Free Cyber Essentials Readiness Check: Test Your Compliance

Before spending money on Cyber Essentials certification, it makes sense to check whether your organisation is actually ready to pass. Fig offers a free readiness checker based on the NCSC Cyber Essentials Requirements v3.3 (April 2026) that tells you exactly where you stand.

What Is the Readiness Checker?

The readiness checker is an interactive self-assessment tool that walks you through each of the five Cyber Essentials control categories:

1. Firewalls – Are your internet connections properly protected?

2. Secure Configuration – Are devices configured to reduce vulnerabilities?

3. Security Update Management – Is software kept up to date?

4. User Access Control – Are accounts managed with least privilege and MFA?

5. Malware Protection – Is anti-malware deployed and maintained?

For each category, you answer targeted questions about your organisation's current setup. The checker provides immediate feedback on your readiness.

How Long Does It Take?

The full readiness check takes approximately 10–15 minutes. You will need to know basic details about your IT environment:

If you manage your own IT, you should know most of this already. If you use a managed IT provider, they can provide the details you need.

What Do You Get?

After completing the readiness check, you receive:

This is not a pass/fail test – it is a diagnostic tool. The goal is to help you identify and fix gaps before you invest in formal assessment, so you can pass first time.

Common Gaps the Checker Identifies

Based on the thousands of organisations that have used the tool, the most common gaps are:

MFA not enabled on all accounts – The v3.3 requirement is clear: every user account in scope must have MFA. Many organisations have MFA on admin accounts but not on standard user accounts. The readiness checker catches this.

Unsupported software – Devices running operating systems or applications that no longer receive security updates will fail the assessment. The checker asks about this specifically.

Default credentials – Routers, firewalls, and other devices that still use factory-default passwords are a common finding. Easy to fix, but easy to overlook.

Home worker devices out of scope – Many organisations forget to include home routers and BYOD devices in their scope assessment. The checker prompts you to consider these.

Shared user accounts – v3.3 requires individual accounts for each user. Shared accounts are a compliance gap.

From Readiness Check to Certification

If the readiness checker shows you are ready, the path to certification is straightforward:

1. Visit Fig's Cyber Essentials pricing page

2. Select your organisation size band

3. Purchase your Cyber Essentials certification

4. Complete the self-assessment questionnaire (the readiness checker will have prepared you for every question)

5. Submit before midday for same-day certification

If the checker identifies gaps, fix them first. Most gaps (enabling MFA, changing default passwords, updating software) can be resolved in a few hours to a few days.

Try It Now

The readiness checker is free, requires no account creation, and takes 10–15 minutes. There is no obligation to purchase certification afterwards – use it purely as a diagnostic tool if you prefer.

Take the readiness check now