%20(4)-1.png?width=1950&height=299&name=Cybaverse%202024%20White%20new%20(2)%20(4)-1.png)
Determining Device Scope
What needs to be looked at in CE+?
When working towards Cyber Essentials Plus (CE+), your organisation gets to decide what’s included within the scope — though in most cases, this will cover all devices.
By default, any device used to access work-related programs or data will be considered in scope for CE+.
If there’s a reason certain devices or areas need to be excluded (or descoped), your organisation can still be awarded the certificate. However, the descoped elements will be clearly noted on the certificate.
For example:
Your Organisation Name excluding [office name] / [servers] / [specific equipment]
This approach helps to show that while the main business operations are compliant, a small part has not been assessed — often for practical or operational reasons.
For more detailed information, visit IASME’s official website.