Questionnaire Part 1 Your Organisation
This guide reflects the Danzell question set, introduced in April 2026. Applications using the Willow question set will differ in some areas; these applications may still be completed before October 2026.
Your Organisation
This section is used to identify the organisation we are assessing.
Please answer all of the questions in this section—missed questions will delay the assessment.
Please note that the answer for A1.1 will be the name that is printed on the certificate. Please check this is correct before submitting the assessment.
A1.1 Organisation Name
What is your organisation's name?
The
name provided in Question A1.1 should be the name of just one legal entity. If the assessment includes more than one
legal entity, the name provided in this question will appear on your certificate as the primary legal
entity.Please ensure it is accurate and does not exceed the character limit of 150 (including spaces). Although the name will be one legal entity, you can include a trading name (Trading as).
If the scope of this assessment includes other legal
entities, you must list all these legal entities in Question A1.6.1. These included legal entities will be listed on your digital certificate. If desired, you can purchase individual Cyber
Essentials certificates for them at £10 each after your main certificate is
issued.
Important Notes:
All legal
entities included in one scope of assessment must share the same IT
infrastructure and network.
The board member signing off on the certificate must have the
authority to represent all the listed legal entities.
Any legal entities not listed in Question A1.6.1 cannot be added after the certification process is complete.
If you are unsure whether additional legal entities can
be included under this certification or if they require separate
certifications, please refer to our guidance for further clarification and examples.
Where an organisation wishes to certify subsidiary companies on the same certificate, the organisation can certify as a group and can include the subsidiaries' name on the certificate as long as the board member signing off the certificate has authority over all certified organisations. For example: The Stationery Group, incorporating The Paper Mill and The Pen House
It is also possible to list on a certificate where organisations are trading as other names. For example: The Paper Mill trading as The Pen House.
The answer provided to A1.1 is the name that will be displayed on your certificate and has a character limit of 150 including spaces.
A1.2 Organisation Type
What type of organisation are you?
“LTD” – Limited Company (Ltd or PLC)
“LLP” – Limited Liability Partnership (LLP)
“CIC” – Community Interest Company (CIC)
“COP” – Cooperative
“MTL” – Other Registered Mutual (Community Benefit Society, Credit Union, Building Society, Friendly Society)
“CHA” – Registered Charity
“GOV” – Government Agency or Public Body
“SOL” – Sole Trader
“PRT” – Other Partnership
“SOC” – Other Club/ Society
“OTH” – Other Organisation
Use the dropdown menu to select your answer.
A1.3 Number of employees
How many employees are there in the organisation?
Please provide the number of people who are working for your
organisation, including all legal entities.
This would include volunteers, agency workers, contractors and others who have access to your organisational
data.
Please enter the number of employees
A1.4 Organisation Number
What is your organisation's registration number?
Please enter the registered organisation number for the primary legal entity only, with no spaces or punctuation. Letters (a-z) are allowed, but your answer must include at least one digit (0-9) and must not exceed 20 characters.
The organisation number you provide must correspond to the Company
Name entered in A1.1. If you are applying for certification for more than one
registered company, enter only the organisation number for the primary legal
entity.
If you selected
Government Agency, Sole Trader, Other Partnership, Other Club/Society, or Other
Organisation in A1.2, please enter "none."
If your country does not issue company numbers, provide a unique identifier such as a DUNS number.
If you are registered at Companies House, you can find your
registration number here: Companies
House
Free company information from Companies House includes registered
office address, filing history, accounts, annual return, officers, charges, and
business activity.
Please enter the registered number only with no spaces or other punctuation. Letters (a-z) are allowed, but you need at least one digit (0-9). There is a 20 character limit for your answer.
A1.5 Organisation Registered Address
What is your organisation's registered address?
Please provide the legal registered address for your organisation.
Please ensure you fill out both the 'Answer' and 'Country' cells, even if the content is identical.
A1.5.1 Organisation Operational Address
Please provide the operational addresses, if different to your registered address.
Please provide the address or addresses where your organisation operates from. This does not include the addresses of home/remote workers.
Please ensure you fill out both the 'Answer' and 'Country' cells, even if the content is identical. Please do not provide home worker addresses.
Certificates
Depending on the way the organisation is set up, one or more assessment accounts may be required. See the following guidance article to determine whether you will need a single assessment account or more than one.
Entities sharing a Cyber Essentials Certification
Entities or companies require different assessments in the following cases:
- Different Legally Responsible Persons: If the entities do not share the same director or board-level member who can sign off on the assessment.
- Different Network Infrastructure: If the entities do not share the same network infrastructure.
- Separate Legal Entities: If the entities are separate companies with no shared governance or oversight.
A1.6 More Than One Legal Entity.
Do you have more than one legal entity, including subsidiaries, within the scope of this assessment?
Entities sharing a Cyber Essentials Certification
Legal entities or companies require different assessments in the following cases:
- Different legally responsible persons: If the legal entities do not share the same director or board-level member who can sign off on the assessment.
- Different network infrastructure: If the legal entities do not share the same network infrastructure.
- Separate legal entities: If the legal entities are separate companies with no shared governance or oversight.
This answer requires a yes or no answer.
A1.6.1 More Than One Legal Entity
Please provide the name, company number and registered address of any additional legal entities that are included.
If the scope of your assessment contains more than one legal entity, please list the additional included legal entities in Question A1.6.1.
You can add the details of multiple legal entities individually by clicking on the Add Entry button. When entering the company number, please enter the registered number only, with no spaces or other punctuation. Letters (a-z) are allowed, but you need at least one digit (0-9). There is a 20-character limit for your answer.
If any legal entities in A1.6.1 are a Government Agency, Sole Trader, Other Partnership, Other Club/Society or Other Organisation enter "none" for these companies.
If any legal entities in A1.6.1 are registered in a country that does not issue a company number, please enter a unique identifier like a DUNS number.
Included legal entities will be listed on the digital Cyber Essentials certificate of the primary legal entity and will share the same certification expiry date. Each included legal entity will be invited by email to purchase a separate certificate under their own name for a minimal cost after the main certificate is issued.
The name of each included legal entity will automatically be added to the Cyber Essentials certificate search and be discoverable in the Cyber Essentials Supply Check Tool regardless of whether or not they apply for their own individual certificate.
If the certification for the primary legal entity is revoked, the certifications for all included legal entities will also be revoked.
.
A1.7 Organisation Occupation
What is your main business?
Please summarise the main occupation of your organisation.
Use the dropdown menu and provide Applicant Notes if necessary.
A1.8 Website Address
What are the two main reasons for applying for certification?
Please provide your website address (if you have one). This can be a Facebook/LinkedIn page if you prefer.
A1.9 Renewal or First Time Application
Is this application a renewal of an existing certification or is it the first time you have applied for certification?
If you have previously achieved Cyber Essentials, please select "Renewal". If you have not previously achieved Cyber Essentials, please select "New Application".
A1.10 Reason for Certification
What are the two main reasons for applying for certification?
Please let us know the two main reasons why you are applying for certification. If there are multiple reasons, please select the two that are most important to you. This helps us to understand how people are using our certifications.
Please ensure you choose two reasons; if you choose only one, we will be required to request further information upon submission.
Your answers here may trigger additional questions; for example if you have said there is a requirement by a grant authority, this will trigger A1.10.3 where you will be asked for the grant authority's name.
A1.11 CE Requirements Document
Have you read the 'Cyber Essentials Requirements for IT Infrastructure' document
This document is available on the NCSC Cyber Essentials website and should be read before completing this question set.
This question requires a yes or no answer. You do not need to add Applicant Notes to be compliant.
A1.12 NCSC Cyber Advisor
Have you spoken to an assured NCSC Cyber Advisor to help with your application?
This is a person assured by NCSC as a Cyber Essentials Cyber Advisor to provide advice on how to implement Cyber Essentials.This question requires a yes or no answer. You do not need to add Applicant Notes to be compliant.
This is a person assured by NCSC as a Cyber Essentials Cyber Advisor to provide advice on how to implement Cyber Essentials.
This question requires a yes or no answer. You do not need to add Applicant Notes to be compliant.
A1.13 Cyber Breach
Can IASME and their expert partners contact you if you experience a cyber breach?
We would like feedback on how well the controls are protecting organisations. If you agree to this then please email security@iasme.co.uk if you do experience a cyber breach. IASME and expert partners will then contact you to find out a little more but all information will be kept confidential.
This question requires a yes or no answer. You do not need to add Applicant Notes to be compliant.
A1.14
Where did you hear about Cyber Essentials?
A1.15 Cyber Breach
Can IASME contact you for research purposes?Both IASME and the UK government occasionally need to ask questions about the process and/or benefits of the Cyber Essentials scheme for research purposes. If you agree to this we will contact you via the email address you registered with, you are free to not respond if we do contact you.
This question requires a yes or no answer. You do not need to add Applicant Notes to be compliant.
Both IASME and the UK government occasionally need to ask questions about the process and/or benefits of the Cyber Essentials scheme for research purposes. If you agree to this we will contact you via the email address you registered with, you are free to not respond if we do contact you.
This question requires a yes or no answer. You do not need to add Applicant Notes to be compliant.
A1.16 Early Warning
Have you signed up to the NCSC’s free Early Warning service?
This question requires a yes or no answer. You do not need to add Applicant Notes to be compliant.
This question requires a yes or no answer. You do not need to add Applicant Notes to be compliant.
Related Articles
Questionnaire Part 3 Insurance
This guide reflects the Willow question set, introduced in April 2025. Applications using the Montpellier question set will differ in some areas; these applications may still be completed before 28th October 2025. Insurance When a UK-domiciled ...Questionnaire Part 7 Access Control
This guide reflects the Willow question set, introduced in April 2025. Applications using the Montpellier question set will differ in some areas; these applications may still be completed before 28th October 2025. Access Control (User Access Control) ...Questionnaire Part 6 Secure Business Operations (Security Update Management)
This guide reflects the Willow question set, introduced in April 2025. Applications using the Montpellier question set will differ in some areas; these applications may still be completed before 28th October 2025. Security Update Management A6.1 ...Questionnaire Part 8 Malware Protection
This guide reflects the Willow question set, introduced in April 2025. Applications using the Montpellier question set will differ in some areas; these applications may still be completed before 28th October 2025. Malware Protection A8.1 Malware ...Questionnaire Part 4 Secure Business Operations (Boundary Firewalls and Internet Gateways)
This guide reflects the Willow question set, introduced in April 2025. Applications using the Montpellier question set will differ in some areas; these applications may still be completed before 28th October 2025. Secure Business Operations Boundary ...