Our organisation is still using Windows 7 or Windows Server 2008 R2 – is this Cyber Essentials compliant?

Normally no, this would be regarded as an instant fail as the software is unsupported (both went End of Life 14/01/2020).
In circumstances where your organisation has paid for Extended Security Updates (ESU) from Microsoft for every device that is unsupported, this will be considered permissable as technically the software is supported.

Did you find this FAQ helpful?