How does your organisation make sure that separate accounts are used to carry out administrative tasks?
What this question is really asking
Describe how your organisation ensures administrators use a separate account for administrative tasks versus their everyday work. Standard practice is for each admin to have a regular user account for email and browsing, and a separate privileged account for admin tasks. Using a single account for both purposes is a common finding in smaller organisations.
What satisfies this requirement
A written response is requiredApplies to local administrator accounts, network/domain administrator accounts, and cloud service administrator accounts.
What to prepare before your assessor visit
The separation between admin and standard user accounts needs to be consistent in practice, not just on paper. A very common pitfall is an IT manager who technically has a separate admin account but uses their regular account for admin tasks 90% of the time because it's more convenient. If the separation exists nominally but not in practice, it will not withstand scrutiny.
How this question sits across CE versions
Related policy templates
Getting certified means having documentation to back it up. These policy templates cover the controls this question tests.
Does your organisation meet this requirement?
Answer 30 plain-English questions and find out exactly where you stand across all 5 Cyber Essentials control areas — with a prioritised list of what to fix first.