Inside the tool that makes Cyber Essentials actually achievable

Smart, Organised, and It Never Sleeps

---

I need to geek out for a minute.

I know, I know - I usually try to keep things jargon-free. Plain English. No tech-speak. But this is different. This is about the actual platform that got us certified, that I've spent hundreds of hours with, that I've helped shape through feedback and testing.

And honestly? It's brilliant. Let me tell you why.

The Problem With Certification

Before I explain what TransCrypt built, let me explain what it's solving.

Cyber Essentials certification sounds simple. Five controls. Answer some questions. Get certified. Easy, right?

Except it's not. Because when you're a small business owner staring at those questions for the first time, you don't know:

• What the questions actually mean
• What evidence you need
• Whether your setup is compliant or not
• What to fix first
• Whether your answers are going to pass

Most platforms just give you the questions and leave you to it. Here's the form. Good luck. Hope you understand what "boundary firewall configuration" means.

That's how people end up at 2am, three browser tabs open, Googling frantically, no closer to understanding whether their router counts as a firewall or not.

TransCrypt built something different.

The Two Things That Shouldn't Work Together

Here's the clever bit. The platform combines two approaches that seem like opposites:

AI reasoning - machine learning, large language models, the stuff that can understand context, interpret your situation, and guide you in natural language.

Deterministic logic - structured, predictable, auditable. Same inputs always produce same outputs. The kind of system an auditor can trust.

Usually you get one or the other. AI tools that are clever but unpredictable - you never quite know what you're going to get. Or structured systems that are reliable but rigid - they can't adapt to your specific situation.

TransCrypt figured out how to do both.

How It Actually Works

Let me walk you through what happens when you use the platform.

Step 1: It learns about you

When you start, the system asks about your business. Not just "how many employees" tick-box stuff. Actual questions about how you work. What systems you use. How your team operates.

The AI processes this and builds a picture of your specific situation. A three-person accountancy firm has different needs than a twenty-person manufacturer. The platform understands that.

Step 2: It translates the requirements

Here's where the magic happens.

The official Cyber Essentials questions are... let's say "technically precise." They're written for assessors, not for normal humans.

The platform translates them. Not just into simpler language - into questions that make sense for your specific setup. If you told it you use Microsoft 365, it asks about Microsoft 365. If you're running standalone laptops, it asks about standalone laptops.

Same underlying requirement. Different question based on your context.

Step 3: It guides your answers

When you're answering a question, the AI is watching (in a helpful way, not a creepy way).

Struggling with what "secure configuration" means for your setup? It explains, with examples relevant to what you've already told it. Not sure if your answer is right? It flags potential issues before you submit.

This is where the AI reasoning shines. It's not just checking boxes - it's understanding your intent and helping you get to the right answer.

Step 4: It stays deterministic

Here's the crucial bit for certification: despite all the AI cleverness, the actual assessment logic is deterministic.

That means: your final answers map to specific, auditable criteria. There's no AI hallucination deciding whether you pass or fail. The smart stuff helps you get there; the structured stuff determines the outcome.

An auditor can look at your submission and see exactly why you passed. The logic is traceable. The evidence is documented. Nothing mysterious.

Step 5: It creates the record

Everything you do in the platform is logged. Every answer, every piece of evidence, every change.

This isn't just bureaucracy. It's your audit trail. When the assessor asks "can you show me your password policy?", you don't have to dig through folders. It's there, linked to your answer, timestamped and versioned.

Why This Matters

I've seen people try to get certified with just a PDF checklist and determination. Some make it. Many don't.

They get stuck on questions they don't understand. They answer based on what they think is right, not what actually is. They submit and fail, then don't know why. They give up.

The TransCrypt approach removes those failure points:

No more translation problems. The AI explains requirements in language you understand, specific to your situation.

No more "am I doing this right?" anxiety. The system guides you, flags issues, helps you self-correct before submission.

No more evidence chaos. Everything's organised, stored, linked. Your audit trail exists automatically.

No more mystery failures. The deterministic logic means you know exactly where you stand before you submit.

The 3am Test

Here's my real-world test for any tool: does it work at 3am when you're panicking?

I've used this platform at 3am. When Mr S was worried about something before an audit. When a client had an urgent question I couldn't answer off the top of my head.

The AI component means I can ask questions in natural language. "Does our current firewall setup meet the boundary protection requirement?" And get an actual, contextual answer.

The deterministic component means I can trust that answer. It's not making things up. It's checking our documented configuration against specific criteria.

Smart enough to help. Reliable enough to trust. Available whenever I need it.

What I Helped Build

Full disclosure: I've been involved in developing this platform. Not writing code - that's way beyond me - but feeding back constantly on how real users experience it.

Every time I hit a question that confused me, I told them. Every time a client struggled with something, I reported it. Every time the AI explanation wasn't quite clear enough, I pushed for better.

The team actually listened. I'd flag an issue, and a few weeks later it would be fixed. The platform now is significantly better than the platform I first used, partly because of feedback from people like me - actual users doing actual certifications.

That's rare. Most software companies build what they think users need. TransCrypt builds what users actually need, because they keep asking us.

The Deterministic Difference

I want to come back to this word: deterministic.

In a world full of AI that makes things up, that hallucinates, that gives different answers to the same question - deterministic matters.

When you're going for certification, you need to know that the guidance you're getting is accurate. That the criteria being applied are the real criteria. That your pass is a real pass.

TransCrypt's approach uses AI for the helpful bits - understanding context, explaining requirements, guiding you through - but keeps the assessment logic rock solid. Predictable. Auditable.

It's not either/or. It's both. Smart where smart helps. Structured where structure matters.

The Numbers

Let me give you some concrete outcomes:

Time to certification: Most users complete in 4-6 weeks, working part-time on it alongside their actual jobs.

First-time pass rate: Significantly higher than the industry average, because the platform catches issues before submission.

Support queries: Down dramatically compared to traditional approaches, because the AI handles most questions in real-time.

3am usage: Higher than you'd expect. Turns out small business owners do a lot of their admin in the small hours.

Who It's For

This platform is built for businesses like Simpson & Sons was. Like you probably are.

• Small teams without IT departments
• Owners who are capable but time-poor
• People who need guidance, not just checklists
• Businesses that need certification to access opportunities

If you've got a full IT team and internal compliance specialists, you probably don't need this. You've got people whose job it is to understand this stuff.

But if you're the owner who's also the IT department who's also the compliance officer who's also the person making the tea? This is for you.

The Honest Assessment

Is the platform perfect? No. Nothing is.

Sometimes the AI explanations could be clearer. Sometimes the interface takes a click more than it should. Sometimes I wish it would just tell me what to do rather than explaining the options.

But compared to the alternative - a PDF checklist and a prayer - it's transformative. It took us from "we don't even know where to start" to "certified in six weeks."

And it keeps getting better. Every month there are improvements. Every feedback session leads to changes. The team is genuinely committed to making this work for small businesses.

The Point

Cyber Essentials doesn't have to be terrifying. It doesn't have to mean midnight Googling and crossing your fingers on submission.

With the right tool - smart enough to guide you, organised enough to trust, available when you need it - certification becomes achievable. Even for three laptops and a prayer.

That's what TransCrypt built. That's what I use every day. That's what I recommend to every small business I work with.

Smart. Organised. Never sleeps.

Just like me. Except I do sleep now. Because the platform handles the 3am panics.

---

Danny Preece is Head of Technical Sales at Simpson & Sons and an SME Cyber Resilience Consultant with TransCrypt. He has logged more hours on the platform than he cares to admit, and has strong opinions about button placement that the dev team are tired of hearing.