshot A. Microsoft 365 (Entra ID / Defender) 1. Go to https://entra.microsoft.com 2. Navigate to Monitoring > Sign-in Logs or Audit Logs 3. Ensure the view shows: - Timestamps - Username or Object (blur if needed) - Action performed (e.g. sign-in, password change) 4. Take a screenshot showing at least 5 log entries Bonus: Filter for a time range (e.g. "Last 7 days") or event types ("Admin", "Conditional Access") B. Google Workspace (Admin Console) 1. Go to https://admin.google.com 2. Navigate to Reporting > Audit log > Admin / Drive / Login 3. Filter by event type or username 4. Screenshot should show: - List of recent logged actions - Timestamp - Event type - Targeted user or object Best: Use the "Audit log – Admin" or “Login log” view C. AWS CloudTrail 1. Go to CloudTrail > Event history 2. Filter for "ReadOnly: false" or specific service (e.g. IAM) 3. Screenshot should show: - Event time - Event name (e.g. CreateUser, ConsoleLogin) - Username or ARN - Source IP 4. Accepted File Format - ✅ PNG, JPG, or PDF - ✅ Suggested filename: YourCompany_CloudLoggingScreenshot_20250701.png 5. What Good Evidence Looks Like

Last updated on Sep 25, 2025

Physical Hard Disk Backup Guide

1. Purpose of this Guide This artefact proves your organisation keeps a physical copy of cloud data on hard disks. Cyber Essentials requires this because cloud providers operate on a “shared responsibility model”: they protect their platform, but you’re responsible for your own data. Maintaining physical backups ensures your critical cloud-hosted data can be recovered even if the provider’s backups fail. 2. What You Will Submit You will need: - A screenshot or photo showing cloud data being backed up to a physical hard disk (USB, NAS, or external drive). - Evidence should show: - The backup software or export tool in use. - Destination drive (external HDD/NAS). - Timestamp or job history proving recent backups. 3. How to Collect / Obtain / Generate This Evidence Microsoft 365 / SharePoint / OneDrive: 1. Use the OneDrive/SharePoint sync client to download files to a local drive. 2. Connect an external HDD or NAS. 3. Run a copy/export job (e.g. robocopy or sync tool). 4. Screenshot the file explorer view showing business-critical folders saved to the external drive. Google Workspace (Google Drive): 1. Use Google Drive for Desktop to sync data locally. 2. Connect an external HDD. 3. Copy the synced folders to the drive. 4. Screenshot the copy process or the final drive contents with recent timestamps. AWS / Cloud databases (e.g. RDS, S3): 1. Export snapshots or object storage data locally. 2. Save them to an encrypted external disk. 3. Screenshot the backup job report showing data written to the physical storage device. Backup tools (Acronis, Veeam, Synology, etc.): - Show the backup console with the external HDD/NAS as a target. - Screenshot the schedule and last completed backup status. 4. Evidence Format - Accepted file types: PNG, JPG, PDF. - Suggested naming format: YourCompanyName_PhysicalBackup_YYYY-MM-DD.png 5. What “Good” Looks Like - Screenshot or photo clearly shows: - External hard disk/NAS target. - Backup schedule or completion log. - Timestamp (to prove backups are current). - Links the cloud data source (e.g. SharePoint, Google Drive, AWS) to the physical disk storage. Why it matters: auditors want to confirm you can recover from a cloud outage without depending solely on the CSP’s internal backups. 6. Tips - Encrypt the external drive and store it securely (locked cabinet or offsite). - Keep at least two rotating drives — one in use, one stored offsite. - Redact any sensitive filenames before uploading screenshots.

Last updated on Sep 23, 2025

Crisis Communications Guide

1. Purpose of this Guide This artefact demonstrates that your company has a plan for who communicates what, when, and to whom during a cyber incident. Cyber Essentials requires this because confusion and silence during a crisis cause as much damage as the incident itself. A documented timeline and comms plan ensures staff, management, regulators, and customers get the right message at the right time. 2. What You Will Submit You will need: - A Crisis Communications and Timeline document (Word, PDF, or spreadsheet). - It should include: - Key contacts (Incident Lead, Comms Lead, CEO, Legal, IT). - Communication channels (email, phone, Teams/Slack, press release). - Escalation steps (who is told first, who is told next). - Incident timeline template (time of detection, first comms, regulator notification, customer updates). 3. How to Collect / Obtain / Generate This Evidence - If starting from scratch: 1. Use StrongKeep's Crisis Communications Template (in the Incident Response Plan). 2. Fill in: - Roles: e.g. CEO (public spokesperson), Comms Lead (drafts announcements), IT Manager (technical updates), Secretary (logs comms). - Timeline markers: Detection → Internal staff alert → Executive team alert → Regulator notified → Customer notification → Post-incident briefing. - Message library: Draft templates for “Initial Detection,” “Containment in Progress,” “Resolution,” and “Follow-up.” 3. Save the file with version history and circulate to management. - If you already have an existing Incident Response Plan (IRP): - Extract or reference the communications and timeline section into a standalone document. - Ensure roles and contacts are current. 4. Evidence Format - Accepted file types: DOCX, PDF, XLSX. - Suggested naming format: YourCompanyName_CrisisCommsTimeline_YYYY-MM-DD.pdf 5. What “Good” Looks Like - Clear roles and responsibilities (no confusion about who speaks). - Defined timeline with escalation points. - Message templates prepared in advance (not written in panic). - Version control showing the plan is updated regularly. Why it matters: auditors want to see that communication is not improvised but structured, fast, and compliant with notification obligations. 6. Tips - Review at least annually and after real incidents. - Test it in tabletop exercises with your Cyber Incident Response Plan. - Keep regulator and customer comms separate — audiences need different levels of detail.

Last updated on Sep 25, 2025

Cyber Incident Response Plan Guide

1. Purpose of this Guide This artefact demonstrates that your company has a written, structured plan to handle cyber incidents. Cyber Essentials requires this because when disaster strikes — ransomware, phishing, or even a defaced website — you need more than panic and guesswork. A documented plan shows you’re ready to act quickly, assign responsibilities, and recover effectively. 2. What You Will Submit You will need: - Your Cyber Incident Response Plan document (policy/procedure template). - It should include: - Version history (effective/review dates, owner). - Introduction and scope (which staff/systems are covered). - Roles and responsibilities (e.g. CEO as Incident Lead, IT Manager as Technical Lead, PR Head as Comms Lead). - Playbooks for common incident types (e.g. DDoS, malware/ransomware, phishing, website defacement, data breach). - Post-incident review template (to record lessons learned). 3. How to Collect / Obtain / Generate This Evidence - If you are using StrongKeep, upload the CIRP template that is provided for you. - If you are starting from scratch: 1. Open the Cyber Incident Response Plan Template. 2. Fill in your company details, contacts, and version history. 3. Assign incident roles (Incident Lead, Technical Lead, Comms Lead, Secretary). 4. Draft playbooks for at least the 5 common incidents: - Distributed Denial-of-Service (DDoS) - Malware / Ransomware - Phishing / Scam - Website Defacement - Data Breach 5. Include a post-incident review form with fields like date, personnel involved, impact, summary, and improvements. 6. Save and keep this document updated annually or after a real incident. 4. Evidence Format - Accepted file types: DOCX, PDF. - Suggested naming format: YourCompanyName_CIRP_YYYY-MM-DD.pdf 5. What “Good” Looks Like - Version control and ownership — shows it’s maintained, not abandoned. - Clear roles and contacts — no confusion during a crisis. - Detailed playbooks — step-by-step response for common incidents. - Review template included — proving you’ll learn from past incidents. Why this matters: auditors want to see that you’re not improvising when chaos hits, but following a well-rehearsed plan. 6. Tips - Keep contacts updated — old phone numbers or missing staff will undermine your plan. - Test your CIRP at least once a year with a tabletop exercise. - If outsourcing IT, make sure vendors are included in the roles & responsibilities.

Last updated on Sep 23, 2025

Cybersecurity Awareness Training Guide

1. Purpose of this Guide This artefact demonstrates that your company provides structured cybersecurity awareness training for staff. Cyber Essentials requires this because humans are often the first line of defence — and the first target. A proper training guide proves your team knows how to handle phishing emails, dodgy Wi-Fi, weak passwords, and more. 2. What You Will Submit You will need: - A Cybersecurity Awareness Training document (Word, PDF, or slide deck). - It should cover: - Cyber hygiene basics (passwords, MFA, safe browsing). - Recognising phishing and suspicious attachments. - Role-specific training (e.g. finance staff on invoice fraud, IT staff on admin account risks). - Secure use of networks and devices. - Reporting processes (how to escalate suspicious emails or incidents). 3. How to Collect / Obtain / Generate This Evidence - If you already have a training program: - Export the syllabus or staff training manual. - Ensure the document includes date/version and target audience. - If starting fresh: 1. Use the Cybersecurity Awareness Training Template (from StrongKeep or CSA Cyber Essentials guidance). 2. Add your company name, logo, and version control. 3. Write clear sections: - Introduction: Why staff training matters. - Threats & Risks: Phishing, ransomware, weak passwords, unsafe Wi-Fi. - Cyber Hygiene Habits: Updates, MFA, device lock, reporting. - Role-Based Modules: Tailored to job functions. - Reporting Process: How to flag suspicious activity. 4. Save the file as PDF/DOCX and circulate it to staff. 5. Keep records of who attended or completed training (this links to the separate artefact “Users Training Completion Screenshot” ). 4. Evidence Format - Accepted file types: DOCX, PDF. - Suggested naming format: YourCompanyName_CyberAwarenessTraining_YYYY-MM-DD.pdf 5. What “Good” Looks Like - Clearly structured content (topics and objectives). - Role differentiation — e.g. IT staff vs. general staff. - Practical advice (not just theory). - Version/date visible — shows it’s kept current. Why it matters: auditors want proof that training isn’t just a tick-box — but an active, documented program. 6. Tips - Update the content annually (cyber threats evolve quickly). - Use quizzes or sign-off forms to confirm completion (ties to completion evidence). - Keep language simple — staff should understand it without needing IT expertise.

Last updated on Sep 23, 2025

Cybersecurity Guidelines Guide

1. Purpose of this Guide This artefact shows your company has written cybersecurity guidelines for staff. Cyber compliance requires this because every knight (staff member) needs a rulebook — clear, simple instructions on how to stay safe in daily work. Without them, employees may accidentally leave the gates wide open to attackers. 2. What You Will Submit You will need: - Your Cybersecurity Guidelines document (policy or handbook). - It should cover: - Password hygiene and multi-factor authentication. - Safe internet and email use (how to spot phishing). - Device protection (locking screens, patching, antivirus). - Secure handling of sensitive data (storage and sharing). - Role-based guidance (e.g. IT admins, finance staff, HR). 3. How to Collect / Obtain / Generate This Evidence - If starting from scratch: 1. Open StrongKeep's Cybersecurity Guidelines Template 2. Add your company name, logo, and version history. 3. Write sections for: - Passwords & Access: Use MFA, avoid password reuse. - Email & Phishing: Don’t click suspicious links, report attempts. - Device Care: Keep software updated, lock devices, no personal USBs. - Data Handling: Share only with authorised staff, use secure platforms. - Role-Specific Rules: Tailor guidelines for high-risk groups like IT and Finance. 4. Save as PDF/DOCX. 5. Circulate to staff and confirm acknowledgement (e.g. email or HR system). - If you already have a cybersecurity policy or handbook: - Export it to PDF or Word. - Make sure it’s written in plain language staff can understand. 4. Evidence Format - Accepted file types: DOCX, PDF. - Suggested naming format: YourCompanyName_CybersecurityGuidelines_YYYY-MM-DD.pdf Example: AcmeCorp_CybersecurityGuidelines_2025-07-01.pdf 5. What “Good” Looks Like - Easy to read (plain language, no jargon). - Covers core cyber hygiene practices (passwords, phishing, device use). - Includes role-specific advice (different rules for admins vs general staff). - Shows version history — proving it’s updated, not abandoned. Why it matters: auditors want to see staff aren’t left guessing — they have a written guide to follow. 6. Tips - Keep it short and usable (one pager or handbook, not 50 pages). - Update yearly or after major incidents. - Align with your training program so staff get consistent messages.

Last updated on Sep 25, 2025

Data Backup Records Guide

1. Purpose of this Guide This artefact proves that your company not only runs backups but also keeps proper records of them. Cyber Essentials requires this because “set and forget” backups are useless if they fail silently. Documenting backup dates, status, and test restores ensures data really can be recovered when disaster strikes. 2. What You Will Submit You will need: - A Data Backup Records document or spreadsheet. - It should show: - Date and time of backup. - Systems or data covered (e.g. finance files, HR folders, databases). - Backup location (cloud, physical disk, NAS). - Status (successful, failed, partial). - Last restore test performed (date and outcome). 3. How to Collect / Obtain / Generate This Evidence - If you already keep records: - Export from your backup tool (e.g. Veeam, Acronis, AWS Backup, Microsoft 365). - Or extract logs and format them into a clear table. - If you don’t yet: 1. Create a simple spreadsheet using the Data Backup Records Template from StrongKeep. 2. Add columns for: Date, System/Data, Location, Status, Restore Test Date, Remarks. 3. Update the log each time backups run (automated tools often email reports you can copy here). 4. Perform and log at least one test restore to prove recoverability. 4. Evidence Format - Accepted file types: XLSX, CSV, PDF. - Suggested naming format: YourCompanyName_DataBackupRecords_YYYY-MM-DD.xlsx Example: AcmeCorp_DataBackupRecords_2025-07-01.xlsx 5. What “Good” Looks Like - Consistent entries — not just a single line from months ago. - Covers all critical systems and datasets. - Shows regular testing (at least annually restore validation). - Status clearly marked (Success / Failed) so issues are visible. Why it matters: auditors want assurance that backups aren’t theoretical, but actively monitored and verified. 6. Tips - Automate record collection if possible — many tools export logs. - Keep at least 12 months of records for audit purposes. - If using third-party IT providers, make sure they supply logs you can incorporate.

Last updated on Sep 25, 2025

Disabling and Locking User Accounts Screenshot Guide

1. Purpose of this Guide This artefact proves your company has the ability to promptly disable or lock user accounts when employees leave, change roles, or when suspicious activity is detected. Cyber compliance requires this because dormant or uncontrolled accounts are golden keys for attackers. Showing you can lock or disable them demonstrates proper account lifecycle management. 2. What You Will Submit You will need: - A screenshot from your user management system showing an account being disabled or locked. - The screenshot must clearly show: - The account identifier (e.g. email or username). - Its status (Disabled, Locked, Inactive). - Timestamp or context of the action. 3. How to Collect / Obtain / Generate This Evidence Microsoft 365 / Azure AD (Entra): 1. Open Microsoft Entra Admin Center → Users. 2. Select a user account. 3. Under Account, show the toggle for Block sign-in = Yes. 4. Screenshot this view. Google Workspace (Admin Console): 1. Log in to Google Admin Console → Directory → Users. 2. Select a user account. 3. Click Suspend User. 4. Screenshot the suspended status. AWS Console (IAM): 1. Open IAM → Users. 2. Select the user account. 3. Remove or deactivate login credentials (passwords, access keys). 4. Screenshot showing the account marked inactive. Okta / Identity Providers: 1. Log into your IdP admin console. 2. Select a user profile. 3. Use Deactivate / Suspend function. 4. Screenshot the confirmation. Other SaaS tools (Atlassian, GitHub, GitLab, etc.): - Open user management. - Select a user and mark them disabled or inactive. - Screenshot the result. 4. Evidence Format - Accepted file types: PNG, JPG, PDF. - Suggested naming format: YourCompanyName_DisabledUserAccount_YYYY-MM-DD.png Example: AcmeCorp_DisabledUserAccount_2025-07-01.png 5. What “Good” Looks Like - Screenshot shows a real account marked disabled/inactive. - Status clearly visible (e.g. “Blocked,” “Suspended”). - Context shows it’s from an actual system (Microsoft, Google, AWS, etc.). - Ideally from a recent action, not years old. Why it matters: auditors want proof you can shut off access quickly and effectively — a vital safeguard when staff leave or if there’s a breach. 6. Tips - If you have no user accounts that were locked, that's fine. You just need to explain to the auditor that there were no accounts that met the criteria to be disabled or locked out. - Redact personal details (names, emails) before uploading. - Show at least one disabled account — auditors don’t need every single record. - Link this with your Account Inventory List to prove lifecycle management is consistent.

Last updated on Sep 25, 2025

Endpoint OS Autoupdate Guide

1. Purpose of this Guide This artefact demonstrates that your company’s laptops, desktops, and servers are configured to receive and install OS updates automatically. Cyber compliance requires this because timely patching is one of the strongest shields against attackers exploiting known flaws. 2. What You Will Submit You will need: - A screenshot from a device showing that automatic OS updates are enabled. - The screenshot should clearly show: - The operating system (Windows, macOS, Linux). - Auto-update settings switched “On.” - (If visible) that security patches are included. 3. How to Collect / Obtain / Generate This Evidence Windows 10/11: 1. Open Settings → Update & Security → Windows Update. 2. Click Advanced options. 3. Ensure “Automatically download and install updates” is enabled. 4. Screenshot the page showing this toggle or confirmation. macOS: 1. Go to System Settings → General → Software Update. 2. Confirm Automatic Updates is enabled (includes OS updates and Security Responses). 3. Take a screenshot of this view. Linux (Ubuntu example): 1. Open Software & Updates → Updates tab. 2. Ensure “Install security updates without confirmation” is enabled. 3. Capture a screenshot showing this setting. MDM Platforms (e.g. Microsoft Intune, Jamf): - Navigate to Update Policies. - Capture the screen showing that automatic OS updates are enforced across managed devices. 4. Evidence Format - Accepted file types: PNG, JPG, PDF. - Suggested naming format: YourCompanyName_EndpointOSAutoupdate_YYYY-MM-DD.png 5. What “Good” Looks Like - Screenshot clearly shows the auto-update toggle enabled. - The setting applies to the OS itself, not just apps. - If captured via MDM, it shows organisation-wide enforcement. - Ideally includes last checked/last updated date for proof of recency. Why it matters: auditors want assurance that vulnerabilities are patched without relying on someone remembering to click “Update now.” 6. Tips - Capture from an actively used device to show it’s applied in practice. - Redact personal identifiers (like usernames in OS settings) if they appear. - If using MDM, a policy-level screenshot is stronger than one from a single device.

Last updated on Sep 25, 2025

Firewall Configuration Screenshot Guide

1. Purpose of this Guide This artefact proves that your company has firewalls enabled and configured to block malicious traffic. For DNS firewalls, this shows you’ve gone beyond the basics by filtering at the DNS layer, stopping users from even connecting to dangerous sites. Cyber compliance requires this because firewalls are the first shield-wall against intruders. 2. What You Will Submit You will need: - A screenshot of your DNS firewall configuration page. - The screenshot should clearly show: - Filtering rules (malware, phishing, adult content, custom blocklists). - Policy enforcement applied to your organisation or network. - (If available) Statistics or logs proving the firewall is actively blocking threats. 3. How to Collect / Obtain / Generate This Evidence StrongKeep's DNS Firewall: 1. Click "Generate your report" 2. StrongKeep will provide the report of what malicious network traffic is being blocked for you. Cisco Umbrella (or similar enterprise DNS firewalls): 1. Log into the Umbrella dashboard. 2. Go to Policies → Policy List. 3. Select the active policy and screenshot the enabled categories (Malware, Phishing, C2, Botnets). 4. Include evidence of the policy assignment to your network or user group. Fortinet (FortiGate hardware firewall): 1. Log into the FortiGate web interface. 2. Go to Security Profiles → Web Filter / DNS Filter. 3. Screenshot showing enabled filters (e.g. Malware, Phishing, Block High-Risk Categories). 4. Optionally, go to Log & Report → Forward Traffic and capture entries showing blocked activity. 4. Evidence Format - Accepted file types: PNG, JPG, PDF. - Suggested naming format: YourCompanyName_FirewallConfig_YYYY-MM-DD.png Example: AcmeCorp_FirewallConfig_2025-07-01.png 5. What “Good” Looks Like - Firewall shown as enabled. - Clear evidence of security categories/rules applied (not blank). - (Bonus) Logs or reports showing actual blocks. - Screenshot taken from the live firewall console, not a generic image. Why it matters: auditors want assurance you’re not just saying “we have a firewall,” but showing proof of active, configured protection. 6. Tips - Redact IP addresses or sensitive domains before uploading. - Pair a configuration screenshot with a report/analytics screenshot to strengthen evidence. - If using multiple DNS firewalls (e.g. NextDNS for endpoints, Cisco Umbrella for office), submit one clear screenshot per tool.

Last updated on Sep 25, 2025

Hardware Asset Onboarding Authorization Form Guide

1. Purpose of this Guide This artefact demonstrates that your company has a formal process for introducing and retiring IT assets. Cyber Essentials requires this because assets (like laptops, servers, or phones) need to be approved, tracked, and securely removed — not left floating around where they could pose a risk. 2. What You Will Submit You will need: - Your documented Asset Onboarding and Removal Process (policy or procedure). - It should cover: - How new assets (e.g. laptops, phones, software licences) are requested and approved. - How asset details are recorded (e.g. make, model, serial number, assigned owner). - The authorisation workflow (who signs off). - How decommissioned assets are securely removed (data wiped, hardware recycled, accounts closed). - (Optional but strong): Example forms (like your Hardware Asset Onboarding Authorisation Form) showing real approvals. 3. How to Collect / Obtain / Generate This Evidence - If you already maintain this process: - Export the policy/procedure to PDF or Word. - Include references to the forms/templates you use (e.g. onboarding authorisation forms, removal checklists). - If you don’t have one yet: 1. Start with the Asset Onboarding and Removal Process Template provided in StrongKeep. 2. Document the steps for: - Onboarding: request → approval → record entry in asset inventory. - During lifecycle: periodic review of ownership and use. - Removal: manager request → approval → data sanitisation/disposal → update inventory. 3. Attach or reference forms (like the Hardware Asset Onboarding Authorisation Form) to show the workflow in action. 4. Save the document in PDF/DOCX format. 4. Evidence Format - Accepted file types: DOCX, PDF. - Suggested naming format: YourCompanyName_AssetOnboardingRemovalProcess_YYYY-MM-DD.pdf Example: AcmeCorp_AssetOnboardingRemovalProcess_2025-07-01.pdf 5. What “Good” Looks Like - Clearly written steps for both onboarding and removal. - Defined approval roles (e.g. Product Manager, CEO, IT Manager). - Integration with your Asset Inventory List (so assets aren’t tracked in isolation). - Secure removal procedures (data wiping, hardware disposal, account deactivation). Why this matters: auditors want confidence that assets don’t just appear or disappear without oversight, creating gaps in security. 6. Tips - Include a form or checklist for both onboarding and removal — auditors love seeing evidence of real approvals. - If you outsource disposal (e.g. to an e-waste vendor), keep the disposal certificates. - Review the process yearly to make sure it reflects your current IT setup.

Last updated on Sep 25, 2025

Idle Session Timeout Screenshot Guide

1. Purpose of this Guide This artefact demonstrates that your company enforces automatic log-off after a set idle period. Cyber Essentials requires this because if staff leave their laptops or web apps unlocked, attackers can waltz in. An enforced timeout slams the gate shut after a few minutes of inactivity. 2. What You Will Submit You will need: - A screenshot showing idle session timeout settings. - The screenshot should clearly display: - The platform (Windows, macOS, Google Workspace, Microsoft 365, AWS, etc.). - The timeout duration (e.g. 5, 10, or 15 minutes). - Confirmation that automatic lock or log-off is enabled. 3. How to Collect / Obtain / Generate This Evidence Windows 10/11: 1. Open Group Policy Editor → Computer Configuration → Windows Settings → Security Settings → Local Policies → Security Options. 2. Find Interactive logon: Machine inactivity limit. 3. Screenshot showing the value (e.g. 900 seconds = 15 mins). macOS: 1. Open System Settings → Lock Screen. 2. Under Turn display off on battery/power, set to ≤ 10–15 minutes. 3. Ensure Require password after sleep or screen saver begins is enabled. 4. Screenshot this panel. Google Workspace (Admin Console): 1. Log into Admin Console → Devices → Chrome → Settings → User & Browser Settings. 2. Find Idle Settings / Sign-out policy. 3. Screenshot showing automatic sign-out after idle period. Microsoft 365 (Entra / Office web apps): 1. Open Microsoft Entra Admin Center → Conditional Access → Session controls. 2. Check Sign-in frequency and Idle timeout policy. 3. Screenshot showing policy applied to users. AWS Console (example for cloud services): 1. Open IAM → Account Settings → Console session timeout. 2. Screenshot showing the timeout duration. 4. Evidence Format - Accepted file types: PNG, JPG, PDF. - Suggested naming format: YourCompanyName_IdleSessionTimeout_YYYY-MM-DD.png Example: AcmeCorp_IdleSessionTimeout_2025-07-01.png 5. What “Good” Looks Like - Screenshot shows timeout enabled (not “Never”). - Timeout duration is reasonable (≤ 15 minutes). - Platform name visible (to prove authenticity). - Date/version visible where possible. Why it matters: auditors want to see that unattended sessions won’t sit open for hours, giving attackers easy access. 6. Tips - If you apply timeout via MDM (Intune, Jamf, Workspace ONE), grab a screenshot of the policy setting. - Redact personal names or device IDs if they appear. - Use consistent timeout values across systems for simplicity.

Last updated on Sep 25, 2025

IoT Backup Screenshot Guide

1. Purpose of this Guide This artefact proves that your organisation’s IoT devices (for systems that are within scope) are backed up — even when they don’t have built-in auto-backup. Cyber Essentials requires this because IoT systems (like CCTV, smart printers, and sensors) often hold critical data or configurations, and if they fail without backups, you could lose visibility or security control. 2. What You Will Submit You will need: - A screenshot showing the backup of IoT data. - The screenshot should demonstrate: - The IoT device or system (e.g. CCTV NVR, smart printer, building sensor). - Backup configuration or export screen. - Storage location (external HDD, NAS, or cloud). - Timestamps showing recent backup activity. 3. How to Collect / Obtain / Generate This Evidence CCTV / NVR systems (e.g. Hikvision, Dahua): 1. Log into the NVR/DVR management console. 2. Go to Backup / Export. 3. Screenshot showing backup of recordings/configurations to external disk or NAS. Smart Printers / MFDs: 1. Open the printer’s admin console (via web interface). 2. Go to Settings → Backup & Restore. 3. Screenshot the backup/export screen (config files saved to external location). IoT Sensors / Gateways: 1. Access the device’s management console. 2. Export configuration or logs. 3. Screenshot the interface showing data export/backup in progress. General Best Practice: - If the IoT device has no native backup, screenshot the manual process: - Export to USB, external HDD, or cloud sync folder. - Show file/folder with timestamp confirming backup. 4. Evidence Format - Accepted file types: PNG, JPG, PDF. - Suggested naming format: YourCompanyName_IoTBackup_YYYY-MM-DD.png Example: AcmeCorp_IoTBackup_2025-07-01.png 5. What “Good” Looks Like - Screenshot shows the actual IoT system (not a generic PC folder). - Clearly shows backup/export action and target location. - Includes timestamp to prove recency. - If multiple IoT devices are critical (e.g. CCTV + smart sensors), provide at least one screenshot per category. Why it matters: auditors want confidence you can recover IoT data/configurations after device failure, ransomware, or physical damage. 6. Tips - Label the storage media (e.g. “CCTV Backup HDD 1”). - Rotate between at least two physical drives for resilience. - Encrypt backups where possible, especially if devices capture sensitive information.

Last updated on Sep 25, 2025

Mail Server Internet Hygiene Portal Results Guide

1. Purpose of this Guide This artefact proves your company’s mail servers are securely configured and resilient against phishing, spoofing, and insecure email transport. Cyber Essentials requires this because weak email security leaves your castle gates wide open to attackers who exploit insecure mail servers to impersonate your staff or steal sensitive information. 2. What You Will Submit You will need: - A report generated via StrongKeep’s dashboard, which pulls directly from the CSA Internet Hygiene Portal (IHP). - This report will include: - Overall Mail Server Security Score. - TLS/STARTTLS support status. - Validity of security certificates. - Email authentication checks (SPF, DKIM, DMARC). - DANE validation and phishing prevention features. 3. How to Collect / Obtain / Generate This Evidence For StrongKeep customers, this artefact is auto-generated: 1. StrongKeep will generate this report for you from our external scan of your servers. 2. Click Generate Report. 3. The system will fetch the latest results for your domain. 4. Download the report or screenshot the dashboard view. No need to run manual scans — StrongKeep fetches it for you, so you won’t have to joust with SPF records or TLS ciphers yourself. 4. Evidence Format - Accepted file types: PDF, PNG, JPG. - Suggested naming format: YourCompanyName_MailServerIHP_YYYY-MM-DD.pdf 5. What “Good” Looks Like - Report shows a recent scan date (within the last 3 months). - Overall security score is green / high pass. - TLS protocols are enabled and valid. - SPF, DKIM, and DMARC all pass validation. - No red flags under phishing or spoofing protection. Why it matters: auditors want assurance that your email infrastructure isn’t a weak link for attackers to slip phishing lances through. 6. Tips - Regenerate the IHP results shortly before audit submission, so it’s fresh. - If your score is low, fix mail server issues (SPF, DKIM, DMARC) and re-run before submitting. - Keep older reports — they help demonstrate continuous monitoring and improvement.

Last updated on Sep 25, 2025

Malware Scan Policy Screenshot Guide

1. Purpose of this Guide This artefact proves that your company has anti-malware solutions properly configured. Cyber Essentials requires this because attackers rely on lazy defences — if your devices aren’t scanning files, updating signatures, or running periodic sweeps, you’re leaving the drawbridge down. 2. What You Will Submit You will need: - A screenshot/report of your anti-malware policy. - The evidence should clearly show: - Scheduled scans (daily/weekly). - Real-time/on-access protection enabled. - Automatic updates for virus/malware signatures. - Mobile device protection (if applicable). 3. How to Collect / Obtain / Generate This Evidence For StrongKeep customers (recommended): 1. Log into your StrongKeep Dashboard. 2. Go to Evidence Library → Malware Scan Policy. 3. Click Generate Report. 4. The system will fetch your anti-malware configuration (via integrated endpoint protection tool). 5. Download the PDF or screenshot the dashboard view. For non-integrated setups: - Microsoft Defender (Windows): 1. Open Windows Security → Virus & threat protection → Manage settings. 2. Screenshot showing real-time protection ON and scheduled scans. - Sophos / Trend Micro / Avast Business: - Go to the admin console. - Screenshot the policy page showing automated scans, signature updates, and real-time file protection. - Mobile devices (MDM-managed): - Open MDM console (e.g., Intune, Jamf, Workspace ONE). - Screenshot the profile showing enforced anti-malware protection. 4. Evidence Format - Accepted file types: PNG, JPG, PDF. - Suggested naming format: YourCompanyName_MalwareScanPolicy_YYYY-MM-DD.png Example: AcmeCorp_MalwareScanPolicy_2025-07-01.png 5. What “Good” Looks Like - Evidence shows all key controls (scans, updates, real-time protection). - Policy view or settings panel visible, not just a random “Scan complete” screen. - (Bonus) Logs showing last successful scan. Why it matters: auditors want proof that you’re not only able to scan for malware but that the process is automatic, current, and continuous. 6. Tips - If using StrongKeep, let the platform auto-generate — it ensures consistency. - For third-party tools, make sure screenshots show the policy configuration, not just results. - Redact usernames, device IDs, or internal hostnames before submission.

Last updated on Sep 25, 2025

Multi-Factor Authentication Policy Enforcement Guide

1. Purpose of this Guide This artefact proves your company has enforced MFA across user accounts, not just made it optional. Cyber Essentials requires this because passwords alone are a rickety drawbridge; MFA adds a second gate — a code, token, or app approval — making it much harder for attackers to sneak in with stolen credentials. 2. What You Will Submit You will need: - A screenshot from your identity provider (IdP) or admin console showing: - MFA enforcement enabled for users. - Status that indicates “Enforced” or “Required”, not just “Available.” - Coverage across the organisation or specific groups (admins, staff, etc.). 3. How to Collect / Obtain / Generate This Evidence For StrongKeep users: 1. Log into the StrongKeep Password Manager → Reports 2. Select MFA 3. Click Generate Report. 4. Download the screenshot/report. Microsoft Entra (Azure AD): 1. Go to Entra Admin Center → Users → Per-user MFA. 2. Look for status = Enforced. 3. Screenshot showing at least one enforced account (ideally all relevant users). Google Workspace: 1. Open Admin Console → Security → Authentication → 2-step verification. 2. Ensure enforcement is ON for organisational units or all users. 3. Screenshot showing enforcement, not just availability. Okta / Other IdPs (Duo, OneLogin): 1. Log into admin console. 2. Navigate to Authentication / Security Policies. 3. Screenshot showing MFA required for sign-ins. 4. Evidence Format - Accepted file types: PNG, JPG, PDF. - Suggested naming format: YourCompanyName_MFAEnforcement_YYYY-MM-DD.png Example: AcmeCorp_MFAEnforcement_2025-07-01.png 5. What “Good” Looks Like - Status clearly shows MFA enforced (not optional). - Screenshot taken from the official IdP console (Microsoft Entra, Google Admin, Okta, etc.). - Evidence covers all relevant staff — especially admins and high-privilege accounts. Why it matters: auditors want assurance that MFA isn’t just “available in theory” but practically enforced across your systems. 6. Tips - Redact personal names or emails from the screenshot before upload. - Enforce MFA organisation-wide where possible; partial coverage may raise questions. - Combine this with your Access Request Process evidence to show end-to-end strong account security.

Last updated on Sep 25, 2025

Mobile Backup Screenshot Guide

1. Purpose of this Guide This artefact proves your company’s mobile devices are securely and automatically backed up. Cyber Essentials requires this because mobiles often hold sensitive client conversations, contacts, and operational data. Without backups, a lost or broken phone could mean lost business-critical data. 2. What You Will Submit You will need: - A screenshot from your mobile device or MDM console showing backup settings. - The screenshot should clearly show: - Backup turned ON. - Type of data being backed up (SMS, contacts, app data, etc.). - Destination (cloud account, secondary storage, or MDM-managed system). - Automatic/scheduled backup frequency. 3. How to Collect / Obtain / Generate This Evidence Apple iOS (iCloud Backup): 1. Open Settings → [Your Name] → iCloud → iCloud Backup. 2. Ensure iCloud Backup is toggled ON. 3. Screenshot the screen showing backup enabled, with timestamp of last successful backup. Android (Google Backup): 1. Open Settings → Google → Backup. 2. Confirm Backup by Google One is ON. 3. Screenshot showing items backed up (App data, Contacts, SMS, etc.) and latest backup time. Mobile Device Management (MDM) tools (e.g., Intune, Jamf, Workspace ONE): 1. Log into your MDM admin portal. 2. Go to Device Configuration → Backup Policy. 3. Screenshot showing that corporate devices have automatic backup policies enforced. 4. Evidence Format - Accepted file types: PNG, JPG, PDF. - Suggested naming format: YourCompanyName_MobileBackup_YYYY-MM-DD.png 5. What “Good” Looks Like - Shows backup enabled and running automatically. - Data types listed (contacts, SMS, app data). - Destination storage clear (iCloud, Google Drive, or corporate backup system). - A recent backup timestamp visible. Why it matters: auditors want proof that if a device is lost or damaged, data isn’t gone forever — it can be recovered quickly. 6. Tips - Redact personal photos, messages, or irrelevant apps before capturing. - Standardise settings across all corporate phones (via MDM) to avoid exceptions. - Run a test restore on one device — it proves your backups actually work.

Last updated on Sep 25, 2025

Multi-Cloud Backup Guide

1. Purpose of this Guide This artefact proves that your company isn’t putting all its eggs in one basket — you’re using multiple cloud providers to back up critical data. Cyber Essentials requires this because cloud providers can have outages, misconfigurations, or even policy changes. A multi-cloud approach shows you’re prepared for continuity no matter which cloud falters. 2. What You Will Submit You will need: - A screenshot from your backup platform(s) showing: - Data backed up to two or more different cloud providers (e.g., AWS + Google Cloud, or OneDrive + Dropbox). - Active and recent backup activity. - Timestamps or logs proving backups are current. 3. How to Collect / Obtain / Generate This Evidence Option A: SaaS backup tools (Datto, Veeam, Acronis, Druva): 1. Log into the admin console. 2. Navigate to Backup Jobs / Policies. 3. Show backup destinations across multiple cloud providers. 4. Screenshot the summary page. Option B: Direct Cloud Provider Setup: - AWS S3 + Google Cloud Storage: 1. Show replication/backup job configured to copy data between clouds. 2. Screenshot the job detail screen with destinations. - Microsoft OneDrive + Google Drive: 1. If using a sync tool (e.g., MultCloud, CloudHQ), open the dashboard. 2. Screenshot showing the files are synced/backed up between platforms. 4. Evidence Format - Accepted file types: PNG, JPG, PDF. - Suggested naming format: YourCompanyName_MultiCloudBackup_YYYY-MM-DD.png Example: AcmeCorp_MultiCloudBackup_2025-07-01.png 5. What “Good” Looks Like - Clear proof that two or more providers are in use. - Screenshot shows recent activity (not stale/empty jobs). - Destinations are recognisable (AWS, Google, Microsoft, etc.). - Timestamps/logs confirm recency and reliability. Why it matters: auditors want to see you’re not over-relying on a single vendor and have resilience built in. 6. Tips - Redact sensitive paths, filenames, or customer data in the screenshot. - Use different types of providers (e.g., AWS + Microsoft) for stronger assurance. - Pair this with your Business Critical Data Backup artefacts for completeness.

Last updated on Sep 25, 2025

Network Diagram Guide

1. Purpose of this Guide This artefact proves your company understands and documents how its network is structured and defended. Cyber Essentials requires this because without a clear map, it’s easy to overlook unprotected pathways, forgotten devices, or weak firewall coverage. A diagram is like your castle blueprint — showing walls, gates, and where the guards are posted. 2. What You Will Submit You will need: - A network diagram that includes: - Internet connection points. - Firewalls (hardware or DNS firewalls). - Routers, switches, Wi-Fi access points. - Segmented networks (e.g., office LAN, guest Wi-Fi, IoT VLAN). - End-user devices (workstations, laptops, mobiles, printers). - If using StrongKeep: the provided template diagram, adapted with your details. 3. How to Collect / Obtain / Generate This Evidence Option A: Use the StrongKeep Template: 1. Download the Network Diagram template. 2. Add your: - ISP connection - Firewall(s) - Switches / Wi-Fi Access Points - Device groups (e.g., staff laptops, printers, IoT cameras) 3. Save and export as PDF or PNG. Option B: Create from Scratch (if not using StrongKeep): - Microsoft Visio / Lucidchart / Draw.io: 1. Create a blank canvas. 2. Add internet, firewall, router, and network segments. 3. Place icons for devices (workstations, printers, servers). 4. Label key security features (e.g., “DNS firewall enabled,” “IoT isolated VLAN”). 5. Export to PDF/PNG. Option C: Auto-Discovery Tools (advanced): - Use tools like Lansweeper, SolarWinds, or NetBrain to auto-generate diagrams. - Export the generated map, ensuring sensitive hostnames/IPs are redacted. 4. Evidence Format - Accepted file types: PDF, PNG, JPG. - Suggested naming format: YourCompanyName_NetworkDiagram_YYYY-MM-DD.pdf Example: AcmeCorp_NetworkDiagram_2025-07-01.pdf 5. What “Good” Looks Like - Shows all main components (firewalls, routers, devices, Wi-Fi). - Clearly labels security controls (firewall, segmentation). - Easy to read (not overloaded with every tiny switch or port). - Reflects the current environment (not an outdated design). Why it matters: auditors want proof that you’re aware of your network’s shape and choke points — a living map of your cyber fortress. 6. Tips - Keep it high-level — no need for every patch cable. - Show segmentation (e.g., staff Wi-Fi vs guest Wi-Fi). - Update after major IT changes (new ISP, new firewall, new office). - Redact sensitive details like internal IP ranges if needed.

Last updated on Sep 25, 2025

Non-Critical Backup Screenshot Guide

1. Purpose of this Guide This artefact proves your company doesn’t only protect the “crown jewels” but also keeps less critical data backed up. Cyber Essentials requires this because even non-critical systems can contain information that, if lost, could disrupt operations. Having a backup — even at lower frequency — shows resilience across the board. 2. What You Will Submit You will need: - A screenshot showing: - Backup settings for non-critical systems (e.g., shared drives, test servers, archive data). - Frequency (e.g., weekly, monthly) clearly configured. - Destination storage (cloud, NAS, external drive). - Timestamp or status proving recent activity. 3. How to Collect / Obtain / Generate This Evidence Option A: Cloud Backup Services (e.g., OneDrive, Google Drive, Dropbox): 1. Open the admin or settings panel. 2. Navigate to Backup / Sync Settings. 3. Screenshot showing folders/files designated as non-critical with backup frequency. Option B: Backup Software (e.g., Veeam, Acronis, Datto): 1. Log into the admin console. 2. Go to Backup Jobs / Policies. 3. Screenshot the configuration showing weekly/monthly backup jobs for non-critical systems. Option C: Local/On-Premise NAS or External Storage: 1. Open the backup scheduler interface. 2. Capture the job list showing less frequent backups (e.g., archives every 2 weeks). 3. Screenshot with timestamps of last and next backup. 4. Evidence Format - Accepted file types: PNG, JPG, PDF. - Suggested naming format: YourCompanyName_NonCriticalBackup_YYYY-MM-DD.png 5. What “Good” Looks Like - Screenshot clearly shows non-critical data included. - Backup frequency lower than critical systems (e.g., monthly vs daily). - Shows destination where backups are stored. - Timestamp/logs prove backup is active and not stale. Why it matters: auditors want evidence that your company covers all data tiers, not just critical files, while optimising resources responsibly. 6. Tips - Label non-critical jobs clearly (“Archive Data Weekly Backup”) to avoid confusion. - Redact sensitive file/folder names if shown. - Pair with your Business Critical Backup evidence to demonstrate a balanced backup strategy.

Last updated on Sep 25, 2025

Non-Disclosure Agreement Guide

1. Purpose of this Guide This artefact shows that your company uses NDAs to protect sensitive information when working with staff, contractors, or partners. Cyber Essentials requires this because without confidentiality agreements, third parties could legally (or accidentally) share your secrets with outsiders — and that’s like leaving the castle gate unguarded. 2. What You Will Submit You will need: - A signed NDA document (template customised for your organisation). - This should cover: - Definitions of confidential information. - Obligations to protect that information. - Restrictions on disclosure and use. - Duration of the agreement. - Parties bound (employees, contractors, vendors). 3. How to Collect / Obtain / Generate This Evidence For StrongKeep Customers: 1. Download StrongKeep's Non-Disclosure Agreement Template. 2. Add your company name, logo, and specific details (parties, scope, duration). 3. Circulate for signing with employees, contractors, or vendors. 4. Save the signed copy as PDF. If building your own NDA: 1. Use your legal counsel or internal policy framework. 2. Ensure the NDA covers: - Confidential data scope (business, financial, IT, customer). - Use restrictions (no sharing, no re-use outside contract). - Remedies in case of breach. 3. Collect signed copies from all relevant parties. 4. Evidence Format - Accepted file types: PDF, DOCX. - Suggested naming format: YourCompanyName_NDA_YYYY-MM-DD.pdf Example: AcmeCorp_NDA_2025-07-01.pdf 5. What “Good” Looks Like - NDA includes clear confidentiality clauses. - Document shows signatures from both parties. - Agreement applies to all relevant stakeholders (employees, contractors, vendors). - Recent version (not an outdated draft). Why it matters: auditors want proof that sensitive information is legally protected, not just secured by goodwill. 6. Tips - Use e-signature platforms (e.g., DocuSign, Adobe Sign) for easy tracking. - Keep a central record of all signed NDAs in your compliance folder. - Pair this with your Access Request Process evidence to show contractors don’t just get access — they’re bound by confidentiality too.

Last updated on Sep 25, 2025

Offline Backup Screenshot Guide

1. Purpose of this Guide This artefact proves that your company can recover data even if online systems are compromised. Cyber Essentials requires this because ransomware, malware, or insider threats can wipe out live backups. An offline backup is like a sealed vault — attackers can’t touch it because it’s disconnected. 2. What You Will Submit You will need: - A screenshot or photo showing offline backup storage in use. - The evidence should display: - The storage medium (USB drive, encrypted external HDD, tape, etc.). - Backup contents or logs proving recent data copied. - Evidence that it’s disconnected from the live network/system. 3. How to Collect / Obtain / Generate This Evidence Option A: External Hard Disk / USB drive: 1. Plug in your encrypted external HDD or USB flash drive. 2. Run a backup job or copy your business data. 3. Screenshot the folder view showing data + timestamps. 4. Safely eject the device and (optionally) take a photo of it labelled and stored securely. Option B: Managed Offline Backup Service: 1. Log into the provider console. 2. Open the job history for offline/air-gapped storage. 3. Screenshot showing successful transfer with date. Best Practice: - Store the offline media physically separate (e.g., another office, safe, at home, or vault). - Use encryption + password protection for portable drives. 4. Evidence Format - Accepted file types: PNG, JPG, PDF (screenshots or photographs). - Suggested naming format: YourCompanyName_OfflineBackup_YYYY-MM-DD.png 5. What “Good” Looks Like - Backup media shown separate from live systems. - Timestamp/log showing recent backup activity. - Media labelled (e.g., “Finance Q3 Backup – Stored Offsite”). - Ideally, encrypted or password-protected media. Why it matters: auditors want assurance that even if ransomware takes out your online backups, you still have untouchable recovery options. 6. Tips - Rotate multiple offline media sets (weekly/monthly). - Store one copy offsite for disaster recovery. - Redact sensitive filenames in screenshots before uploading. - If photographing physical media, blur serial numbers.

Last updated on Sep 25, 2025

Organisational Chart Guide

1. Purpose of this Guide This artefact proves that your company has clear reporting lines and responsibilities. Cyber Essentials requires this because, in a crisis, everyone needs to know who calls the shots. An organisational chart is like your battle map — showing who leads, who supports, and who reports where. 2. What You Will Submit You will need: - An organisational chart that includes: - Leadership roles (e.g., CEO, Directors). - IT/security roles (e.g., IT Manager, Security Lead). - Operational teams (e.g., HR, Finance, Ops). - Reporting lines (who reports to whom). 3. How to Collect / Obtain / Generate This Evidence For StrongKeep Customers (recommended): 1. Download StrongKeep's Organisational Chart Template. 2. Fill in your company’s staff names, job titles, and reporting relationships. 3. Save as PDF or PNG. If building from scratch: - Microsoft PowerPoint / Word / Excel: Use SmartArt → Hierarchy → fill in roles. - Draw.io / Lucidchart / Canva: Use drag-and-drop hierarchy tools to design the chart. - Ensure clarity: don’t overload with every single intern — focus on structure and authority. 4. Evidence Format - Accepted file types: PDF, PNG, JPG, DOCX. - Suggested naming format: YourCompanyName_OrgChart_YYYY-MM-DD.pdf Example: AcmeCorp_OrgChart_2025-07-01.pdf 5. What “Good” Looks Like - Clear hierarchical structure with key roles shown. - Reporting lines visible (arrows/lines connecting roles). - Includes IT/security roles relevant to incident response. - Reflects the current state of your company (not outdated). Why it matters: auditors want to see that your company won’t descend into chaos during an incident — everyone knows their role and who they report to. 6. Tips - Update the chart whenever leadership or IT/security roles change. - Keep it high-level — auditors don’t need every intern or contractor. - Pair this with your Incident Response Plan artefact to show who actually carries out each action.

Last updated on Sep 25, 2025

Operating System Firewall Guide

1. Purpose of this Guide This artefact proves your company has host firewalls enabled on all endpoints. Cyber Essentials requires this because firewalls are your personal guard at the door — blocking shady traffic before it even enters. Whether using the built-in OS firewall or StrongKeep’s XDR host firewall, this evidence shows every device has a shield raised. 2. What You Will Submit You will need: - A screenshot showing a host firewall enabled and configured. - The screenshot should include: - Firewall status (ON/Enabled). - Rules or categories applied (if visible). - Confirmation it’s applied at the device level (OS or XDR agent). 3. How to Collect / Obtain / Generate This Evidence Using StrongKeep XDR Host Firewall (coming soon): 1. Log into the StrongKeep Dashboard → Evidence Library → Host Firewall. 2. Click Generate Report. 3. Screenshot the view showing firewall enforcement from the XDR agent. Using Windows built-in Defender Firewall: 1. Open Control Panel → System and Security → Windows Defender Firewall. 2. Confirm firewall is ON for Domain, Private, and Public networks. 3. Screenshot the panel. Using macOS built-in Firewall: 1. Go to System Settings → Network → Firewall. 2. Toggle Firewall = ON. 3. Screenshot this view. Using Linux (UFW or Firewalld): 1. Run sudo ufw status or sudo firewall-cmd --state. 2. Take a screenshot of the terminal showing active firewall. 4. Evidence Format - Accepted file types: PNG, JPG, PDF. - Suggested naming format: YourCompanyName_HostFirewall_YYYY-MM-DD.png Example: AcmeCorp_HostFirewall_2025-07-01.png 5. What “Good” Looks Like - Firewall clearly shown as enabled. - Screenshot taken from system or XDR console (not a mockup). - If possible, rules or logs visible to show active blocking. - Evidence from multiple OS types if your organisation uses mixed environments. Why it matters: auditors want to see host-level protection — even if your network firewall fails, endpoints are still guarded. 6. Tips - For StrongKeep XDR, include one screenshot per OS type deployed (Windows/macOS). - Redact sensitive rule names or IP addresses. - Pair this with your Firewall Configuration Screenshot (DNS/Network firewall) to show layered defence.

Last updated on Sep 25, 2025

Password Compromise Screenshot Guide

1. Purpose of this Guide This artefact demonstrates your company’s ability to detect compromised passwords and immediately enforce a password change. Cyber Essentials requires this because an early warning system for password leaks and other breaches prevents attackers from using stolen credentials to infiltrate systems. 2. What You Will Submit You will need: - A screenshot from your password manager showing the detection of a compromised password. - The screenshot should clearly display: - User details (e.g., email or username associated with the password). - The alert or notification flagging the password compromise. - Confirmation that password change was enforced or recommended. 3. How to Collect / Obtain / Generate This Evidence For StrongKeep customers: 1. Log into the StrongKeep Dashboard → Password Manager. 2. Go to the Compromised Password Alerts section. 3. Screenshot the list showing compromised passwords and any emails with related enforcement actions (e.g. password reset recommended to the respective staff). For third-party password managers (e.g., LastPass, 1Password, Bitwarden): 1. Log into the password manager dashboard. 2. Go to the Security / Breach Reports section. 3. Capture a screenshot showing detected compromised passwords (e.g., “password found in data breach”). 4. Ensure it also shows enforcement actions (e.g., prompting password change or auto-reset). 4. Evidence Format - Accepted file types: PNG, JPG, PDF. - Suggested naming format: YourCompanyName_PasswordCompromise_YYYY-MM-DD.png Example: AcmeCorp_PasswordCompromise_2025-07-01.png 5. What “Good” Looks Like - Screenshot shows compromised password detected in the system. - Displays enforcement action (e.g., change password, notify user). - User identifier (email, username) visible, without exposing sensitive data. - Evidence from trusted password manager (Bitwarden, 1Password, StrongKeep, etc.). Why it matters: auditors want to see that you actively monitor and manage compromised credentials, ensuring they are promptly addressed to avoid breaches. 6. Tips - Redact sensitive details (like full usernames or passwords) before submitting. - Regularly review and enforce password hygiene practices across the organisation. - Make sure your password manager integrates with your incident response to automate actions.

Last updated on Sep 25, 2025

Password Expiration Screenshot Guide

1. Purpose of this Guide This artefact proves your company has password expiration policies configured. Cyber Essentials requires this because long-lived, unchanged passwords are ripe targets for attackers. By enforcing expiration, you compel regular refreshes, reducing the chance of old credentials being abused. 2. What You Will Submit You will need: - A screenshot showing the password expiration settings in your environment. - The screenshot should display: - Password expiration period (e.g., 90 days). - Enforcement at the domain or system level. - Confirmation that the policy is active, not just a draft. 3. How to Collect / Obtain / Generate This Evidence Microsoft Active Directory / Entra ID (Azure AD): 1. Open Group Policy Management → Default Domain Policy → Account Policies → Password Policy. 2. Locate Maximum password age. 3. Screenshot the value (e.g., 90 days). Microsoft 365 (Cloud-only): 1. Log into Microsoft 365 Admin Center → Settings → Org Settings → Security & Privacy. 2. Under Password expiration policy, verify days set. 3. Screenshot this setting. Google Workspace: 1. Open Admin Console → Security → Authentication → Password Management. 2. Check Password expiration period. 3. Screenshot the setting with applied value. Other Systems (Okta, OneLogin, etc.): 1. Go to Security / Policies → Password Policy. 2. Locate expiration/rotation settings. 3. Screenshot policy configuration. 4. Evidence Format - Accepted file types: PNG, JPG, PDF. - Suggested naming format: YourCompanyName_PasswordExpiration_YYYY-MM-DD.png Example: AcmeCorp_PasswordExpiration_2025-07-01.png 5. What “Good” Looks Like - Screenshot shows a specific expiration timeframe (not blank/disabled). - Policy scope visible (applies to users or domain). - Captured from official admin console (Active Directory, M365, Google Admin, etc.). Why it matters: auditors want proof that password expiration is not optional — it’s actively enforced across accounts. 6. Tips - Pair this with your Password Compromise Screenshot to demonstrate layered defence. - Redact user names or tenant IDs from screenshots. - Standardise expiration values (e.g., 90 days) across all systems to avoid gaps.

Last updated on Sep 25, 2025

Physical Access Control Photo Guide

1. Purpose of this Guide This artefact proves your company has physical barriers in place to stop unauthorised access to IT systems. Cyber Essentials requires this because even the best digital fortress is useless if someone can just stroll into your office and plug into a server. Think of it as your moat, drawbridge, and portcullis. 2. What You Will Submit You will need: - A photo clearly showing one or more physical access control measures, such as: - Card or biometric access system on a server room door. - Cable locks securing laptops or desktops. - Locked server racks or cabinets. - Security turnstiles or restricted office access points. 3. How to Collect / Obtain / Generate This Evidence Office Door Access Control: 1. Take a photo of the keycard reader, biometric scanner, or keypad at your office/server room. 2. Ensure the photo shows it is installed and in use (e.g., at the entry point). Workstation Cable Locks: 1. Photograph a workstation with a cable lock securing the device to a desk. 2. Ensure the lock mechanism and tether are visible. Locked Server Rack / Cabinet: 1. Photograph your server/network cabinet with lock engaged. 2. Include evidence of labelling or restricted access signage if present. Multi-layered Controls: - Show combinations of controls (e.g., card access + CCTV, or locked racks inside a restricted room). 4. Evidence Format - Accepted file types: JPG, PNG, PDF. - Suggested naming format: YourCompanyName_PhysicalAccessControl_YYYY-MM-DD.jpg Example: AcmeCorp_PhysicalAccessControl_2025-07-01.jpg 5. What “Good” Looks Like - Evidence is clear and unambiguous (no blurry hallway photos). - Shows a real physical control in place, not just an empty room. - Ideally, includes multiple types of access control (e.g., locked racks + card access). Why it matters: auditors want proof that attackers can’t simply bypass digital controls by physically walking into your workspace. 6. Tips - Avoid capturing staff faces in the photo (privacy). - Redact serial numbers or sensitive signage if visible. - If controls are outsourced (e.g., data centre), request a photo or access log evidence from the provider.

Last updated on Sep 25, 2025

Physical Media Destruction Photo Guide

1. Purpose of this Guide This artefact proves your company securely destroys paper-based media so sensitive information doesn’t fall into enemy hands. Cyber Essentials requires this because forgotten printouts, contracts, or system reports can be a goldmine for attackers if left in the bin. A photo of your destruction process shows that you’re not leaving secrets lying around. 2. What You Will Submit You will need: - A photo clearly showing: - The shredding or secure destruction process. - Equipment used (e.g., paper shredder, secure disposal bin). - Media being destroyed (blurred or redacted if sensitive text is visible). 3. How to Collect / Obtain / Generate This Evidence Option A: Office Paper Shredder: 1. Feed paper documents into the shredder. 2. Photograph the shredder in action, showing documents being destroyed. 3. If possible, capture the shredded output. Option B: Secure Disposal Bins (locked consoles): 1. Photograph the secure console/bin in your office. 2. Ensure the lock is visible (to show restricted access). 3. Optionally, include a collection tag from the disposal provider. Option C: Third-Party Secure Disposal Service: 1. Take a photo of the certificate of destruction provided by the vendor. 2. (Optional) Photograph the vendor’s sealed collection bins being removed. 4. Evidence Format - Accepted file types: JPG, PNG, PDF. - Suggested naming format: YourCompanyName_PhysicalMediaDestruction_YYYY-MM-DD.jpg Example: AcmeCorp_PhysicalMediaDestruction_2025-07-01.jpg 5. What “Good” Looks Like - Clear evidence of destruction in progress or completed (not just a photo of a printer). - Secure destruction tool visible (cross-cut shredder, locked bin). - (If vendor-managed) proof of chain-of-custody or destruction certificate. Why it matters: auditors want assurance that sensitive paper doesn’t just walk out the door in the recycling pile — it’s properly destroyed. 6. Tips - Blur/redact visible sensitive info before uploading. - If using a vendor, keep their certificates in your compliance folder. - Ideally, show regular practice, not just one-off destruction (e.g., photo of a labelled “Weekly Shred Bin”).

Last updated on Sep 25, 2025

Risk Management Framework Guide

1. Purpose of this Guide This artefact proves your company has a structured method to assess risks, especially when dealing with EOS (End-of-Support) assets. Cyber Essentials requires this because old software/hardware without vendor patches is a juicy target for attackers. A Risk Management Framework (RMF) shows you’ve thought through those risks and decided on safeguards or mitigations. 2. What You Will Submit You will need: - A documented Risk Management Framework (based on StrongKeep’s template or your own). - It should include: - Identification of risks (technical, operational, compliance). - Assessment of likelihood and impact. - Risk treatment options (accept, mitigate, transfer, retire). - Monitoring and review cycle. - Specific section for End-of-Support assets and how they are managed. 3. How to Collect / Obtain / Generate This Evidence For StrongKeep Customers (recommended): 1. Log into StrongKeep Dashboard → Evidence Library → Templates. 2. Download the Risk Management Framework Template. 3. Fill in: - Company name and date. - Known EOS assets (old Windows servers, routers, apps). - Risks identified (e.g., unpatched vulnerabilities, data leaks). - Mitigations (e.g., network isolation, compensating controls, plan to retire). 4. Save as PDF/DOCX. If creating your own RMF: 1. Base it on NIST or ISO 27005 risk management structures. 2. Include: - Risk Register: list of identified risks. - Scoring Matrix: impact × likelihood. - Treatment Plan: actions, owner, timeline. 3. Review and approve by management. 4. Export as PDF. 4. Evidence Format - Accepted file types: DOCX, PDF, XLSX (if risk register is in spreadsheet). - Suggested naming format: YourCompanyName_RiskManagementFramework_YYYY-MM-DD.pdf Example: AcmeCorp_RiskManagementFramework_2025-07-01.pdf 5. What “Good” Looks Like - Framework clearly documents process + responsibilities. - Risks are scored, prioritised, and assigned to owners. - EOS assets explicitly considered with mitigation actions. - Shows review cycle (e.g., quarterly). Why it matters: auditors want evidence you’re not blindly using outdated kit but making informed, risk-based decisions. 6. Tips - Keep the framework simple but structured — one doc with a clear matrix. - Link it to your Risk Register Form (another artefact) for full coverage. - Update whenever new assets are added or old ones retired.

Last updated on Sep 25, 2025

Risk Register Form Guide

1. Purpose of this Guide This artefact proves your company records and manages identified risks in a structured way. Cyber Essentials requires this because risks — especially from unsupported hardware/software — must not be ignored. A risk register is your ledger of dangers, with each one tracked, scored, and tamed. 2. What You Will Submit You will need: - A Risk Register Form (from StrongKeep’s template or your own) containing: - Risk description (e.g., “Windows Server 2012 reached EOS”). - Likelihood and impact scoring. - Mitigation or treatment actions. - Risk owner (who is responsible). - Status (open, mitigated, retired). 3. How to Collect / Obtain / Generate This Evidence For StrongKeep Customers : 1. Download StrongKeep's Risk Register Form template. 2. Fill in risks relevant to your organisation, including: - EOS assets (hardware/software). - Operational risks (e.g., loss of staff, single points of failure). - Security risks (e.g., phishing, ransomware). 3. Complete the scoring and assign owners. 4. Save as PDF/DOCX/XLSX. If creating your own: 1. Build a table with columns: Risk, Likelihood, Impact, Risk Score, Mitigation, Owner, Status. 2. Rate likelihood/impact on a 1–5 scale. 3. Define mitigations (patching, isolation, migration, etc.). 4. Keep it updated at least quarterly. 4. Evidence Format - Accepted file types: DOCX, PDF, XLSX. - Suggested naming format: YourCompanyName_RiskRegister_YYYY-MM-DD.xlsx Example: AcmeCorp_RiskRegister_2025-07-01.xlsx 5. What “Good” Looks Like - Risks clearly listed with scoring and owners. - EOS assets explicitly included. - Status column shows active management (not blank). - Updated within the last 3–6 months. Why it matters: auditors want to see you’re not guessing — you’ve documented risks and are tracking them like a disciplined knight tallying foes. 6. Tips - Use colour coding (green/yellow/red) for quick visibility. - Keep one master register across the company — don’t scatter risks in different silos. - Link this with your Risk Management Framework artefact to show policy + practice alignment.

Last updated on Sep 25, 2025

Secure Configuration (Cloud, Mobile, IOT) Guide

1. Purpose of this Guide This artefact proves that your company has locked down the configuration of mobile devices, IoT equipment, and cloud systems. Cyber Essentials requires this because insecure defaults and weak settings are easy entry points for attackers. Showing secure configuration demonstrates that your devices and cloud services are hardened, monitored, and not left wide open. 2. What You Will Submit You will need: - A screenshot from the following, depending on the scope of your certification: - Mobile device settings showing passcodes, auto-lock, and no jailbreak/root. - IoT management console showing separated network, discovery features disabled. - Cloud platform console (e.g. AWS, Microsoft 365, Google Cloud) showing logging, monitoring, or compliance enabled. 3. How to Collect / Obtain / Generate This Evidence Mobile Devices: - iOS: Settings → Face ID & Passcode → Screenshot showing passcode enabled and Auto-Lock ≤ 2 mins. - Android: Settings → Security → Screenshot showing Screen Lock enabled, Play Protect on, and apps only from Play Store. IoT Devices (e.g. CCTV, printers, smart devices): 1. Log into the IoT management page. 2. Show network segmentation (IoT VLAN separate from business LAN). 3. Disable auto-discovery and UPnP, then screenshot the configuration page. Cloud Services: - AWS: Management Console → CloudTrail → Event history → Screenshot showing logging enabled. - Microsoft 365: Compliance Center → Audit Log Search → Screenshot showing audit logging on. - Google Cloud: Console → Logging → Logs Explorer → Screenshot of API activity logs enabled. 4. Evidence Format - Accepted file types: PNG, JPG, PDF. - Suggested naming format: YourCompanyName_SecureConfig_YYYY-MM-DD.png 5. What “Good” Looks Like - Screenshot shows specific security controls active (not greyed out). - Device or platform name visible (to prove authenticity). - Timestamp or version visible where possible. - Demonstrates security for the relevant environment (mobile, IoT, or cloud). Why it matters: auditors want evidence that your company has hardened configurations across different platforms — not left them at risky defaults. 6. Tips - For mobile, avoid showing personal photos or sensitive data in screenshots. - For IoT, redact SSIDs or device IDs before uploading. - For cloud, pair the configuration screenshot with a log screenshot to show it’s working.

Last updated on Sep 25, 2025

Trusted Password Manager Guide

1. Purpose of this Guide This artefact proves your company uses a trusted password manager to wrangle logins safely. Cyber Essentials requires this because weak, reused, or sticky-note passwords are easy prey. A password manager keeps accounts organised, unique, and far harder for attackers to crack. 2. What You Will Submit You will need: - A screenshot or report from a trusted password manager. - The evidence should clearly show: - Secure credential storage. - Strong password generator feature. - Password strength/security checks. - (If possible) MFA/2FA setup options. 3. How to Collect / Obtain / Generate This Evidence For StrongKeep Customers: 1. Log into the StrongKeep Dashboard → Password Manager (coming soon). 2. Click Generate Report. 3. Download the PDF or screenshot showing secure storage and features. For other password managers (Bitwarden, 1Password, LastPass, Keeper): 1. Log into the admin/user console. 2. Go to Vault / Security Dashboard / Reports. 3. Screenshot showing: - Password strength report. - Enforced use of unique/strong passwords. - Any MFA/2FA or secure sharing features enabled. 4. Evidence Format - Accepted file types: PNG, JPG, PDF. - Suggested naming format: YourCompanyName_PasswordManager_YYYY-MM-DD.png Example: AcmeCorp_PasswordManager_2025-07-01.png 5. What “Good” Looks Like - Screenshot/report shows actual credential storage (not an empty vault). - Passwords assessed for strength/uniqueness. - Secure password generation features visible. - MFA/2FA setup supported or recommended. Why it matters: auditors want proof you’re not relying on memory or spreadsheets, but a trusted system with best-practice security features. 6. Tips - Redact actual usernames or account names before uploading. - Make sure the report is recent (not years old). - Combine this with your Password Compromise Screenshot to show both proactive (compromise detection) and preventive (trusted manager) controls.

Last updated on Oct 06, 2025

Unused Features Disabled Guide

1. Purpose of this Guide This artefact proves your company trims away unnecessary system features that attackers could exploit. Cyber Essentials requires this because unused services are like forgotten side doors in a castle — easy for intruders to sneak through. Disabling them keeps your environment lean and secure. 2. What You Will Submit You will need: - A screenshot showing disabled features/services in your systems. - The screenshot should demonstrate: - The specific feature/service name. - Its disabled status. - The platform it applies to (Windows, macOS, cloud service, etc.). 3. How to Collect / Obtain / Generate This Evidence Windows (example features): 1. Open Control Panel → Programs → Turn Windows features on or off. 2. Disable unneeded services (e.g., SMBv1, Telnet Client). 3. Screenshot showing unchecked/disabled status. Microsoft 365 / Office Apps: 1. Open Office → Options → Trust Center → Macro Settings. 2. Ensure “Disable all macros without notification” is selected. 3. Screenshot this view. macOS: 1. Go to System Settings → Sharing. 2. Disable unnecessary services (e.g., File Sharing, Printer Sharing, Remote Management if not needed). 3. Screenshot the toggles OFF. Cloud Platforms (AWS, Azure, GCP): - AWS Console: Show unused ports/protocols disabled in Security Groups. - Azure: Screenshot of disabled legacy authentication. - GCP: Show services/APIs disabled in IAM or API console. 4. Evidence Format - Accepted file types: PNG, JPG, PDF. - Suggested naming format: YourCompanyName_UnusedFeaturesDisabled_YYYY-MM-DD.png Example: AcmeCorp_UnusedFeaturesDisabled_2025-07-01.png 5. What “Good” Looks Like - Screenshot clearly shows the feature/service turned OFF. - Platform is identifiable (so it’s not a generic image). - Shows relevant security-related features, not just random system toggles. Why it matters: auditors want evidence that you’ve actively slimmed down your systems to reduce risk, not left attack surfaces open by default. 6. Tips - Keep a list of which features/services are disabled across your environment. - Redact sensitive names (e.g., server names, internal IPs). - Pair this evidence with your Secure Configuration Screenshot to show a holistic hardening strategy.

Last updated on Sep 25, 2025

Users Training Completion Screenshot Guide

1. Purpose of this Guide This artefact shows your company doesn’t just talk about training but actually tracks who has completed it. Cyber Essentials requires this because awareness training isn’t a one-off quest — it’s a routine drill. Evidence proves your staff sharpen their cyber skills regularly, not just once upon a time. 2. What You Will Submit You will need: - A screenshot or report showing: - List of users enrolled. - Training completion status (Completed, In-progress, Not started). - Completion dates or timestamps. - Overall training coverage (e.g., % of staff trained). 3. How to Collect / Obtain / Generate This Evidence For StrongKeep Customers: 1. Log into the StrongKeep Dashboard → Training. 2. Select the latest training campaign (e.g., phishing awareness, password hygiene). 3. Screenshot the completion list or summary graph. Alternative (non-StrongKeep setups): - Google Classroom / Microsoft Teams / Moodle: Export or screenshot training completion reports. - HR / LMS platforms (Workday, BambooHR, SAP SuccessFactors): Download or screenshot compliance training completion status. 4. Evidence Format - Accepted file types: PNG, JPG, PDF. - Suggested naming format: YourCompanyName_TrainingCompletion_YYYY-MM-DD.png Example: AcmeCorp_TrainingCompletion_2025-07-01.png 5. What “Good” Looks Like - Screenshot shows multiple users with clear status indicators (Completed/In-progress). - Includes dates for completions. - Overall coverage easily visible (e.g., percentage trained). - Taken from a credible platform (StrongKeep dashboard, LMS, HR tool). Why it matters: auditors want to see proof that awareness training is ongoing and tracked, not just a checkbox exercise. 6. Tips - Redact personal details (email addresses, staff IDs) before uploading. - Keep records from multiple cycles (e.g., last year and this year) — it proves consistency. - Pair this evidence with your Cybersecurity Awareness Training Guide artefact for maximum impact.

Last updated on Sep 25, 2025

Web Server Internet Hygiene Portal Results Guide

1. Purpose of this Guide This artefact proves your company’s web servers are configured securely. Cyber Essentials requires this because misconfigured servers (e.g., expired TLS, missing headers) are prime targets for attackers. The IHP scan provides independent verification that your servers meet security best practices. 2. What You Will Submit You will need: - A screenshot or PDF report of your Web Server IHP Results, showing: - Overall web server security score. - HTTPS/TLS configuration. - Certificate validity status. - HTTP security headers (e.g., HSTS, X-Frame-Options). 3. How to Collect / Obtain / Generate This Evidence For StrongKeep Customers: 1. Log into StrongKeep Dashboard → Web and Mail Server 2. Select Web Server Results. 3. Run the external scan (or select latest scan). 4. Download the results as PDF or take a screenshot of the dashboard view. If using IHP directly (Singapore CSA Internet Hygiene Portal): 1. Visit the IHP portal (https://ihp.csa.gov.sg). 2. Enter your web server domain. 3. Run the scan. 4. Save a screenshot of the results page or download the report. 4. Evidence Format - Accepted file types: PNG, JPG, PDF. - Suggested naming format: YourCompanyName_WebServerIHP_YYYY-MM-DD.pdf Example: AcmeCorp_WebServerIHP_2025-07-01.pdf 5. What “Good” Looks Like - Evidence clearly shows: - Valid HTTPS/TLS certificates (not expired). - Strong TLS protocols (e.g., TLS 1.2/1.3). - HTTP security headers present. - A passing or good security score in the IHP results. Why it matters: auditors want assurance your servers aren’t leaking weaknesses to the internet. 6. Tips - Always run scans close to audit date (so the results are fresh). - If the IHP flags weak protocols (e.g., TLS 1.0), disable them and rerun. - Save historical results too — they help show continuous compliance.

Last updated on Sep 25, 2025