Cyber Essentials has changed three times in four years.
Most organisations don't know which version they're working towards, what changed between versions, or whether their existing answers still hold. We've mapped every question across every version so you don't have to.
Three Versions. One Certification.
Each version of Cyber Essentials asks different questions, frames requirements differently, and carries different implications for organisations certifying under it. Knowing which version you're on — and what changed — is the first step.
Montpellier
The foundation. Established the five control families and the organisational context questions that later versions build on.
Willow
Introduced CVSSv3 ≥7 as the explicit patch threshold, expanded cloud service requirements, and restructured the contractor and subsidy questions.
Danzell
The current standard. Significantly expanded organisational and scoping sections. Introduced five auto-fail questions — the first explicit automatic certification failures in the scheme's history.
Auto-Fail Questions — New in Danzell
For the first time in the scheme's history, Danzell v16.2 introduces five questions where a single wrong answer is an automatic certification failure — regardless of your answers elsewhere. They cover OS patching, application patching, and MFA on cloud services.
Not sure if your organisation would pass them? That's exactly what Transcrypt is for.
Every question.
Every version.
Side by side.
112 unique concepts tracked across all three versions of the standard. See exactly what changed, what was dropped, what was added — and which five questions will now automatically fail your certification.
Ready to certify?
Choose your workstream, answer the questions, and let Transcrypt do the rest. No spreadsheets. No consultants. No confusion.