top of page

Cyber Essentials based Supplier Cyber Security  Questionnare

For a comprehensive but lightweight cyber-risk assessment of your Suppliers, our Cyber Essentials based Questionnaire offers an effective level of cyber security assurance based on a UK Government standard.  Request a copy to review or try it with Rizikon Assurance free for 30 days

Cybersecurity charts

Find out how the Cyber Essentials based Supplier Cyber Security Questionnaire may help you protect your business

Who should use this CE-based Supplier Cyber-Risk Questionnaire

With increasing threats of cyber-terrorism, malware and data theft, the prioritisation of good information security practices within a business is key to avoiding fines, reputational damage and loss of business. Common weak are often from the supply chain or third parties which, given a wide spread of risk, makes it useful to have a risk-proportional approach to questionnaire in this area. Organisations that wish to avoid dealing with non-compliant suppliers and minimise exposure to high-risk data practices This will assist with ensuring a foundational level of information security within an organisation, particularly where the risk is low. As such, it is a useful baseline standard of security in a supply chain.

How this Supplier Security questionnaire was developed

This questionnaire is based on the government-backed Cyber Essentials scheme, designed to help protect organisations of various sizes against a whole range of the most common cyber attacks. The content of the scheme covers some of the most basic cyber-security practices than an organisation can adopt. The questions in this Supplier Cyber Security Questionnaire in Rizikon Assurance are derived from those that an organisation will answer when applying for cyber essentials, with the scoring also being highly correlated.

Cyber Essentials Supplier Questionnaire Questions, sections and scoring

The structure of this CE-based Supplier Checklist covers the fundamental areas of Office Firewalls and Internet Gateways, Secure configuration (such as password procedures), Patches and Updates, user and administrative Accounts, Malware Protection, and others. It also gathers basic information on the company in question and the scope of the questionnaire to ensure the relevance of the questionnaire is clear. There are only 9 sections in total. The questions are “negatively” scored on a tiered basis – answers can be provided that are either scored Minor, Major or Fail, whereas compliant answers will simply remain un-highlighted. These scores indicate that organisation is potentially not operating within a pass mark of cyber essentials. Minor scores indicate advisory notes, whereas majors and fails indicate serious non-conformity with best practices as outlined in the scheme. The overall questionnaire score will be inherited from the most severe question score provided, highlighting their point of least compliance.


Request a Demo, ask us to send you a copy of the Questionnaire or Try the Questionnaire and Rizikon Assurance

free for 30 days

bottom of page