The Cyber Essentials SAQ (Self-Assessment Questionnaire)

Speak to an expert

If you’re looking for help with Cyber Essentials certification, get in touch with our experts. They can advise you which of our packaged solutions and services are best suited to your needs.

What is the Cyber Essentials self-assessment questionnaire?

To achieve Cyber Essentials certification, you must complete a Cyber Essentials SAQ (self-assessment questionnaire).

The SAQ questions relate to each of the five Cyber Essentials security controls:

Secure configuration
Firewalls
User access controls
Security update management
Malware protection

As of 28 April 2025, new certifications must refer to the 2025 Cyber Essentials and Cyber Essentials Plus update.

This introduces a new Question Set, known as ‘Willow’, which replaces the Montpellier Question Set. There are also minor changes introduced by v3.2 of the Cyber Essentials Requirements for IT Infrastructure, most of which apply to definitions.

Applicants must confirm they’ve read the updated Requirements for IT infrastructure document as part of their application.

Your completed Cyber Essentials questionnaire serves as a statement of your organisation’s compliance, demonstrating that you have met the scheme’s requirements. It must be signed off by a member of your organisation’s board or equivalent.

Free download: Cyber Essentials self-assessment questionnaire

Download copies of the Cyber Essentials Question Set and Cyber Essentials: Requirements for IT Infrastructure before applying for certification.

Download now

Need some guidance?

If you need help with your application process, we recommend the following products:

Cyber Essentials Get A Little Help: includes up to three hours of Remote Consultancy Support to help you through the application process.
Cyber Essentials Remote Consultancy Support: online consultancy by the hour.