

Most organizations today are heavily reliant on technology, regardless of the product or service they provide. This expands their data exposure points and potential attack surface, which is why there is a significant need to monitor the risks and vulnerabilities in the cybersecurity landscape.
Cyber Essentials (CE) is a UK government-backed cybersecurity framework designed to help organizations identify, monitor, and mitigate risks across their technology, policies, and security controls. It offers a systematic approach to oversight, encompassing all necessary practices to safeguard your systems and improve your organization’s security posture.
In this guide, you’ll learn all about the certification’s logistics and get an easy-to-follow eight-step process for getting accredited quickly.
What is Cyber Essentials?
Cyber Essentials is a UK government-backed security certification designed to help organizations of all sizes implement fundamental cybersecurity measures to protect their networks and systems.
The framework was launched by the National Cyber Security Centre (NCSC) in 2014 and is U.K.focused, though organizations outside the U.K. can also get certified by working with an accredited certification body.
What are the benefits of a Cyber Essentials accreditation?
Obtaining a Cyber Essentials certificate comes with various strategic and long-term benefits, such as:
- Access to lucrative government contracts (for UK-based organizations)
- Robust protection against various attacks through industry-standard security measures
- Stakeholder assurance and trust as a result of demonstrated security
- Complete visibility into an organization’s tech stack and security landscape
One of the advantages of Cyber Essentials is that you can start by self-assessing your compliance with the framework. You do not need to engage an accredited certification body for an external audit unless you’re pursuing Cyber Essentials Plus.
Cyber Essentials Plus offers a more advanced assurance that involves a third-party audit on top of the self-assessment questionnaire, as required for the base-level Cyber Essentials assessment.
{{cta_withimage23="/cta-modules"}} | Cyber Essentials Checklist
8 steps to obtaining a Cyber Essentials certificate
Whether you're pursuing Cyber Essentials or Cyber Essentials Plus certification, you can use the following steps for guidance:
- Download the CE self-assessment questionnaire (SAQ)
- Define your Cyber Essentials requirements
- Conduct a gap analysis
- Implement the identified controls
- Set up monitoring of networks and devices
- Train relevant team members
- Complete a self-assessment and apply for certification
- Pursue CE Plus certification (optional)
We’ll expand on each step below to help you prepare internally for certification.
Step 1: Download the CE self-assessment questionnaire (SAQ)
Start your CE certification process by downloading the self-assessment questionnaire (SAQ) from the IASME website. The questionnaire gives your security team the foundational awareness of what scope of security controls to expect relative to your technology footprint. For additional support and practical guidance, you can also download the following resources from the website:
- NCSC Requirements for Infrastructure
- Cyber Essentials Plus Illustrative Test Specification
Whenever you download the main questionnaire, make sure to look for the version applicable for your relevant timeframe. The NCSC updates the SAQ frequently so that the CE requirements and controls are aligned with the latest developments in the cybersecurity landscape. Every updated version of the CE questionnaire is effective from a specific date, which you should take into consideration.
Once you go through the SAQ and its accompanying resources, you may want to organize the certification workflow and timeline. It’s best to define task owners and milestones to maintain accountability during the process.
Step 2: Define your Cyber Essentials requirements
Next, you’ll define the CE scope for your organization. Your Cyber Essentials certification scope should ideally encompass your entire technology landscape. The goal is to get comprehensive protection for your systems, networks, and devices and prepare them to address identified risks and potential vulnerabilities.
Still, ensuring such a broad scope isn’t always possible. For example, if you might have isolated guest networks that don’t have access to wider confidential systems and data which can make them candidates to be excluded from the scope.
After defining the certification scope, you should familiarize yourself with the Cyber Essentials requirements across five core control areas:
The NCSC offers various resources you can consult to understand your specific obligations.
Step 3: Conduct a gap analysis
Examine your system’s current standing by conducting a robust gap analysis and determine how far you are from meeting the in-scope Cyber Essentials requirements.
This process may take some time, but it’s crucial to be thorough because the analysis will inform all the following certification steps.
For example, Cyber Essentials requires that authentication to cloud-based services must always use MFA. Upon examination, you might notice that you allow some user accounts to authenticate without MFA when they really should’ve been using it. You can then work with the relevant team to enforce MFA for those user accounts as well as the organization at large to help pass the control going forward.
All such gaps and corresponding action items should be documented for clarity. You may even want to create a checklist to streamline the process.
{{cta_withimage22="/cta-modules"}} | The Audit Ready Checklist
Step 4: Implement the identified controls
After creating an action plan, you should take steps to execute it according to priority. For example, if you prioritize secure configuration controls, you can complete the following activities:
- Disable or delete unnecessary accounts
- Change all default and easy-to-guess passwords
- Secure channels to prevent brute-force attacks
- Deploy anti-malware solutions
- Use multifactor authentication to secure user access
This step will likely require you to collaborate with all relevant departments, such as your IT, engineering, and operations teams. If other department heads need to make certain updates, it’s best to document the task owners and keep communication channels open to support implementation.
Step 5: Set up monitoring of networks and devices
After implementing all applicable controls, you’ll need to verify their effectiveness by monitoring your networks and devices. Doing so is essential for proactively resolving any issues before initiating the certification process.
The best practice is to record the critical information you’re monitoring in a report, detailing items like:
- Control application and maintenance
- Configurations of networks, devices, and other relevant infrastructure components
- Access control policies and review results
- Software update and security patch frequency
- Malware protection measures
The report should ideally be presented to a senior executive of your organization to verify that you’ve implemented the controls.
Keeping track of all this data can be a significant challenge if you do it manually. A better alternative is to implement a software solution that uses automation to give you real-time updates on the status of your controls.
{{cta_withimage23="/cta-modules"}} | Cyber Essentials Checklist
Step 6: Train relevant team members
The aim is to build a culture of security awareness that ensures you not only obtain a Cyber Essentials certificate but also effectively safeguard your organization in the long run.
Some of the key security aspects to cover in your training include:
- Account and password management: Teach employees to only log into accounts on authorized devices and secure networks. Develop and communicate a password policy that helps employees create strong passwords and secure them effectively.
- Social engineering attacks: Cyberattacks like phishing are quite elaborate and sometimes hard to detect, which makes them more dangerous than other attack types. Train your team to spot signs of phishing and develop a clear procedure for reporting a phishing attempt.
- Data sharing practices: Make sure your team members know how to securely share sensitive information online or offline. This is especially important for remote workers, who need to be mindful of device and network security.
Step 7: Complete a self-assessment and apply for certification
When you’re ready, you can complete the online self-assessment questionnaire and have it validated by a senior team member. Answer comprehensively to ensure your cybersecurity posture fully meets the necessary standards for obtaining the certificate.
Once you have the attested questionnaire, you can apply for certification to your chosen Certification Body (CB). You have to submit the questionnaire along with any supporting evidence and pay the relevant certification fee.
The CB will review your application and issue the publicly demonstrable certification if there are no further issues. On the other hand, the CB may also provide additional suggestions or remedial measures to fill gaps in your current cybersecurity posture. You can implement the measures and resubmit your application for review.
Step 8: Pursue CE Plus certification (optional)
After obtaining your base CE certification, you can pursue Cyber Essentials Plus certification within three months. You’ll have to prepare for the external third-party audit and vulnerability scan to add another layer of assurance testing for the validation process.
According to the latest changes made to Cyber Essentials Plus, your CE Plus assessment scope must match the scope of the base CE certification. You must also maintain and submit the relevant verification evidence to the CB. Examples of such evidence include:
- IT inventories
- Access control logs
- Firewall configurations
- Patch management policies
Regardless of what option you pursue, your CE certification would remain valid for 12 months, after which you’ll have to take steps for its renewal.
{{cta_testimonial7="/cta-modules"}} | CoachHub customer story
Streamline Cyber Essentials certification with Vanta
Cyber Essentials certification requires comprehensive evidence collection, controls monitoring, and self-assessments, and going about these processes manually might not be productive. To ensure efficiency and get certified faster, you can leverage a trust management platform like Vanta.
Vanta is an all-in-one security and compliance management solution, offering pre-built and custom workflows for 35+ frameworks, including Cyber Essentials. Vanta’s Cyber Essentials offering can automate and drive efficiency across several tasks so you can pursue all industry-standard certifications without overwhelming your team. Key functionalities include:
- Automated, hourly tests that provide real-time visibility into your compliance posture
- 375+ integrations for seamless monitoring and evidence collection
- Policy templates to support documentation
- Two-way auditor communication tool for efficient third-party assessments
Once you achieve your Cyber Essential certification, you can demonstrate it effortlessly with Vanta’s Trust Center. It lets you showcase all your security controls in order to build trust with the stakeholders you wish to partner with.
Vanta also offers continuous in-house guidance to help users achieve security and compliance goals. If you’re ready to pursue Cyber Essentials certification, schedule a Vanta demo today to see how the platform can help.
{{cta_simple32="/cta-modules"}} | Cyber Essentials product page
A note from Vanta: Vanta is not a law firm, and this article does not constitute or contain legal advice or create an attorney-client relationship. When determining your obligations and compliance with respect to relevant laws and regulations, you should consult a licensed attorney.
Preparing for Cyber Essentials Certification
How to get your Cyber Essentials certification: A process guide

Preparing for Cyber Essentials Certification

Most organizations today are heavily reliant on technology, regardless of the product or service they provide. This expands their data exposure points and potential attack surface, which is why there is a significant need to monitor the risks and vulnerabilities in the cybersecurity landscape.
Cyber Essentials (CE) is a UK government-backed cybersecurity framework designed to help organizations identify, monitor, and mitigate risks across their technology, policies, and security controls. It offers a systematic approach to oversight, encompassing all necessary practices to safeguard your systems and improve your organization’s security posture.
In this guide, you’ll learn all about the certification’s logistics and get an easy-to-follow eight-step process for getting accredited quickly.
What is Cyber Essentials?
Cyber Essentials is a UK government-backed security certification designed to help organizations of all sizes implement fundamental cybersecurity measures to protect their networks and systems.
The framework was launched by the National Cyber Security Centre (NCSC) in 2014 and is U.K.focused, though organizations outside the U.K. can also get certified by working with an accredited certification body.
What are the benefits of a Cyber Essentials accreditation?
Obtaining a Cyber Essentials certificate comes with various strategic and long-term benefits, such as:
- Access to lucrative government contracts (for UK-based organizations)
- Robust protection against various attacks through industry-standard security measures
- Stakeholder assurance and trust as a result of demonstrated security
- Complete visibility into an organization’s tech stack and security landscape
One of the advantages of Cyber Essentials is that you can start by self-assessing your compliance with the framework. You do not need to engage an accredited certification body for an external audit unless you’re pursuing Cyber Essentials Plus.
Cyber Essentials Plus offers a more advanced assurance that involves a third-party audit on top of the self-assessment questionnaire, as required for the base-level Cyber Essentials assessment.
{{cta_withimage23="/cta-modules"}} | Cyber Essentials Checklist
8 steps to obtaining a Cyber Essentials certificate
Whether you're pursuing Cyber Essentials or Cyber Essentials Plus certification, you can use the following steps for guidance:
- Download the CE self-assessment questionnaire (SAQ)
- Define your Cyber Essentials requirements
- Conduct a gap analysis
- Implement the identified controls
- Set up monitoring of networks and devices
- Train relevant team members
- Complete a self-assessment and apply for certification
- Pursue CE Plus certification (optional)
We’ll expand on each step below to help you prepare internally for certification.
Step 1: Download the CE self-assessment questionnaire (SAQ)
Start your CE certification process by downloading the self-assessment questionnaire (SAQ) from the IASME website. The questionnaire gives your security team the foundational awareness of what scope of security controls to expect relative to your technology footprint. For additional support and practical guidance, you can also download the following resources from the website:
- NCSC Requirements for Infrastructure
- Cyber Essentials Plus Illustrative Test Specification
Whenever you download the main questionnaire, make sure to look for the version applicable for your relevant timeframe. The NCSC updates the SAQ frequently so that the CE requirements and controls are aligned with the latest developments in the cybersecurity landscape. Every updated version of the CE questionnaire is effective from a specific date, which you should take into consideration.
Once you go through the SAQ and its accompanying resources, you may want to organize the certification workflow and timeline. It’s best to define task owners and milestones to maintain accountability during the process.
Step 2: Define your Cyber Essentials requirements
Next, you’ll define the CE scope for your organization. Your Cyber Essentials certification scope should ideally encompass your entire technology landscape. The goal is to get comprehensive protection for your systems, networks, and devices and prepare them to address identified risks and potential vulnerabilities.
Still, ensuring such a broad scope isn’t always possible. For example, if you might have isolated guest networks that don’t have access to wider confidential systems and data which can make them candidates to be excluded from the scope.
After defining the certification scope, you should familiarize yourself with the Cyber Essentials requirements across five core control areas:
The NCSC offers various resources you can consult to understand your specific obligations.
Step 3: Conduct a gap analysis
Examine your system’s current standing by conducting a robust gap analysis and determine how far you are from meeting the in-scope Cyber Essentials requirements.
This process may take some time, but it’s crucial to be thorough because the analysis will inform all the following certification steps.
For example, Cyber Essentials requires that authentication to cloud-based services must always use MFA. Upon examination, you might notice that you allow some user accounts to authenticate without MFA when they really should’ve been using it. You can then work with the relevant team to enforce MFA for those user accounts as well as the organization at large to help pass the control going forward.
All such gaps and corresponding action items should be documented for clarity. You may even want to create a checklist to streamline the process.
{{cta_withimage22="/cta-modules"}} | The Audit Ready Checklist
Step 4: Implement the identified controls
After creating an action plan, you should take steps to execute it according to priority. For example, if you prioritize secure configuration controls, you can complete the following activities:
- Disable or delete unnecessary accounts
- Change all default and easy-to-guess passwords
- Secure channels to prevent brute-force attacks
- Deploy anti-malware solutions
- Use multifactor authentication to secure user access
This step will likely require you to collaborate with all relevant departments, such as your IT, engineering, and operations teams. If other department heads need to make certain updates, it’s best to document the task owners and keep communication channels open to support implementation.
Step 5: Set up monitoring of networks and devices
After implementing all applicable controls, you’ll need to verify their effectiveness by monitoring your networks and devices. Doing so is essential for proactively resolving any issues before initiating the certification process.
The best practice is to record the critical information you’re monitoring in a report, detailing items like:
- Control application and maintenance
- Configurations of networks, devices, and other relevant infrastructure components
- Access control policies and review results
- Software update and security patch frequency
- Malware protection measures
The report should ideally be presented to a senior executive of your organization to verify that you’ve implemented the controls.
Keeping track of all this data can be a significant challenge if you do it manually. A better alternative is to implement a software solution that uses automation to give you real-time updates on the status of your controls.
{{cta_withimage23="/cta-modules"}} | Cyber Essentials Checklist
Step 6: Train relevant team members
The aim is to build a culture of security awareness that ensures you not only obtain a Cyber Essentials certificate but also effectively safeguard your organization in the long run.
Some of the key security aspects to cover in your training include:
- Account and password management: Teach employees to only log into accounts on authorized devices and secure networks. Develop and communicate a password policy that helps employees create strong passwords and secure them effectively.
- Social engineering attacks: Cyberattacks like phishing are quite elaborate and sometimes hard to detect, which makes them more dangerous than other attack types. Train your team to spot signs of phishing and develop a clear procedure for reporting a phishing attempt.
- Data sharing practices: Make sure your team members know how to securely share sensitive information online or offline. This is especially important for remote workers, who need to be mindful of device and network security.
Step 7: Complete a self-assessment and apply for certification
When you’re ready, you can complete the online self-assessment questionnaire and have it validated by a senior team member. Answer comprehensively to ensure your cybersecurity posture fully meets the necessary standards for obtaining the certificate.
Once you have the attested questionnaire, you can apply for certification to your chosen Certification Body (CB). You have to submit the questionnaire along with any supporting evidence and pay the relevant certification fee.
The CB will review your application and issue the publicly demonstrable certification if there are no further issues. On the other hand, the CB may also provide additional suggestions or remedial measures to fill gaps in your current cybersecurity posture. You can implement the measures and resubmit your application for review.
Step 8: Pursue CE Plus certification (optional)
After obtaining your base CE certification, you can pursue Cyber Essentials Plus certification within three months. You’ll have to prepare for the external third-party audit and vulnerability scan to add another layer of assurance testing for the validation process.
According to the latest changes made to Cyber Essentials Plus, your CE Plus assessment scope must match the scope of the base CE certification. You must also maintain and submit the relevant verification evidence to the CB. Examples of such evidence include:
- IT inventories
- Access control logs
- Firewall configurations
- Patch management policies
Regardless of what option you pursue, your CE certification would remain valid for 12 months, after which you’ll have to take steps for its renewal.
{{cta_testimonial7="/cta-modules"}} | CoachHub customer story
Streamline Cyber Essentials certification with Vanta
Cyber Essentials certification requires comprehensive evidence collection, controls monitoring, and self-assessments, and going about these processes manually might not be productive. To ensure efficiency and get certified faster, you can leverage a trust management platform like Vanta.
Vanta is an all-in-one security and compliance management solution, offering pre-built and custom workflows for 35+ frameworks, including Cyber Essentials. Vanta’s Cyber Essentials offering can automate and drive efficiency across several tasks so you can pursue all industry-standard certifications without overwhelming your team. Key functionalities include:
- Automated, hourly tests that provide real-time visibility into your compliance posture
- 375+ integrations for seamless monitoring and evidence collection
- Policy templates to support documentation
- Two-way auditor communication tool for efficient third-party assessments
Once you achieve your Cyber Essential certification, you can demonstrate it effortlessly with Vanta’s Trust Center. It lets you showcase all your security controls in order to build trust with the stakeholders you wish to partner with.
Vanta also offers continuous in-house guidance to help users achieve security and compliance goals. If you’re ready to pursue Cyber Essentials certification, schedule a Vanta demo today to see how the platform can help.
{{cta_simple32="/cta-modules"}} | Cyber Essentials product page
A note from Vanta: Vanta is not a law firm, and this article does not constitute or contain legal advice or create an attorney-client relationship. When determining your obligations and compliance with respect to relevant laws and regulations, you should consult a licensed attorney.
What’s a Rich Text element?
What’s a Rich Text element?The rich text element allows you to create and format headings, paragraphs, blockquotes, images, and video all in one place instead of having to add and format them individually. Just double-click and easily create content.
The rich text element allows you to create and format headings, paragraphs, blockquotes, images, and video all in one place instead of having to add and format them individually. Just double-click and easily create content.Static and dynamic content editing
Static and dynamic content editingA rich text element can be used with static or dynamic content. For static content, just drop it into any page and begin editing. For dynamic content, add a rich text field to any collection and then connect a rich text element to that field in the settings panel. Voila!
A rich text element can be used with static or dynamic content. For static content, just drop it into any page and begin editing. For dynamic content, add a rich text field to any collection and then connect a rich text element to that field in the settings panel. Voila!How to customize formatting for each rich text
How to customize formatting for each rich textHeadings, paragraphs, blockquotes, figures, images, and figure captions can all be styled after a class is added to the rich text element using the "When inside of" nested selector system.
Headings, paragraphs, blockquotes, figures, images, and figure captions can all be styled after a class is added to the rich text element using the "When inside of" nested selector system.Lorem ipsum dolor sit amet, consectetur adipiscing elit. Suspendisse varius enim in eros elementum tristique. Duis cursus, mi quis viverra ornare, eros dolor interdum nulla, ut commodo diam libero vitae erat. Aenean faucibus nibh et justo cursus id rutrum lorem imperdiet. Nunc ut sem vitae risus tristique posuere.
What’s a Rich Text element?
What’s a Rich Text element?The rich text element allows you to create and format headings, paragraphs, blockquotes, images, and video all in one place instead of having to add and format them individually. Just double-click and easily create content.
The rich text element allows you to create and format headings, paragraphs, blockquotes, images, and video all in one place instead of having to add and format them individually. Just double-click and easily create content.Static and dynamic content editing
Static and dynamic content editingA rich text element can be used with static or dynamic content. For static content, just drop it into any page and begin editing. For dynamic content, add a rich text field to any collection and then connect a rich text element to that field in the settings panel. Voila!
A rich text element can be used with static or dynamic content. For static content, just drop it into any page and begin editing. For dynamic content, add a rich text field to any collection and then connect a rich text element to that field in the settings panel. Voila!How to customize formatting for each rich text
How to customize formatting for each rich textHeadings, paragraphs, blockquotes, figures, images, and figure captions can all be styled after a class is added to the rich text element using the "When inside of" nested selector system.
Headings, paragraphs, blockquotes, figures, images, and figure captions can all be styled after a class is added to the rich text element using the "When inside of" nested selector system.Lorem ipsum dolor sit amet, consectetur adipiscing elit. Suspendisse varius enim in eros elementum tristique. Duis cursus, mi quis viverra ornare, eros dolor interdum nulla, ut commodo diam libero vitae erat. Aenean faucibus nibh et justo cursus id rutrum lorem imperdiet. Nunc ut sem vitae risus tristique posuere.
What’s a Rich Text element?
What’s a Rich Text element?The rich text element allows you to create and format headings, paragraphs, blockquotes, images, and video all in one place instead of having to add and format them individually. Just double-click and easily create content.
The rich text element allows you to create and format headings, paragraphs, blockquotes, images, and video all in one place instead of having to add and format them individually. Just double-click and easily create content.Static and dynamic content editing
Static and dynamic content editingA rich text element can be used with static or dynamic content. For static content, just drop it into any page and begin editing. For dynamic content, add a rich text field to any collection and then connect a rich text element to that field in the settings panel. Voila!
A rich text element can be used with static or dynamic content. For static content, just drop it into any page and begin editing. For dynamic content, add a rich text field to any collection and then connect a rich text element to that field in the settings panel. Voila!How to customize formatting for each rich text
How to customize formatting for each rich textHeadings, paragraphs, blockquotes, figures, images, and figure captions can all be styled after a class is added to the rich text element using the "When inside of" nested selector system.
Headings, paragraphs, blockquotes, figures, images, and figure captions can all be styled after a class is added to the rich text element using the "When inside of" nested selector system.Lorem ipsum dolor sit amet, consectetur adipiscing elit. Suspendisse varius enim in eros elementum tristique. Duis cursus, mi quis viverra ornare, eros dolor interdum nulla, ut commodo diam libero vitae erat. Aenean faucibus nibh et justo cursus id rutrum lorem imperdiet. Nunc ut sem vitae risus tristique posuere.

What’s a Rich Text element?
What’s a Rich Text element?The rich text element allows you to create and format headings, paragraphs, blockquotes, images, and video all in one place instead of having to add and format them individually. Just double-click and easily create content.
The rich text element allows you to create and format headings, paragraphs, blockquotes, images, and video all in one place instead of having to add and format them individually. Just double-click and easily create content.Static and dynamic content editing
Static and dynamic content editingA rich text element can be used with static or dynamic content. For static content, just drop it into any page and begin editing. For dynamic content, add a rich text field to any collection and then connect a rich text element to that field in the settings panel. Voila!
A rich text element can be used with static or dynamic content. For static content, just drop it into any page and begin editing. For dynamic content, add a rich text field to any collection and then connect a rich text element to that field in the settings panel. Voila!How to customize formatting for each rich text
How to customize formatting for each rich textHeadings, paragraphs, blockquotes, figures, images, and figure captions can all be styled after a class is added to the rich text element using the "When inside of" nested selector system.
Headings, paragraphs, blockquotes, figures, images, and figure captions can all be styled after a class is added to the rich text element using the "When inside of" nested selector system.Lorem ipsum dolor sit amet, consectetur adipiscing elit. Suspendisse varius enim in eros elementum tristique. Duis cursus, mi quis viverra ornare, eros dolor interdum nulla, ut commodo diam libero vitae erat. Aenean faucibus nibh et justo cursus id rutrum lorem imperdiet. Nunc ut sem vitae risus tristique posuere.

What’s a Rich Text element?
What’s a Rich Text element?The rich text element allows you to create and format headings, paragraphs, blockquotes, images, and video all in one place instead of having to add and format them individually. Just double-click and easily create content.
The rich text element allows you to create and format headings, paragraphs, blockquotes, images, and video all in one place instead of having to add and format them individually. Just double-click and easily create content.Static and dynamic content editing
Static and dynamic content editingA rich text element can be used with static or dynamic content. For static content, just drop it into any page and begin editing. For dynamic content, add a rich text field to any collection and then connect a rich text element to that field in the settings panel. Voila!
A rich text element can be used with static or dynamic content. For static content, just drop it into any page and begin editing. For dynamic content, add a rich text field to any collection and then connect a rich text element to that field in the settings panel. Voila!How to customize formatting for each rich text
How to customize formatting for each rich textHeadings, paragraphs, blockquotes, figures, images, and figure captions can all be styled after a class is added to the rich text element using the "When inside of" nested selector system.
Headings, paragraphs, blockquotes, figures, images, and figure captions can all be styled after a class is added to the rich text element using the "When inside of" nested selector system.Lorem ipsum dolor sit amet, consectetur adipiscing elit. Suspendisse varius enim in eros elementum tristique. Duis cursus, mi quis viverra ornare, eros dolor interdum nulla, ut commodo diam libero vitae erat. Aenean faucibus nibh et justo cursus id rutrum lorem imperdiet. Nunc ut sem vitae risus tristique posuere.

What’s a Rich Text element?
What’s a Rich Text element?The rich text element allows you to create and format headings, paragraphs, blockquotes, images, and video all in one place instead of having to add and format them individually. Just double-click and easily create content.
The rich text element allows you to create and format headings, paragraphs, blockquotes, images, and video all in one place instead of having to add and format them individually. Just double-click and easily create content.Static and dynamic content editing
Static and dynamic content editingA rich text element can be used with static or dynamic content. For static content, just drop it into any page and begin editing. For dynamic content, add a rich text field to any collection and then connect a rich text element to that field in the settings panel. Voila!
A rich text element can be used with static or dynamic content. For static content, just drop it into any page and begin editing. For dynamic content, add a rich text field to any collection and then connect a rich text element to that field in the settings panel. Voila!How to customize formatting for each rich text
How to customize formatting for each rich textHeadings, paragraphs, blockquotes, figures, images, and figure captions can all be styled after a class is added to the rich text element using the "When inside of" nested selector system.
Headings, paragraphs, blockquotes, figures, images, and figure captions can all be styled after a class is added to the rich text element using the "When inside of" nested selector system.Lorem ipsum dolor sit amet, consectetur adipiscing elit. Suspendisse varius enim in eros elementum tristique. Duis cursus, mi quis viverra ornare, eros dolor interdum nulla, ut commodo diam libero vitae erat. Aenean faucibus nibh et justo cursus id rutrum lorem imperdiet. Nunc ut sem vitae risus tristique posuere.

What’s a Rich Text element?
What’s a Rich Text element?The rich text element allows you to create and format headings, paragraphs, blockquotes, images, and video all in one place instead of having to add and format them individually. Just double-click and easily create content.
The rich text element allows you to create and format headings, paragraphs, blockquotes, images, and video all in one place instead of having to add and format them individually. Just double-click and easily create content.Static and dynamic content editing
Static and dynamic content editingA rich text element can be used with static or dynamic content. For static content, just drop it into any page and begin editing. For dynamic content, add a rich text field to any collection and then connect a rich text element to that field in the settings panel. Voila!
A rich text element can be used with static or dynamic content. For static content, just drop it into any page and begin editing. For dynamic content, add a rich text field to any collection and then connect a rich text element to that field in the settings panel. Voila!How to customize formatting for each rich text
How to customize formatting for each rich textHeadings, paragraphs, blockquotes, figures, images, and figure captions can all be styled after a class is added to the rich text element using the "When inside of" nested selector system.
Headings, paragraphs, blockquotes, figures, images, and figure captions can all be styled after a class is added to the rich text element using the "When inside of" nested selector system.Lorem ipsum dolor sit amet, consectetur adipiscing elit. Suspendisse varius enim in eros elementum tristique. Duis cursus, mi quis viverra ornare, eros dolor interdum nulla, ut commodo diam libero vitae erat. Aenean faucibus nibh et justo cursus id rutrum lorem imperdiet. Nunc ut sem vitae risus tristique posuere.
What’s a Rich Text element?
What’s a Rich Text element?The rich text element allows you to create and format headings, paragraphs, blockquotes, images, and video all in one place instead of having to add and format them individually. Just double-click and easily create content.
The rich text element allows you to create and format headings, paragraphs, blockquotes, images, and video all in one place instead of having to add and format them individually. Just double-click and easily create content.Static and dynamic content editing
Static and dynamic content editingA rich text element can be used with static or dynamic content. For static content, just drop it into any page and begin editing. For dynamic content, add a rich text field to any collection and then connect a rich text element to that field in the settings panel. Voila!
A rich text element can be used with static or dynamic content. For static content, just drop it into any page and begin editing. For dynamic content, add a rich text field to any collection and then connect a rich text element to that field in the settings panel. Voila!How to customize formatting for each rich text
How to customize formatting for each rich textHeadings, paragraphs, blockquotes, figures, images, and figure captions can all be styled after a class is added to the rich text element using the "When inside of" nested selector system.
Headings, paragraphs, blockquotes, figures, images, and figure captions can all be styled after a class is added to the rich text element using the "When inside of" nested selector system.Lorem ipsum dolor sit amet, consectetur adipiscing elit. Suspendisse varius enim in eros elementum tristique. Duis cursus, mi quis viverra ornare, eros dolor interdum nulla, ut commodo diam libero vitae erat. Aenean faucibus nibh et justo cursus id rutrum lorem imperdiet. Nunc ut sem vitae risus tristique posuere.
Role: | GRC responsibilities: |
---|---|
Board of directors | Central to the overarching GRC strategy, this group sets the direction for the compliance strategy. They determine which standards and regulations are necessary for compliance and align the GRC strategy with business objectives. |
Chief financial officer | Primary responsibility for the success of the GRC program and for reporting results to the board. |
Operations managers from relevant departments | This group owns processes. They are responsible for the success and direction of risk management and compliance within their departments. |
Representatives from relevant departments | These are the activity owners. These team members are responsible for carrying out specific compliance and risk management tasks within their departments and for integrating these tasks into their workflows. |
Contract managers from relevant department | These team members are responsible for managing interactions with vendors and other third parties in their department to ensure all risk management and compliance measures are being taken. |
Chief information security officer (CISO) | Defines the organization’s information security policy, designs risk and vulnerability assessments, and develops information security policies. |
Data protection officer (DPO) or legal counsel | Develops goals for data privacy based on legal regulations and other compliance needs, designs and implements privacy policies and practices, and assesses these practices for effectiveness. |
GRC lead | Responsible for overseeing the execution of the GRC program in collaboration with the executive team as well as maintaining the organization’s library of security controls. |
Cybersecurity analyst(s) | Implements and monitors cybersecurity measures that are in line with the GRC program and business objectives. |
Compliance analyst(s) | Monitors the organization’s compliance with all regulations and standards necessary, identifies any compliance gaps, and works to mitigate them. |
Risk analyst(s) | Carries out the risk management program for the organization and serves as a resource for risk management across various departments, including identifying, mitigating, and monitoring risks. |
IT security specialist(s) | Implements security controls within the IT system in coordination with the cybersecurity analyst(s). |