A thin client is considered a device that doesn’t store data currently and connects to a remote service to gather that data.
Since you are using a cloud service, we do require to know some of the information regarding how you use the service to complete your daily operations. It would be useful to detail in the questions how you access the program, do you need credentials? Are the security implementations active on the cloud service?
However, we also require information regarding the user’s thin client. Although the company data may be accessed through your online account to the cloud service there is still risk associated with an unprotected thin client. If the thin client can still access the internet, it is considered within the scope for Cyber Essentials and answers should include an explanation relating to the thin client.
For example, if you use a desktop to access Chrome to access your cloud account containing your client information your desktop should still follow the five cyber essentials controls. It should be configured in the same way as a computer that contains important business information. After all, it is the access point to your business information!