Skip to main content

Technical remediation

Our free technical remediation service offers support to NHS organisations to help improve technical policies for existing technology and systems to help you achieve the Cyber Essentials Plus accreditation and Cyber Essentials Plus (CE+) equivalence.

About technical remediation  

If your organisation has already had an on-site assessment, this service will help to create or improve technical policies governing:  

Access management 

Firewall management  

Threat and vulnerability management    

It also offers a configuration review of your internet perimeter firewall


Technical remediation will help your organisation to:  

Achieve the Cyber Essentials Plus accreditation (mandatory from 2021) and Cyber Essentials Plus (CE+) equivalence.

Fulfil its obligations under the Network and Information Systems (NIS) directive and prepare for the cyber security element of the Care Quality Commission (CQC) inspection

What it involves 

The work is remote and takes around five days, depending on which areas of technical remediation you need support with. It’s delivered by MTI, our specialist supplier.  

The impact on your organisation is minimal. The supplier will contact relevant staff to discuss how to respond to high-level issues highlighted in your remediation plan.   

Help is available to resolve any technical fixes identified, which could include on-site work. This option will be mapped out and agreed, so all parties understand what is required.  

Find out about which areas are covered by expanding each option:

Firewall review

A review of your firewall management and configuration, including:  

  • your organisation’s policy and procedures for firewall management  
  • architecture  
  • firewall operating system  
  • access control  
  • firewall administration ports  
  • rules, groups and objects:  
  • for incoming and outgoing internet channels  
  • between internal networks and any publicly accessible Wi-Fi  
  • between segregated un-patchable devices and internal networks  
  • assurance that appropriate logging is enabled and logs are being reviewed  
Identify and access management review 

A review of your HR, identity and access management policies and procedures (including suppliers and contractors working on the organisation’s network).  

This includes:  

  • starters  
  • leavers  
  • movers  
  • password reset  
  • a regular review of access rights to systems, applications, data and facilities (such as data centres, server rooms and information archives)  
Threat and vulnerability management review 

A review of your policies and procedures relating to potential threats and vulnerabilities that could potentially impact your organisation, including:  

  • security updates  
  • vulnerability detection and monitoring  
  • asset and configuration management  
  • patching  
  • data back-up and restore (including disaster recovery)  
  • data loss and theft  
  • awareness and training  
  • provision of redundancy (single points of failure)  
  • supplier selection and management  

Register for technical remediation  

To register, or to find out more, please email us directly at  

Last edited: 30 April 2020 8:31 am