CSRB-BRIDGE

10 of 16 anticipated CSRB requirement areas are not fully covered by Cyber Essentials. See where your baseline stands before the compliance window closes.

A 22-page regulatory diagnostic for UK MSPs who hold CE or CE+ certification. It maps 16 anticipated CSRB requirement areas against current CE/CE+ coverage, scores likely regulatory exposure against NCSC CAF v4.0, and provides a board-ready briefing you can act on the same day. Instant PDF download.

24/100

CE/CE+ Baseline — High Exposure

This is the benchmark score used in CSRB-BRIDGE for a CE/CE+-certified MSP against anticipated CSRB requirement areas, weighted against NCSC CAF v4.0. It reflects 10 material gaps and a baseline posture likely to attract regulatory scrutiny without further remediation. Committee Stage has now completed, so the overall direction of the framework is materially clearer.

Your Gap Profile at a Glance

10 Critical Gaps
(RED)

4 Partial Coverage
(AMBER)

2 CE Baseline Valid
(GREEN)

24/100 Exposure
Score

Based on analysis of 16 anticipated CSRB requirement areas against CE and CE+ coverage, calibrated against NCSC CAF v4.0. RED items indicate areas where additional controls are likely to be needed before Royal Assent. Committee Stage completed on 25 February 2026, reducing the likelihood of major structural change to the framework used here.

What's Included — 22-Page Diagnostic PDF

1
Executive Readiness Snapshot 1-Page Board Summary · Exposure Score · Decision Triggers Single-page dashboard presenting your exposure score, critical gap count, estimated remediation window, and likely inspection pressure points. Designed to be handed to a director or presented at board level without further preparation.
Score: 24/100 Board-ready Instant clarity
2
CSRB Scope Test Confirm Likely Regulatory Exposure · Managed Service Provider Scope Assessment Step-by-step questions to determine whether your organisation is likely to fall within scope under the Bill. Includes the thresholds and service criteria DSIT is expected to apply based on the Bill's current direction.
Scope criteria Threshold checks Exposure confirmation
3
16-Area CE/CE+ Gap Mapping RAG Status · CAF Objective · Coverage Analysis All 16 anticipated CSRB requirement areas mapped against CE and CE+ coverage. Each area shows what CE covers, what CSRB appears likely to add, current RAG status, and a priority action. The purpose is to show where certification ends and additional compliance work is likely to begin.
16 requirements RAG status Priority actions
4
CSRB Exposure Score Weighted Diagnostic · CAF v4.0 Calibrated · Auditable Methodology A weighted scoring model across all 16 domains, calibrated against NCSC CAF v4.0 regulatory priority. CE/CE+ baseline: 24/100. Indicative inspection-ready threshold: 86/100. Every weight and score is visible in the diagnostic — nothing is treated as a black box.
CAF v4.0 weighted Auditable Method visible
5
10 Critical Gap Cards Individual Remediation Guidance · Effort Estimate · Priority Ranking One card per critical gap. Each card explains what the gap is, why CE does not sufficiently address it, what the likely regulatory expectation is, and what to do first. Prioritised by expected enforcement sensitivity and implementation effort.
10 gaps Remediation steps Effort estimate
6
Remediation Tracker Owner Fields · Deadlines · Evidence Notes Pre-populated with all 16 remediation actions. Add owner names, target dates, and evidence notes. The output becomes a documented remediation programme you can use internally and, if needed, show as evidence of progress.
Pre-populated Owner assignment Evidence trail
7
Board Briefing Template Regulatory Context · Gap Summary · Recommended Actions A structured briefing document for senior leadership. Contains the regulatory context, your gap summary, exposure score, and a recommended action plan. Ready to complete and present without requiring legal or regulatory specialism.
Board-ready Regulatory context Action plan
8
90-Day Transition Plan Phased Implementation · Milestone Roadmap · Inspection-Ready Timeline Three-phase implementation roadmap taking you from gap assessment to stronger readiness. Designed to run alongside normal operations without a dedicated project team. Phases cover foundations, controls deployment, and evidence collation.
3 phases 12-week roadmap Readiness plan
+
Bonus: 3 Client Email Templates Initial Awareness · Post-Call Follow-Up · Formal Report Delivery Three ready-to-brand emails covering the client conversation arc — from opening the discussion with CE-certified clients to formally delivering the gap analysis as a paid engagement.
Initial awareness Post-call follow-up Report delivery

CSRB-BRIDGE Regulatory Diagnostic PDF cover

22-page regulatory diagnostic PDF. Instant download. Includes 3 client email templates.

What Happens After Purchase

1 Payment completes securely at checkout.
2 PDF download link delivered to your email automatically after checkout.
3 Open the Executive Snapshot first — your score is on page 3.
4 Complete the Scope Test, review your gap cards, and assign owners in the Remediation Tracker.

Instant access

Instant download — yours to keep. Deploy it at your own pace.

Instant PDF download · single organisation licence

£297

Stay Current — Add CSRB-WATCH

Ongoing Bill monitoring, updated gap cards as the legislation develops, CAF revisions, and email alerts on material amendments.
£97/month — cancel anytime.

Available as a post-purchase add-on — or view now.

Own MSP Use

Read the Snapshot. Review your Exposure Score. Assign owners to the critical gaps. Present the Board Briefing to leadership within 30 days.

Client Engagement

Send Template 1 to CE-certified clients. Walk them through the key gaps. Deliver the completed diagnostic as a paid engagement using Template 3.

Stay Current

Your gap position changes as the Bill and CAF guidance evolve. CSRB-WATCH keeps your analysis current with a supervised monthly intelligence briefing and material amendment alerts.

Common Questions

We hold CE+ — isn't that a higher standard?

CE+ is a verified version of CE, not a broader one. It confirms that the same core CE control areas are operating in practice — it does not materially extend the scope of the framework. CSRB-BRIDGE assesses 16 anticipated requirement areas including incident reporting, supply chain governance, board accountability, and continuous monitoring. In most of those areas, CE+ does not materially change the baseline position.

Can I use this diagnostic with my clients directly?

Yes. The diagnostic is designed for dual use. The client email templates help open the conversation. The gap analysis and exposure score can be presented to a client as a standalone paid deliverable or used to support a wider engagement. The single organisation licence covers your own internal use and delivery to your clients — you cannot resell the document itself as a standalone product.

What are the 10 critical gaps CE misses?

The RED gaps assessed in the diagnostic include areas such as 24-hour incident reporting, fuller follow-up incident reporting, supply chain risk management, governance over AI use where relevant, continuous monitoring, board-level accountability, data governance, resilience planning, logging and monitoring capability, and alerting maturity. Each gap is broken down into its own remediation card inside the diagnostic.

How is the Exposure Score calculated?

The score is a weighted composite across 16 anticipated CSRB requirement areas, calibrated against NCSC CAF v4.0 priority. Domains expected to attract higher scrutiny under enforcement, such as governance and monitoring, carry greater weighting. Score = Σ(weight × domain_score / 5) × 100. The CE/CE+ benchmark used in the diagnostic is 24/100. An indicative inspection-ready threshold is set at 86/100. Every weight and score is visible in the diagnostic.