Please describe the process for changing your firewall password.
What this question is really asking
Describe how you change firewall passwords — who is responsible, when it happens (at initial setup), and where the new password is recorded. Assessors are looking for a repeatable process, not a one-time action. A password manager or documented procedure referencing a specific record is expected.
What satisfies this requirement
A written response is requiredHome routers not supplied by the organisation excluded.
What to prepare before your assessor visit
Assessors are looking for repeatability — the same answer should hold for a device installed two years ago and one installed last week. 'We change it when we set up a device' is acceptable; 'someone probably changed it' is not. Show the process: a setup checklist, a password manager entry, a ticket, or a documented procedure that is consistently followed.
How this question sits across CE versions
Related policy templates
Getting certified means having documentation to back it up. These policy templates cover the controls this question tests.
Does your organisation meet this requirement?
Answer 30 plain-English questions and find out exactly where you stand across all 5 Cyber Essentials control areas — with a prioritised list of what to fix first.