Network Security
Vulnerability Management
Privileged Access Management 
Endpoint Security
Threat Hunting
Unified Endpoint Management
Email & Collaboration Security
Contents:
London, UK, February 9, 2026 – Heimdal today announced it is the first vendor to publish an IASME Cyber Essentials aligned control mapping for Privilege Elevation and Delegation Management (PEDM), helping organisations evidence least privilege and stronger control over administrative access.
Privileged access remains one of the most exploited attack paths in modern incidents. Recent UK ransomware incidents have disrupted critical services, including healthcare and national infrastructure. In many intrusions, attackers do not stop at initial access. They look for privileged rights to disable protections, move laterally, and take control. That is exactly why Cyber Essentials places such emphasis on admin access separation and least privilege controls that can be evidenced during assessment.
Heimdal PEDM is built to reduce that risk by removing standing admin rights and enabling just enough privilege only when needed, under policy, with traceable accountability.
The first to publish an IASME Cyber Essentials PEDM mapping
Heimdal is the first vendor to publish an IASME Cyber Essentials aligned control mapping for PEDM, setting out how privilege management supports Cyber Essentials expectations and what evidence can be produced to support assessment.
For organisations and MSPs, this closes a common gap: having policy intent, but struggling to evidence day to day enforcement across endpoints.
Turning Cyber Essentials into enforceable controls
Cyber Essentials has become a practical requirement for many organisations, particularly those working with public sector buyers and supply chains. It is also a growing commercial requirement for MSPs, who must help customers meet baseline standards without slowing down operations.
Heimdal PEDM supports this by helping organisations to:
• Remove local admin rights by default, while keeping teams productive
• Permit elevation only for approved applications, tasks, and time frames
• Apply just enough administration so users get what they need, not what attackers want
• Reduce misuse, persistence, and lateral movement
• Generate auditable records of privileged actions for compliance and governance
“Most breaches do not start with Hollywood hacking. They start with access, followed by privilege,” Morten Kjaersgaard, Founder and Chairman, Heimdal.
“Cyber Essentials forces a basic question: who has admin rights, and why. Our answer is simple. Default to standard user, then grant just enough administration for the task, for the time needed, with proof. That is how you shut down the easiest breach path without slowing the business.”
Supporting the broader Cyber Essentials baseline
Privileged access is only one part of the Cyber Essentials baseline. Heimdal’s wider platform helps organisations strengthen related areas such as patching, malware protection, DNS threat prevention, ransomware defences, and centralised reporting, supporting a more complete security posture without tool sprawl.
Availability
The IASME Cyber Essentials aligned PEDM mapping and supporting PEDM capabilities are available now, including the new least privilege elevation flow.
This release also includes PEDM Cloud AV scanning and USB Management enhancements to improve allowlisting and tracking across environments.
To learn more, visit: here or contact: Danny Mitchell (dmi@heimdalsecurity.com).
For channel partnership enquiries, contact: James Webb (jwe@heimdalsecurity.com).
About Heimdal
Heimdal provides a unified security and compliance platform spanning prevention, detection, access control, and reporting, helping organisations reduce operational overhead and strengthen control across the attack chain.
If you liked this article, follow us on LinkedIn, X, Facebook, and Youtube, for more cybersecurity news and topics.
Madalina, a seasoned digital content creator at Heimdal®, blends her passion for cybersecurity with an 8-year background in PR & CSR consultancy. Skilled in making complex cyber topics accessible, she bridges the gap between cyber experts and the wider audience with finesse.
