Cyber Essentials
DashboardSign Out

Lesson 10.3 — Completing the Cyber Essentials questionnaire: answer quality, consistency, assessor comments and avoiding common submission mistakes

This lesson helps the learner complete the Cyber Essentials self-assessment questionnaire with clear, accurate and evidence-supported answers.

What You'll Be Able to Do

By the end of this lesson, you will be able to:

  • prepare questionnaire answers that are clear
  • consistent
  • evidence-backed and aligned to the declared scope. The learner should also be able to identify weak answers
  • correct contradictions
  • respond to assessor comments professionally
  • complete a final answer quality review before submission.

Why This Matters

It explains how to answer the questionnaire without overclaiming, how to keep answers consistent with scope and evidence, how to handle “yes”, “no”, “not applicable” and free-text responses, how to respond to assessor comments, and how to avoid common submission mistakes.

The Core Rule

The Cyber Essentials questionnaire should be completed from evidence, not from memory.

Every answer should match the declared scope, avoid overclaiming, and be consistent with the rest of the submission.

What the CE Assessor Looks For

A strong position shows:

  • scope is clear;
  • answers match the evidence;
  • answers are consistent across sections;
  • free-text answers are specific but concise;
  • not applicable answers are justified;
  • supplier responsibilities are explained;

Copy This

Keep this rule visible:

Do not try to sound compliant. Describe what is actually true, prove it with evidence, and fix material gaps before submission.

Quick Checklist

Before moving on, make sure you can say yes to these:

  • [ ] Why should the questionnaire be completed from evidence rather than memory?
  • [ ] Why is the word “all” risky in questionnaire answers?
  • [ ] When should “not applicable” be used?
  • [ ] Why is “supplier-managed” not automatically “not applicable”?
  • [ ] What makes a strong free-text answer?

Your Action

Do this now — it takes 10–20 minutes.

Do a dry run: open the CE questionnaire and answer every question using only your evidence document. Note where you cannot answer confidently.

Key Takeaway

Do not try to sound compliant. Describe what is actually true, prove it with evidence, and fix material gaps before submission.

Your Workbook Activity

Complete: Cyber Essentials questionnaire answer quality and submission review record

Next Lesson

In the next lesson: Final remediation sprint: fixing gaps before submission, prioritising controls and preparing for Cyber Essentials Plus

Up next

Final remediation sprint

Run a focused remediation sprint to close high-impact gaps before final submission.