How are home/remote workers connecting to your organisational data and services?
What this question is really asking
Describe the connection method for home and remote workers — corporate VPN, direct cloud access, split-tunnel VPN, Citrix, and so on. Assessors are checking whether remote connection paths are adequately protected. Home routers are in scope for Cyber Essentials if they are used to access organisational data.
What satisfies this requirement
A written response is requirede.g. via home router, business-provided router or corporate VPN.
What to prepare before your assessor visit
Your answer here directly determines what firewall controls are required. A corporate VPN means each home worker's home router is likely in scope as a boundary device. Split-tunnel VPN raises questions about the unprotected traffic path. Direct cloud access shifts the protection burden to the device's software firewall and endpoint security. Think through the implications for each connection type before answering.
How this question sits across CE versions
Question A2.4.2 is unique to Cyber Essentials Danzell — it does not appear in other versions of the standard. New in Danzell. This question makes the remote worker network topology explicit.
Related policy templates
Getting certified means having documentation to back it up. These policy templates cover the controls this question tests.
Does your organisation meet this requirement?
Answer 30 plain-English questions and find out exactly where you stand across all 5 Cyber Essentials control areas — with a prioritised list of what to fix first.