Supplier Terms and Conditions
Important: Please read this carefully before accepting.
Definitions
In these conditions, the following words and expressions have the meanings set out below.
(whether registered or unregistered), trade secrets and all other similar rights of ownership.
• Self-assessment, Questionnaire, Assessment, Test—Your Cyber Essentials assessment (online, hard copy, or onsite).
• We, Us, Our, Certification Body—ID Cyber Solutions (and anyone who takes over our business), whose registered office address is 29 Eagle Street, Glasgow, Scotland, UK, G4 9XA.
• You, Your—The person or organisation named as the client on the client application form.
The Cyber Essentials scheme is owned by HM Government (the authority), The IASME Consortium is the Cyber Essentials Partner, and ID Cyber Solutions is the Certification Body.
This agreement is intended to govern the relationship between the Certification Body and you under which you wish to apply for certification under the scheme. The assessment for certification will be carried out only on the basis that you have paid the fees and that you accept the terms and conditions of this agreement in full. Your assessment account will remain live for 6 months and will be closed after this time. If you have not submitted your assessment within 6 months we are under no obligation to carry out an assessment and no refund will be paid.
If you are accepting on behalf of a corporate body, you represent to us that you are doing so as an authorised representative of that corporate body. If you are not so authorised nor deemed by law to have such authority, then you assume sole personal liability for the obligations set out in this agreement.
If you do not accept all of the terms of this agreement you must not click the ‘I accept’ button or move on to the assessment, and must not download, copy, or use the marks or claim to be certified under the scheme. You should also destroy any unlicensed copies of the marks or other materials under the scheme which might be in your possession.
1 OUR OBLIGATIONS
1.1 We will, upon receipt of the Fees, allow you to complete your Assessment within 6 months of date of application and will, subject to you meeting your obligations under this Agreement, assess your completed Questionnaire against the Scheme’s criteria. If you have not submitted your Assessment within 6 months this agreement is terminated and no refund will be paid to you.
1.2 We will perform the Assessment using reasonable skill and care.
1.3 In the event that your Assessment meets the Scheme criteria (which we shall assess at our sole and absolute discretion) we will notify you by phone or by email and, subject to you meeting your obligations under clause 2, will arrange for the issue of a Scheme Certificate to you.
1.4 In the event that your Questionnaire does not meet the Scheme criteria (which we shall assess at our sole and absolute discretion), we will reassess against the Scheme profile any changes to your assessment that you notify to us or which otherwise come to our attention within 14 days for the Self-Assessment (5 days with the Unaided service level) and 30 days for Plus from the time we notify you that you do not meet the Scheme criteria. If we have not heard from you within this time period, you must pay the relevant fee and reapply for certification.
1.5 Included with our “Extra Help” service level is limited help and support with completing your assessment.
Cyber Essentials Extra Help includes up to 2 hours of remote help to complete your questionnaire.
Cyber Essentials Plus Extra Help includes a pre-audit to highlight any remediations needed before the Plus audit and several free rescans.
If you need more help, we can offer extra remote time or assistance from one of our trusted partners at an extra cost.
2 YOUR OBLIGATIONS
2.1 You will complete the Assessment Questionnaire accurately, fully and honestly.
2.2 You will not use the Marks or claim to be certified unless you are in receipt of a current, valid Scheme Certificate duly issued by the Cyber Essentials Partner or a certification body.
2.3 You will not make any derogatory statements about the Scheme or behave in any manner that would damage the reputation of the Scheme.
2.4 You acknowledge that the Scheme is intended to reflect that certificated organisations have themselves established the cyber security profile set out in the Scheme documents only and that receipt of a Scheme Certificate does not indicate or certify that the certificate holder is free from cyber security vulnerabilities. You acknowledge that we have not warranted or represented the Scheme or certification under the Scheme as conferring any additional benefit to you.
2.5 You will comply with the Scheme documentation and all reasonable directions made to you by the Authority, Cyber Essentials Partner or certification body.
3 THE FEES
The Cyber Essentials Self-Assessment fee is £320 to £600 depending on your company size. Any additional fees are for additional services and support.
You must pay the Fees before the certification process can begin. The Fees are non-refundable.
4 RENEWAL
You must pay the Renewal Fee and be reassessed at each anniversary of the issue of your original certificate. Non-payment of the Renewal Fee or non-compliance at the reassessment will result in the certificate becoming invalid.
5 CONFIDENTIALITY
The Scheme Profile details and methodology are confidential and you agree to keep them confidential save where disclosure is required by an order of the courts or tribunal or as required by HMRC and only in accordance with the terms of that order or requirement.
6 WARRANTY
6.1 You warrant that the Scheme Questionnaire has been completed by an authorised and suitably competent person.
6.2 You warrant that you will maintain the Security Profile indicated in your completed Questionnaire.
6.3 You warrant that the Scheme Questionnaire you submit is complete and accurate in all material respects.
7 LIMITATION OF LIABILITY
7.1 We do not accept any liability to you resulting from any security breach or vulnerability in your systems or processes.
7.2 Without prejudice to the generality of clause 7.1, we shall not be liable to you whether in contract, tort (including negligence) for breach of statutory duty or otherwise arising under or in connection with this agreement for:-
(a) loss of profits;
(b) loss of sales or business;
(c) loss of agreements or contracts;
(d) loss of anticipated savings;
(e) loss of or damage to goodwill;
(f) loss of use or corruption of software, data or information;
(g) any indirect or consequential loss.
7.3 The terms implied by sections 3 to 5 of the Supply of Goods and Services Act 1982 are, to the fullest extent permitted by law, excluded from this agreement.
7.4 The limitations and exclusions on liability in this section will not apply to any liability for death or personal injury caused by our negligence, for fraud or fraudulent misrepresentation or for any other liability that cannot lawfully be excluded or limited.
7.5 Subject to clause 7.4, the total limit of our liability to you whether in contract or tort is the sum equivalent to the Fees that you have paid to us in the 12 months preceding the date of your claim against us.
8 TERMINATION
8.1 We may terminate the certification process at any stage without notice to you in the event that you are in breach of any of your obligations under this agreement.
9 DISPUTE RESOLUTION
Any dispute regarding this agreement shall first be discussed between us with a view to resolving it promptly. If it cannot be resolved within 28 days then you and we hereby agree that will be referred for alternative dispute resolution by an appropriate mediation practitioner who is a member of and subject to the rules of the Chartered Institute of Arbitrators.
10 LAW AND JURISDICTION
This agreement will be governed by Scottish Law or English Law dependant where the company is registered. When a company is based out with the UK the agreement will be governed by Scottish Law.
10 DATA PROTECTION (GDPR)
The following personal data is collected, held, and processed by ID Cyber Solutions:
| Data Ref. | Type of Data | Purpose of Data |
| Customer | Name | To identify a Contact |
| Customer | Email address | As above and to contact for purposes of notifications about their Cyber Essentials assessment and renewal |
| Customer | Orders | We record the time and IP address of every order so that we have a data trail of access to the system. |
| Customer | Company Name and Address | To identify a company in the system |
| Customer | Phone Number | To contact for purposes of notifications about their Cyber Essentials assessment and renewal |
3rd Party Access
Your data will only be passed to a 3rd party when it is needed to perform and complete the contract that has been entered into, e.g., Cyber Essentials Assessment and Certification.
3rd parties include but are not limited to: The Cyber Essentials Partner, The National Cyber Security Centre, our Cyber Essentials Assessors, our Service Partners and your IT Support Company.
For more details on data protection, please visit our Privacy Policy.