Please list the quantities of tablets and mobile devices within the scope of this assessment.
What this question is really asking
List the quantities and OS versions for all in-scope tablets and mobile phones. Personally-owned (BYOD) devices are in scope if they access organisational data or email. Assessors will cross-reference these against your malware protection answers in section A8.
What satisfies this requirement
A list is requiredAll tablets and mobiles accessing organisational data, including BYOD. Include make and OS version.
What to prepare before your assessor visit
BYOD is where most organisations are caught out. If a personal device accesses corporate email — even via a mobile app — it is in scope. If your BYOD policy says 'personal devices are not allowed', assessors will ask how that is technically enforced. An MDM solution confirming only enrolled corporate devices can access corporate resources is the cleanest answer; anything less requires careful explanation.
How this question sits across CE versions
Related policy templates
Getting certified means having documentation to back it up. These policy templates cover the controls this question tests.
Does your organisation meet this requirement?
Answer 30 plain-English questions and find out exactly where you stand across all 5 Cyber Essentials control areas — with a prioritised list of what to fix first.