Skip to main content
About RightCyberIndependent preparation

A Cyber Essentials evidence readiness workspace built around the submission you actually have to make.

RightCyber built this workspace to take a UK applicant from first review to a defensible Cyber Essentials submission. It is structured around the 2026 IASME Danzell Question Set and the NCSC v3.3 Requirements for IT Infrastructure.

Many Cyber Essentials applications stall because of preparation gaps: vague scope, incomplete cloud-service inventories, MFA being available rather than enforced, unsupported software that was not surfaced, and supplier evidence that arrives too late.

The RightCyber route is structured to find those gaps before submission, and to leave the applicant able to maintain the controls year-round rather than only at renewal.

Each mission maps to specific A-references in the 2026 questionnaire, ends with a concrete action and an evidence target, and feeds into the included local desktop Builder.

The guidance is opinionated where opinions improve the outcome: separate admin accounts, MDM for BYOD, a deployed password manager, monthly patch reviews, and clear ownership of outsourced IT evidence.

Scope before answers

The workspace forces decisions about entity, sites, users, devices, cloud services, and suppliers before the technical controls.

Evidence over policy language

Guidance focuses on the configuration detail and records assessors use to decide whether an answer is credible.

Year-round controls

The goal is not a one-off certificate scramble. It is a repeatable operating rhythm for patching, access control, malware protection, and reviews.

Who is behind it

Built and maintained by Alec Pedersen.

RightCyber is built and run by one person, and that shapes the product: it stays deliberately narrow, the guidance is written in plain English rather than compliance-speak, and every change to the official scheme is read line by line before it reaches the Builder. Support emails land with the person who wrote the material.

The methodology is evidence-first: start with the official questionnaire references, identify what an assessor would need to believe each answer, then work backwards to the records, screenshots, registers, and decisions that make the answer defensible.

RightCyber is independent preparation support. It does not issue certificates, act as your certifying body, or guarantee certification.