Skip to main content

On-site assessments

We offer free on-site assessments to help your NHS organisation identify vulnerabilities and understand and overcome areas of high risk. This will help your organisation to achieve the Cyber Essentials Plus accreditation.

About on-site assessments  

The recommendation plan will help you to prioritise which actions to take to improve your organisation’s cyber security levels.   

These assessments are for NHS trusts and Commissioning Support Units (CSUs).


What the assessment involves 

You need to complete a self-assessment questionnaire two weeks before the assessment, to give you an overview of your current cyber security position.   

An independent team will carry out the four-day on-site assessment. This will involve a detailed technical review of your organisation’s workstations, providing evidence of compliance.  

Find out what the assessment covers by expanding each option: 

Access control management

Ensuring all staff can access systems and have the correct level of access to only the data that they need.

Malware protection

Verifying the effectiveness of protection mechanisms and the detection of malicious files entering the network via website and email traffic.

Log management

Checking that there is correct information being stored securely to support the investigation of a cyber incident.

Patch management

Looking at the capability to deploy updates to the hardware and software used across the organisation.

Threat and vulnerability management

Supporting the ability to identify cyber vulnerabilities and understanding the threat exposure.

After the assessment

You will receive a detailed report within 10 working days of the assessment, outlining the highest risks and critical areas. This report will include suggested actions and how we can support your organisation, including technical fixes, training and communications.  

To support progress, there will be a follow-up on-site assessment (lasting one day) two months later. A full review will be carried out annually.

Register for an on-site assessment 

To register for an assessment, email Please include the following information for two suitable contacts in your organisation: 

  • Names

  • Job roles

  • Email addresses

  • Phone numbers

The supplier will then be in touch to arrange your on-site assessment.  

Last edited: 8 November 2021 1:19 pm