Please list all office applications that are used to create organisational data.
Section A6: Security Update Management · Cyber Essentials Montpellier
What this question is really asking
List all productivity applications used to create and edit organisational data — Microsoft Office, Google Workspace, LibreOffice, and so on. These applications are frequent targets for macro-based malware. Ensure all listed applications are supported versions covered by your patching process.
What satisfies this requirement
A list is requiredVersion required. e.g. MS 365, Libre Office, Google Workspace, Office 2016.
What to prepare before your assessor visit
Office applications are frequent targets for macro-based attacks, so being on a supported version with current updates is the core requirement here. Beyond version compliance, assessors may ask whether macros are restricted — particularly relevant for older Office versions. Being on a current, auto-updated version is the cleanest answer and removes most macro attack surface by default.
How this question sits across CE versions
Related policy templates
Getting certified means having documentation to back it up. These policy templates cover the controls this question tests.
Does your organisation meet this requirement?
Answer 30 plain-English questions and find out exactly where you stand across all 5 Cyber Essentials control areas — with a prioritised list of what to fix first.