Please list the quantity of servers, virtual servers, virtual server hosts (hypervisors) and Virtual Desktop Infrastructure (VDI) servers. You must include the operating system.
What this question is really asking
List all firewalls, routers, switches, and other network infrastructure within scope. Include make, model, and quantity where possible. Assessors will cross-reference this list against your firewall and patching answers — any equipment you list must be compliant.
What satisfies this requirement
A list is requiredAll servers in scope. Include OS version.
What to prepare before your assessor visit
List accurately and completely — don't omit a device because you think it might not meet the standard. Assessors strongly prefer an honest complete list that then has compliance gaps addressed, over discovering unlisted equipment later. Omissions that surface during assessment look deliberate, even when they aren't.
How this question sits across CE versions
Related policy templates
Getting certified means having documentation to back it up. These policy templates cover the controls this question tests.
Does your organisation meet this requirement?
Answer 30 plain-English questions and find out exactly where you stand across all 5 Cyber Essentials control areas — with a prioritised list of what to fix first.