When performing a Cyber Essentials Plus audit, the amount of machines that we test is dependent on the size of the organisation. We must a sample of each type of device on the network to ensure Cyber Essentials compliance. The goal is to test a number of devices that make up 90% of the organisation.
A type of device is a grouping of systems running the same operating system. i.e. all devices running Windows 10 Pro running Version 1903 will be classed as one type, and all devices running Windows 10 Pro Version 2004 would be classed as another type.
Of each type, a certain amount will be required to be tested.
For example: If an organisation has 50 Microsoft Windows 10 1903 desktops, 30 Mac-book Pro Catalina Laptops, and 10 Windows Server 2016, we would test 4 desktops, 4 mac-books, and 3 servers.