Terms and Conditions

Cyber Essentials, IASME Governance

Please ensure you have read and understood the below terms and conditions on  services and/or products supplied by Netcom Technologies Limited.

The Cyber Essentials Scheme is owned by HM Government (the Authority) and IASME Consortium Limited is the Accreditation Body (AB).

HMG and IASME own respectively all the intellectual property rights in the Cyber Essentials mark (as appears on the website) and the IASME Governance Standard mark (as appears on the website).

This agreement is intended to govern the relationship between the AB (or a Certification Body

appointed by the AB, in this case Netcom) and you under which you wish to apply for certification under the scheme. The assessment for certification will be carried out only on the basis that you have paid the fees and that you accept the terms and conditions of this agreement in full.

if you are accepting these terms and condition on behalf of a corporate body, you represent to us that you are doing so as an authorised representative of that corporate body. if you are not so authorised nor deemed by law to have such authority then you assume sole personal liability for the obligations set out in this agreement.

if you do not accept all of the terms of this agreement, you must not sign and not download, copy, use the marks/certification badges or claim to be certified under the scheme. you should also destroy any unlicensed copies of the marks/certification badges or other materials under the scheme which might be in your possession

A “pass” under the GDPR assessment does not mean that you are assessed as being legally compliant. It indicates only that your organisation is starting on the pathway to compliance and is committed to ensuring ‘privacy by design’.

You should ensure that your organisation obtains specialist legal advice on the GDPR as with any other data protection issue. This GDPR assessment is not legal advice and must not be relied upon as such and The IASME Consortium Ltd, Netcom Technologies Ltd and Netcom Data Services Ltd accepts no liability for loss or damage suffered as a result of reliance on views expressed here.

The full extent of the GDPR regime and its application post Brexit (for example) is not yet fully known but the assessment addresses what we consider to be key elements and to help organisations demonstrate progress towards meeting the policy objectives that underpins the GDPR.


1.1 We will, upon receipt of the Fees, allow you to complete the relevant Self-Assessment Questionnaires and will, subject to you meeting your obligations under this Agreement, assess your completed Questionnaire against the Scheme’s criteria.

1.2 We will perform the assessment using reasonable skill and care.

1.3 In the event that your Questionnaire meets the Scheme criteria (which we shall assess at our sole and absolute discretion) we will notify you in writing and, subject to you meeting your obligations under clause 2, will arrange for the issue of a Scheme Certificate to you.

1.4 We will consider and re assess against the Scheme profile any changes to your profile that you notify to us or which otherwise come to our attention.

1.5 Prior to issuing a Scheme Certificate we will send you an agreement for you to sign, setting

out the conditions of use and constraints on your use of the Marks/certification badges. On receipt of the signed

agreement from you (un-amended) we will then issue the certificate.


2.1 You will complete the Self-Assessment Questionnaire accurately, fully and honestly.

2.2 You will use not use the Marks/certification badges or claim to be certified unless you are in receipt of a current,

valid Scheme Certificate duly issued by the AB or a CB.

2.3 You acknowledge that any Scheme Certificate will be issued to you only upon acceptance of

a signed agreement governing the terms and conditions of use including constraints on the use of the Marks. [The form of that agreement is available on the IASME website].

2.4 You will not make any derogatory statements about the Scheme or behave in any manner that would damage the reputation of the Scheme.

2.5 You acknowledge that the Scheme is intended to reflect that certificated organisations have themselves established the cyber security profile set out in the Scheme documents only and that receipt of a Scheme Certificate does not indicate or certify that the certificate holder is free from cyber security vulnerabilities. You acknowledge that we have not warranted or represented the Scheme or certification under the Scheme as conferring any additional benefit to you.

2.6 You will comply with the Scheme documentation and all reasonable directions made to you by the Authority, the AB or CB.


You must pay the Fees before the certification process can begin. The Fees are non -returnable.


You must pay the Renewal Fee at each anniversary of the issue of your original certificate. Non-payment of the Renewal Fee will result in the certificate becoming invalid.


The Scheme Profile details and methodology are confidential and you agree to keep them

confidential save where disclosure is required by an order of the courts or tribunal or as required by HMRC and only in accordance with the terms of that order or requirement.


6.1 You warrant that the Scheme Questionnaire has been completed by an authorised and suitably competent person.

6.2 You warrant that you will maintain the Security Profile indicated in your completed Questionnaire.

6.3 You warrant that the Scheme Questionnaire you submit is complete and accurate in all material respects.


7.1 We do not accept any liability to you resulting from any security breach or vulnerability in your systems or processes.

7.2 We do not accept any liability to you resulting from any security breach or vulnerability in the systems or processes that have been applied

7.3 Without prejudice to the generality of clause 7.1 and subject to clause 7.5 we shall not be liable to you whether in contract, tort (including negligence) for breach of statutory duty or

otherwise arising under or in connection with this agreement for: –

(a) loss of profits;

(b) loss of sales or business;

(c) loss of agreements or contracts;

(d) loss of anticipated savings;

(e) loss of or damage to goodwill;

(f) loss of use or corruption of software, data or information;

(g) any indirect or consequential loss.

7.4 The terms implied by sections 3 to 5 of the Supply of Goods and Services Act 1982 are, to the fullest extent permitted by law, excluded from this agreement.

7.5 The limitations and exclusions on liability in this section will not apply to any liability for death or personal injury caused by our negligence, for fraud or fraudulent misrepresentation or for any other liability that cannot lawfully be excluded or limited.

7.6 Subject to clause 7.5, the total limit of our liability to you whether in contract or tort is the sum equivalent to the Fees that you have paid to us in the 12 months preceding the date of your

claim against us.


8.1 We may terminate the certification process at any stage without notice to you in the event that you are in breach of any of your obligations under this agreement.


Any dispute regarding this agreement shall first be discussed between us with a view to resolving it promptly. If it cannot be resolved within 28 days then you and we hereby agree that will be referred for alternative dispute resolution by an appropriate mediation practitioner who is a member of and subject to the rules of the Chartered Institute of Arbitrators.


Our relationship with you will be governed by English law and will be subject to the exclusive jurisdiction of the English courts. However, we may bring legal proceedings in any other jurisdiction, including the jurisdiction where you are domiciled or based, to recover fees or other sums payable to us.

You also agree to us publishing the name of your company and, if relevant, the scope of the assessment if you are awarded certification.