Which method do you use to unlock the devices?
What this question is really asking
Specify the method used to unlock your devices — password, PIN, biometric, or pattern. The standard accepts biometric and PIN methods provided they meet minimum complexity requirements. Pay attention to PIN length: a four-digit PIN is considered insufficient in Danzell.
What satisfies this requirement
A written response is requiredPIN of at least 6 characters only if it unlocks the device only and further auth required for organisational data. Brute-force protection required: throttling (max 10 in 5 min) or lockout after 10 attempts.
What to prepare before your assessor visit
If you allow PIN authentication, make sure the PIN length meets the Danzell requirement — a four-digit PIN is explicitly insufficient. Review your MDM policies for minimum PIN length and update them before assessment if needed. Biometric authentication is acceptable as the primary method provided there is a compliant PIN or password fallback for when biometrics fail or are unavailable.
How this question sits across CE versions
Related policy templates
Getting certified means having documentation to back it up. These policy templates cover the controls this question tests.
Does your organisation meet this requirement?
Answer 30 plain-English questions and find out exactly where you stand across all 5 Cyber Essentials control areas — with a prioritised list of what to fix first.