Please provide a list of your networks that will be in the scope for this assessment.
Section A2: Scope of Assessment · Cyber Essentials Montpellier
What this question is really asking
List all in-scope servers, virtual machines, hypervisors (Hyper-V, VMware, and so on), and VDI hosts. This is where organisations most commonly undercount — every server needs a compliant OS, patching process, and access control. Cloud-hosted virtual machines count as servers.
What satisfies this requirement
A list is requiredInclude name, location, and purpose of each network including home worker networks.
What to prepare before your assessor visit
Servers are the most underreported category in this section. Cloud-hosted virtual machines, development servers, internal file servers, print servers, build agents — every one is in scope. A missing server discovered during assessment calls the accuracy of the entire application into question. Consider pulling an inventory from your hypervisor, cloud console, or IT asset management system rather than listing from memory.
How this question sits across CE versions
Related policy templates
Getting certified means having documentation to back it up. These policy templates cover the controls this question tests.
Does your organisation meet this requirement?
Answer 30 plain-English questions and find out exactly where you stand across all 5 Cyber Essentials control areas — with a prioritised list of what to fix first.