
According to the 2024 State of Trust Report, cybersecurity threats are the number one concern for UK businesses. Considering the ever-evolving threat landscape and increasingly elaborate cyber attacks, this doesn’t come as a surprise.
To protect your organization and ensure operational continuity, you can adopt a security framework like Cyber Essentials. This industry-accepted certification program helps organizations improve their cybersecurity posture and enhance their resilience through various effective controls.
Cyber Essentials is applicable regardless of your sector and comes with five control areas you should understand if you decide to pursue certification. This guide covers the framework’s scope and explores each control area in more detail to give you a head start.
Cyber Essentials scope: A quick overview
Unlike many security frameworks with a potentially complex and confusing structure, Cyber Essentials is relatively straightforward. It encompasses five critical control areas organizations should focus on to protect themselves from common security threats, such as malware, phishing attacks, or insider threats. Each control area covers specific, prescriptive controls you should implement to fortify your security posture.
To further simplify compliance, Cyber Essentials uses the same controls across its two certification levels:
- Cyber Essentials: Base-level certification that requires a self-assessment against the framework’s controls using a dedicated questionnaire
- Cyber Essentials Plus: Advanced certification that requires an independent audit in addition to a self-assessment
The main difference between the two levels is the third-party audit, which provides additional assurance to organizations looking to validate the effectiveness of their controls.
Cyber Essentials covers a broad scope, regardless of your chosen certification level. The framework’s controls cover an organization’s entire IT infrastructure, making it highly beneficial for minimizing the potential attack surface. However, remember that Cyber Essentials Plus is mandatory if your organization plans to bid on most government contracts, ensuring compliance with public sector requirements. Also, keep in mind that the CE requirements are expected to be updated in April 2025 (v3.2), introducing potential changes to the certification process.
{{cta_withimage23="/cta-modules"}} | Cyber Essentials Checklist
5 Cyber Essentials control areas explained
The five control areas of Cyber Essentials are:

- Secure configuration
- Firewalls
- Malware protection
- Security update management
- Firewalls
Below, we’ll cover each control’s objective, share examples, and highlight key points you should remember.
1. Secure Configuration
This control area focuses on how your devices, networks, and other IT components are configured. It aims to reduce cybersecurity risks by ensuring proper configuration and restricting devices and networks to only the essential services they require.
The main idea behind this area’s controls is that out-of-the-box security configurations include numerous weak points that malicious parties might exploit, such as:
- Publicly known administrative passwords without additional protection layers
- Easy-to-guess default passwords
- Built-in but unnecessary user accounts and services
Besides the obvious requirements like changing the default passwords of your IT components, this control area encompasses several key controls, most notably:
- Removing or disabling guest accounts, unnecessary administrative accounts, and all other unused accounts
- Requiring user authentication to access the organization’s data and services
- Disabling auto-run features that could execute files without user permission
- Setting up adequate device locking controls
- Removing or disabling system utilities, applications, and other software that’s not in use
{{cta_withimage22="/cta-modules"}} | The Audit Ready Checklist
2. User Access Control
Cyber Essentials emphasizes the importance of restricting account access to authorized users only and limiting it to essential components of the IT infrastructure. These objectives are the focal point of this control area, applying to all hardware and software within an organization’s IT ecosystem.
The control area focuses on administrative user accounts due to their privileged status, which allows them to make considerable changes to an organization’s software and operating systems. If a malicious party compromises an administrative account, they can cause various forms of damage, such as:
- Stealing or corrupting sensitive information
- Gaining access to other accounts or devices
- Considerably disrupting an organization’s processes
Cyber Essentials prescribes various controls to prevent these issues, such as:
- Removing or disabling access privileges as they become unnecessary
- Having a documented process for creating and approving user accounts
- Implementing multi-factor authentication (MFA), especially on cloud-based services
- Using password-based authentication capable of preventing brute-force attacks
- Using separate accounts for administrative activities
3. Malware Protection
Malware can take various forms, and Cyber Essentials helps you protect your organization through preventive and curative controls. The former is particularly important, so this control area mainly focuses on restricting malware execution.
Different types of malware can reach your organization through various entry points, such as:
- Email attachments
- Unauthorized software
- Downloads (media files, documents, etc.)
Restricting these pathways is crucial for malware protection, but it’s equally important to implement security measures that block malicious software from running, even if it infiltrates your devices.
To help make this happen, Cyber Essentials encompasses the following controls:
- Having an active, up-to-date malware protection mechanism on all in-scope devices
- Using anti-malware software, application allow-listing, or both
- Using software with built-in anti-malware features or purchasing dedicated third-party solutions
4. Security Update Management
Most software includes regular updates with security patches and bug fixes. Cyber Essentials strongly recommends using such software to protect your IT infrastructure from vulnerabilities for which fixes are readily available.
Considering the ever-evolving cyber threat landscape, security vulnerabilities are virtually unavoidable. They’re routinely found during security reviews, and addressing them as quickly as possible is crucial. Otherwise, a malicious party can act swiftly and exploit the vulnerability. They can then cause different types of damage to your IT infrastructure and the entire organization.
The good news is that most software vendors are aware of this issue and actively address it through regular updates. To help you leverage such protection, Cyber Essentials encompasses the following controls:
- Using licensed, supported software
- Enabling automatic updates wherever possible
- Ensuring software is updated either automatically or manually within 14 days of an update release
- Uninstalling software from devices once it is no longer supported
{{cta_withimage23="/cta-modules"}} | Cyber Essentials Checklist
5. Firewalls
This area encompasses various technical controls to ensure secure access to network services and minimize access to necessary activities only. It applies to both boundary and software firewalls, the specifics of which are discussed in the following table:
Regardless of the firewall type, your organization must meet various requirements within this control area, such as:
- Ensuring unauthenticated inbound connections are blocked by default
- Using unique, strong administrative passwords instead of the default ones
- Removing or disabling firewall rules when they become unnecessary
- Ensuring all inbound firewall rules are reviewed and approved by an authorized individual (with accompanying documentation)
- Setting up software firewalls on all devices that may connect to unsecured networks
How to meet the Cyber Essentials control requirements
After understanding all the Cyber Essentials control areas and specific controls, compare them to your current security posture to conduct a thorough gap analysis and develop a comprehensive remediation strategy.
Some of the specific activities you should complete during this process include:
- Policy reviews: Many Cyber Essentials controls are procedural, so you should review your current security policies to determine if they need adjustments to meet the necessary requirements
- Vulnerability scans: Specialized software can help scan your IT infrastructure for weaknesses and identify which Cyber Essentials technical controls you should implement to fortify your systems’ resilience against cyber attacks
- Access reviews: Besides the initial access review you’ll use to identify Cyber Essentials compliance gaps, you should conduct periodic reviews to ensure user access is limited to the necessary devices, networks, and systems
Your IT team will play an essential role in these tasks, so ensure you get their buy-in by highlighting the value of Cyber Essentials compliance. You may need to implement various changes during gap remediation, so consult the IT team on the best approach to doing so gradually and without operational disruptions.
These changes might also be laborious and resource-intensive, putting considerable stress on the affected teams and your budget. To avoid extensive costs and lengthy compliance timelines, you can use dedicated automation software to comply with Cyber Essentials more efficiently.
Optimize Cyber Essentials implementation workflows with Vanta
Vanta is a comprehensive trust management platform that automates up to 70% of Cyber Essentials workflows, helping you implement the related controls with minimal manual work. The platform streamlines activities throughout the compliance process, freeing more time for meaningful work.
Such time savings are enabled by Vanta’s Cyber Essentials product, which offers various helpful features, such as:
- Automated evidence collection supported by over 375 integrations with popular software
- Centralized control documentation for simplified demonstration of your security posture
- Expert guidance throughout the Cyber Essentials certification process
Schedule a custom demo to learn more about Vanta and see the platform in action.
{{cta_simple32="/cta-modules"}} | Cyber Essentials product page
A note from Vanta: Vanta is not a law firm, and this article does not constitute or contain legal advice or create an attorney-client relationship. When determining your obligations and compliance with respect to relevant laws and regulations, you should consult a licensed attorney.
Preparing for Cyber Essentials Certification
A breakdown of the 5 Cyber Essentials controls

Preparing for Cyber Essentials Certification
According to the 2024 State of Trust Report, cybersecurity threats are the number one concern for UK businesses. Considering the ever-evolving threat landscape and increasingly elaborate cyber attacks, this doesn’t come as a surprise.
To protect your organization and ensure operational continuity, you can adopt a security framework like Cyber Essentials. This industry-accepted certification program helps organizations improve their cybersecurity posture and enhance their resilience through various effective controls.
Cyber Essentials is applicable regardless of your sector and comes with five control areas you should understand if you decide to pursue certification. This guide covers the framework’s scope and explores each control area in more detail to give you a head start.
Cyber Essentials scope: A quick overview
Unlike many security frameworks with a potentially complex and confusing structure, Cyber Essentials is relatively straightforward. It encompasses five critical control areas organizations should focus on to protect themselves from common security threats, such as malware, phishing attacks, or insider threats. Each control area covers specific, prescriptive controls you should implement to fortify your security posture.
To further simplify compliance, Cyber Essentials uses the same controls across its two certification levels:
- Cyber Essentials: Base-level certification that requires a self-assessment against the framework’s controls using a dedicated questionnaire
- Cyber Essentials Plus: Advanced certification that requires an independent audit in addition to a self-assessment
The main difference between the two levels is the third-party audit, which provides additional assurance to organizations looking to validate the effectiveness of their controls.
Cyber Essentials covers a broad scope, regardless of your chosen certification level. The framework’s controls cover an organization’s entire IT infrastructure, making it highly beneficial for minimizing the potential attack surface. However, remember that Cyber Essentials Plus is mandatory if your organization plans to bid on most government contracts, ensuring compliance with public sector requirements. Also, keep in mind that the CE requirements are expected to be updated in April 2025 (v3.2), introducing potential changes to the certification process.
{{cta_withimage23="/cta-modules"}} | Cyber Essentials Checklist
5 Cyber Essentials control areas explained
The five control areas of Cyber Essentials are:

- Secure configuration
- Firewalls
- Malware protection
- Security update management
- Firewalls
Below, we’ll cover each control’s objective, share examples, and highlight key points you should remember.
1. Secure Configuration
This control area focuses on how your devices, networks, and other IT components are configured. It aims to reduce cybersecurity risks by ensuring proper configuration and restricting devices and networks to only the essential services they require.
The main idea behind this area’s controls is that out-of-the-box security configurations include numerous weak points that malicious parties might exploit, such as:
- Publicly known administrative passwords without additional protection layers
- Easy-to-guess default passwords
- Built-in but unnecessary user accounts and services
Besides the obvious requirements like changing the default passwords of your IT components, this control area encompasses several key controls, most notably:
- Removing or disabling guest accounts, unnecessary administrative accounts, and all other unused accounts
- Requiring user authentication to access the organization’s data and services
- Disabling auto-run features that could execute files without user permission
- Setting up adequate device locking controls
- Removing or disabling system utilities, applications, and other software that’s not in use
{{cta_withimage22="/cta-modules"}} | The Audit Ready Checklist
2. User Access Control
Cyber Essentials emphasizes the importance of restricting account access to authorized users only and limiting it to essential components of the IT infrastructure. These objectives are the focal point of this control area, applying to all hardware and software within an organization’s IT ecosystem.
The control area focuses on administrative user accounts due to their privileged status, which allows them to make considerable changes to an organization’s software and operating systems. If a malicious party compromises an administrative account, they can cause various forms of damage, such as:
- Stealing or corrupting sensitive information
- Gaining access to other accounts or devices
- Considerably disrupting an organization’s processes
Cyber Essentials prescribes various controls to prevent these issues, such as:
- Removing or disabling access privileges as they become unnecessary
- Having a documented process for creating and approving user accounts
- Implementing multi-factor authentication (MFA), especially on cloud-based services
- Using password-based authentication capable of preventing brute-force attacks
- Using separate accounts for administrative activities
3. Malware Protection
Malware can take various forms, and Cyber Essentials helps you protect your organization through preventive and curative controls. The former is particularly important, so this control area mainly focuses on restricting malware execution.
Different types of malware can reach your organization through various entry points, such as:
- Email attachments
- Unauthorized software
- Downloads (media files, documents, etc.)
Restricting these pathways is crucial for malware protection, but it’s equally important to implement security measures that block malicious software from running, even if it infiltrates your devices.
To help make this happen, Cyber Essentials encompasses the following controls:
- Having an active, up-to-date malware protection mechanism on all in-scope devices
- Using anti-malware software, application allow-listing, or both
- Using software with built-in anti-malware features or purchasing dedicated third-party solutions
4. Security Update Management
Most software includes regular updates with security patches and bug fixes. Cyber Essentials strongly recommends using such software to protect your IT infrastructure from vulnerabilities for which fixes are readily available.
Considering the ever-evolving cyber threat landscape, security vulnerabilities are virtually unavoidable. They’re routinely found during security reviews, and addressing them as quickly as possible is crucial. Otherwise, a malicious party can act swiftly and exploit the vulnerability. They can then cause different types of damage to your IT infrastructure and the entire organization.
The good news is that most software vendors are aware of this issue and actively address it through regular updates. To help you leverage such protection, Cyber Essentials encompasses the following controls:
- Using licensed, supported software
- Enabling automatic updates wherever possible
- Ensuring software is updated either automatically or manually within 14 days of an update release
- Uninstalling software from devices once it is no longer supported
{{cta_withimage23="/cta-modules"}} | Cyber Essentials Checklist
5. Firewalls
This area encompasses various technical controls to ensure secure access to network services and minimize access to necessary activities only. It applies to both boundary and software firewalls, the specifics of which are discussed in the following table:
Regardless of the firewall type, your organization must meet various requirements within this control area, such as:
- Ensuring unauthenticated inbound connections are blocked by default
- Using unique, strong administrative passwords instead of the default ones
- Removing or disabling firewall rules when they become unnecessary
- Ensuring all inbound firewall rules are reviewed and approved by an authorized individual (with accompanying documentation)
- Setting up software firewalls on all devices that may connect to unsecured networks
How to meet the Cyber Essentials control requirements
After understanding all the Cyber Essentials control areas and specific controls, compare them to your current security posture to conduct a thorough gap analysis and develop a comprehensive remediation strategy.
Some of the specific activities you should complete during this process include:
- Policy reviews: Many Cyber Essentials controls are procedural, so you should review your current security policies to determine if they need adjustments to meet the necessary requirements
- Vulnerability scans: Specialized software can help scan your IT infrastructure for weaknesses and identify which Cyber Essentials technical controls you should implement to fortify your systems’ resilience against cyber attacks
- Access reviews: Besides the initial access review you’ll use to identify Cyber Essentials compliance gaps, you should conduct periodic reviews to ensure user access is limited to the necessary devices, networks, and systems
Your IT team will play an essential role in these tasks, so ensure you get their buy-in by highlighting the value of Cyber Essentials compliance. You may need to implement various changes during gap remediation, so consult the IT team on the best approach to doing so gradually and without operational disruptions.
These changes might also be laborious and resource-intensive, putting considerable stress on the affected teams and your budget. To avoid extensive costs and lengthy compliance timelines, you can use dedicated automation software to comply with Cyber Essentials more efficiently.
Optimize Cyber Essentials implementation workflows with Vanta
Vanta is a comprehensive trust management platform that automates up to 70% of Cyber Essentials workflows, helping you implement the related controls with minimal manual work. The platform streamlines activities throughout the compliance process, freeing more time for meaningful work.
Such time savings are enabled by Vanta’s Cyber Essentials product, which offers various helpful features, such as:
- Automated evidence collection supported by over 375 integrations with popular software
- Centralized control documentation for simplified demonstration of your security posture
- Expert guidance throughout the Cyber Essentials certification process
Schedule a custom demo to learn more about Vanta and see the platform in action.
{{cta_simple32="/cta-modules"}} | Cyber Essentials product page
A note from Vanta: Vanta is not a law firm, and this article does not constitute or contain legal advice or create an attorney-client relationship. When determining your obligations and compliance with respect to relevant laws and regulations, you should consult a licensed attorney.
What’s a Rich Text element?
What’s a Rich Text element?The rich text element allows you to create and format headings, paragraphs, blockquotes, images, and video all in one place instead of having to add and format them individually. Just double-click and easily create content.
The rich text element allows you to create and format headings, paragraphs, blockquotes, images, and video all in one place instead of having to add and format them individually. Just double-click and easily create content.Static and dynamic content editing
Static and dynamic content editingA rich text element can be used with static or dynamic content. For static content, just drop it into any page and begin editing. For dynamic content, add a rich text field to any collection and then connect a rich text element to that field in the settings panel. Voila!
A rich text element can be used with static or dynamic content. For static content, just drop it into any page and begin editing. For dynamic content, add a rich text field to any collection and then connect a rich text element to that field in the settings panel. Voila!How to customize formatting for each rich text
How to customize formatting for each rich textHeadings, paragraphs, blockquotes, figures, images, and figure captions can all be styled after a class is added to the rich text element using the "When inside of" nested selector system.
Headings, paragraphs, blockquotes, figures, images, and figure captions can all be styled after a class is added to the rich text element using the "When inside of" nested selector system.Lorem ipsum dolor sit amet, consectetur adipiscing elit. Suspendisse varius enim in eros elementum tristique. Duis cursus, mi quis viverra ornare, eros dolor interdum nulla, ut commodo diam libero vitae erat. Aenean faucibus nibh et justo cursus id rutrum lorem imperdiet. Nunc ut sem vitae risus tristique posuere.
What’s a Rich Text element?
What’s a Rich Text element?The rich text element allows you to create and format headings, paragraphs, blockquotes, images, and video all in one place instead of having to add and format them individually. Just double-click and easily create content.
The rich text element allows you to create and format headings, paragraphs, blockquotes, images, and video all in one place instead of having to add and format them individually. Just double-click and easily create content.Static and dynamic content editing
Static and dynamic content editingA rich text element can be used with static or dynamic content. For static content, just drop it into any page and begin editing. For dynamic content, add a rich text field to any collection and then connect a rich text element to that field in the settings panel. Voila!
A rich text element can be used with static or dynamic content. For static content, just drop it into any page and begin editing. For dynamic content, add a rich text field to any collection and then connect a rich text element to that field in the settings panel. Voila!How to customize formatting for each rich text
How to customize formatting for each rich textHeadings, paragraphs, blockquotes, figures, images, and figure captions can all be styled after a class is added to the rich text element using the "When inside of" nested selector system.
Headings, paragraphs, blockquotes, figures, images, and figure captions can all be styled after a class is added to the rich text element using the "When inside of" nested selector system.Lorem ipsum dolor sit amet, consectetur adipiscing elit. Suspendisse varius enim in eros elementum tristique. Duis cursus, mi quis viverra ornare, eros dolor interdum nulla, ut commodo diam libero vitae erat. Aenean faucibus nibh et justo cursus id rutrum lorem imperdiet. Nunc ut sem vitae risus tristique posuere.
What’s a Rich Text element?
What’s a Rich Text element?The rich text element allows you to create and format headings, paragraphs, blockquotes, images, and video all in one place instead of having to add and format them individually. Just double-click and easily create content.
The rich text element allows you to create and format headings, paragraphs, blockquotes, images, and video all in one place instead of having to add and format them individually. Just double-click and easily create content.Static and dynamic content editing
Static and dynamic content editingA rich text element can be used with static or dynamic content. For static content, just drop it into any page and begin editing. For dynamic content, add a rich text field to any collection and then connect a rich text element to that field in the settings panel. Voila!
A rich text element can be used with static or dynamic content. For static content, just drop it into any page and begin editing. For dynamic content, add a rich text field to any collection and then connect a rich text element to that field in the settings panel. Voila!How to customize formatting for each rich text
How to customize formatting for each rich textHeadings, paragraphs, blockquotes, figures, images, and figure captions can all be styled after a class is added to the rich text element using the "When inside of" nested selector system.
Headings, paragraphs, blockquotes, figures, images, and figure captions can all be styled after a class is added to the rich text element using the "When inside of" nested selector system.Lorem ipsum dolor sit amet, consectetur adipiscing elit. Suspendisse varius enim in eros elementum tristique. Duis cursus, mi quis viverra ornare, eros dolor interdum nulla, ut commodo diam libero vitae erat. Aenean faucibus nibh et justo cursus id rutrum lorem imperdiet. Nunc ut sem vitae risus tristique posuere.

What’s a Rich Text element?
What’s a Rich Text element?The rich text element allows you to create and format headings, paragraphs, blockquotes, images, and video all in one place instead of having to add and format them individually. Just double-click and easily create content.
The rich text element allows you to create and format headings, paragraphs, blockquotes, images, and video all in one place instead of having to add and format them individually. Just double-click and easily create content.Static and dynamic content editing
Static and dynamic content editingA rich text element can be used with static or dynamic content. For static content, just drop it into any page and begin editing. For dynamic content, add a rich text field to any collection and then connect a rich text element to that field in the settings panel. Voila!
A rich text element can be used with static or dynamic content. For static content, just drop it into any page and begin editing. For dynamic content, add a rich text field to any collection and then connect a rich text element to that field in the settings panel. Voila!How to customize formatting for each rich text
How to customize formatting for each rich textHeadings, paragraphs, blockquotes, figures, images, and figure captions can all be styled after a class is added to the rich text element using the "When inside of" nested selector system.
Headings, paragraphs, blockquotes, figures, images, and figure captions can all be styled after a class is added to the rich text element using the "When inside of" nested selector system.Lorem ipsum dolor sit amet, consectetur adipiscing elit. Suspendisse varius enim in eros elementum tristique. Duis cursus, mi quis viverra ornare, eros dolor interdum nulla, ut commodo diam libero vitae erat. Aenean faucibus nibh et justo cursus id rutrum lorem imperdiet. Nunc ut sem vitae risus tristique posuere.

What’s a Rich Text element?
What’s a Rich Text element?The rich text element allows you to create and format headings, paragraphs, blockquotes, images, and video all in one place instead of having to add and format them individually. Just double-click and easily create content.
The rich text element allows you to create and format headings, paragraphs, blockquotes, images, and video all in one place instead of having to add and format them individually. Just double-click and easily create content.Static and dynamic content editing
Static and dynamic content editingA rich text element can be used with static or dynamic content. For static content, just drop it into any page and begin editing. For dynamic content, add a rich text field to any collection and then connect a rich text element to that field in the settings panel. Voila!
A rich text element can be used with static or dynamic content. For static content, just drop it into any page and begin editing. For dynamic content, add a rich text field to any collection and then connect a rich text element to that field in the settings panel. Voila!How to customize formatting for each rich text
How to customize formatting for each rich textHeadings, paragraphs, blockquotes, figures, images, and figure captions can all be styled after a class is added to the rich text element using the "When inside of" nested selector system.
Headings, paragraphs, blockquotes, figures, images, and figure captions can all be styled after a class is added to the rich text element using the "When inside of" nested selector system.Lorem ipsum dolor sit amet, consectetur adipiscing elit. Suspendisse varius enim in eros elementum tristique. Duis cursus, mi quis viverra ornare, eros dolor interdum nulla, ut commodo diam libero vitae erat. Aenean faucibus nibh et justo cursus id rutrum lorem imperdiet. Nunc ut sem vitae risus tristique posuere.

What’s a Rich Text element?
What’s a Rich Text element?The rich text element allows you to create and format headings, paragraphs, blockquotes, images, and video all in one place instead of having to add and format them individually. Just double-click and easily create content.
The rich text element allows you to create and format headings, paragraphs, blockquotes, images, and video all in one place instead of having to add and format them individually. Just double-click and easily create content.Static and dynamic content editing
Static and dynamic content editingA rich text element can be used with static or dynamic content. For static content, just drop it into any page and begin editing. For dynamic content, add a rich text field to any collection and then connect a rich text element to that field in the settings panel. Voila!
A rich text element can be used with static or dynamic content. For static content, just drop it into any page and begin editing. For dynamic content, add a rich text field to any collection and then connect a rich text element to that field in the settings panel. Voila!How to customize formatting for each rich text
How to customize formatting for each rich textHeadings, paragraphs, blockquotes, figures, images, and figure captions can all be styled after a class is added to the rich text element using the "When inside of" nested selector system.
Headings, paragraphs, blockquotes, figures, images, and figure captions can all be styled after a class is added to the rich text element using the "When inside of" nested selector system.Lorem ipsum dolor sit amet, consectetur adipiscing elit. Suspendisse varius enim in eros elementum tristique. Duis cursus, mi quis viverra ornare, eros dolor interdum nulla, ut commodo diam libero vitae erat. Aenean faucibus nibh et justo cursus id rutrum lorem imperdiet. Nunc ut sem vitae risus tristique posuere.

What’s a Rich Text element?
What’s a Rich Text element?The rich text element allows you to create and format headings, paragraphs, blockquotes, images, and video all in one place instead of having to add and format them individually. Just double-click and easily create content.
The rich text element allows you to create and format headings, paragraphs, blockquotes, images, and video all in one place instead of having to add and format them individually. Just double-click and easily create content.Static and dynamic content editing
Static and dynamic content editingA rich text element can be used with static or dynamic content. For static content, just drop it into any page and begin editing. For dynamic content, add a rich text field to any collection and then connect a rich text element to that field in the settings panel. Voila!
A rich text element can be used with static or dynamic content. For static content, just drop it into any page and begin editing. For dynamic content, add a rich text field to any collection and then connect a rich text element to that field in the settings panel. Voila!How to customize formatting for each rich text
How to customize formatting for each rich textHeadings, paragraphs, blockquotes, figures, images, and figure captions can all be styled after a class is added to the rich text element using the "When inside of" nested selector system.
Headings, paragraphs, blockquotes, figures, images, and figure captions can all be styled after a class is added to the rich text element using the "When inside of" nested selector system.Lorem ipsum dolor sit amet, consectetur adipiscing elit. Suspendisse varius enim in eros elementum tristique. Duis cursus, mi quis viverra ornare, eros dolor interdum nulla, ut commodo diam libero vitae erat. Aenean faucibus nibh et justo cursus id rutrum lorem imperdiet. Nunc ut sem vitae risus tristique posuere.
What’s a Rich Text element?
What’s a Rich Text element?The rich text element allows you to create and format headings, paragraphs, blockquotes, images, and video all in one place instead of having to add and format them individually. Just double-click and easily create content.
The rich text element allows you to create and format headings, paragraphs, blockquotes, images, and video all in one place instead of having to add and format them individually. Just double-click and easily create content.Static and dynamic content editing
Static and dynamic content editingA rich text element can be used with static or dynamic content. For static content, just drop it into any page and begin editing. For dynamic content, add a rich text field to any collection and then connect a rich text element to that field in the settings panel. Voila!
A rich text element can be used with static or dynamic content. For static content, just drop it into any page and begin editing. For dynamic content, add a rich text field to any collection and then connect a rich text element to that field in the settings panel. Voila!How to customize formatting for each rich text
How to customize formatting for each rich textHeadings, paragraphs, blockquotes, figures, images, and figure captions can all be styled after a class is added to the rich text element using the "When inside of" nested selector system.
Headings, paragraphs, blockquotes, figures, images, and figure captions can all be styled after a class is added to the rich text element using the "When inside of" nested selector system.Lorem ipsum dolor sit amet, consectetur adipiscing elit. Suspendisse varius enim in eros elementum tristique. Duis cursus, mi quis viverra ornare, eros dolor interdum nulla, ut commodo diam libero vitae erat. Aenean faucibus nibh et justo cursus id rutrum lorem imperdiet. Nunc ut sem vitae risus tristique posuere.
Role: | GRC responsibilities: |
---|---|
Board of directors | Central to the overarching GRC strategy, this group sets the direction for the compliance strategy. They determine which standards and regulations are necessary for compliance and align the GRC strategy with business objectives. |
Chief financial officer | Primary responsibility for the success of the GRC program and for reporting results to the board. |
Operations managers from relevant departments | This group owns processes. They are responsible for the success and direction of risk management and compliance within their departments. |
Representatives from relevant departments | These are the activity owners. These team members are responsible for carrying out specific compliance and risk management tasks within their departments and for integrating these tasks into their workflows. |
Contract managers from relevant department | These team members are responsible for managing interactions with vendors and other third parties in their department to ensure all risk management and compliance measures are being taken. |
Chief information security officer (CISO) | Defines the organization’s information security policy, designs risk and vulnerability assessments, and develops information security policies. |
Data protection officer (DPO) or legal counsel | Develops goals for data privacy based on legal regulations and other compliance needs, designs and implements privacy policies and practices, and assesses these practices for effectiveness. |
GRC lead | Responsible for overseeing the execution of the GRC program in collaboration with the executive team as well as maintaining the organization’s library of security controls. |
Cybersecurity analyst(s) | Implements and monitors cybersecurity measures that are in line with the GRC program and business objectives. |
Compliance analyst(s) | Monitors the organization’s compliance with all regulations and standards necessary, identifies any compliance gaps, and works to mitigate them. |
Risk analyst(s) | Carries out the risk management program for the organization and serves as a resource for risk management across various departments, including identifying, mitigating, and monitoring risks. |
IT security specialist(s) | Implements security controls within the IT system in coordination with the cybersecurity analyst(s). |