Please list the quantities and operating systems for your laptops, desktops and virtual desktops within the scope of this assessment.
What this question is really asking
List the quantities and operating system versions for all in-scope laptops, desktops, and virtual desktops. Operating system versions matter — assessors will cross-reference this against your software support answers in section A6. Unsupported OS versions are an automatic fail.
What satisfies this requirement
A list is requiredInclude make and OS version. Windows edition and feature version required. Corporate and BYOD. Important: only in-scope devices connecting to cloud services must be included. Out-of-scope device user accounts accessing cloud services must still comply with MFA. Windows 10 beyond 14 October 2025 requires Microsoft ESU.
What to prepare before your assessor visit
Be meticulous with operating system versions — this list is directly cross-referenced against A6.1 (supported OS) and the patching questions. 'Various Windows versions' is insufficient; assessors need the specific versions to check support status. Run a proper software inventory rather than estimating, particularly for older hardware that may still be running outdated OS versions.
How this question sits across CE versions
Related policy templates
Getting certified means having documentation to back it up. These policy templates cover the controls this question tests.
Does your organisation meet this requirement?
Answer 30 plain-English questions and find out exactly where you stand across all 5 Cyber Essentials control areas — with a prioritised list of what to fix first.