Treat the questionnaire as a once-only piece of work and reuse the answers.
Before you answer
- Read the whole questionnaire first.
- Find out who at the customer is asking.
- Check if they'll accept a Cyber Essentials certificate.
Building your security pack
- A short data-handling statement.
- Your policies: data protection, password, acceptable use, incident response, AI usage.
- Evidence: MFA screenshot, backup screenshot, training records.
- Your incident response plan.
- Any certifications.
- A simple data flow diagram.
Answering
- Be honest. Lying voids your insurance.
- If the answer is ‘no’, add ‘here's our plan and date.’
- Attach evidence without being asked.
- Save the answered questionnaire.
Common mistakes
- Overpromising.
- Underselling.
- Ignoring sub-processors.
- Treating each questionnaire as new.