Cyber Essentials and IASME Governance Terms
In these conditions, the following words and expressions have the meanings set out below.
(whether registered or unregistered), trade secrets and all other similar rights of ownership.
• Self Assessment, Questionnaire, assessment,Test – your Cyber Essentials or IASME Governance Assessment (online, or Onsite).
• We, us, our, certification body – Cyberlab, whose registered office address is The Terrace, Grantham Street, Lincoln, LN2 1BD
• You, your – the person or organisation named as the client on the client application form.
The cyber essentials scheme is owned by HM Government (the authority), IASME is the Cyber Essentials/IASME Governance Partner and Cyberlab are the certification body.
This agreement is intended to govern the relationship between the certification body and you under which you wish to apply for certification under the scheme. The assessment for certification will be carried out only on the basis that you have paid the fees and that you accept the terms and conditions of this agreement in full. Your assessment account will remain live for 12 months and will be closed after this time.
If you are accepting on behalf of a corporate body, you represent to us that you are doing so as an authorised representative of that corporate body. If you are not so authorised nor deemed by law to have such authority, then you assume sole personal liability for the obligations set out in this agreement.
If you do not accept all of the terms of this agreement you must not sign the acceptance box of this proposal. You should also destroy any unlicensed copies of the marks or other materials under the scheme which might be in your possession.
1 OUR OBLIGATIONS
1.1 We will, upon receipt of the Fees, allow you to complete your Assessment within 6 months of date of application and will, subject to you meeting your obligations under this Agreement, assess your completed Questionnaire against the Scheme’s criteria. If you have not submitted your assessment within 6 months this agreement is terminated and no refund will be paid to you.
1.2 We will perform the assessment using reasonable skill and care.
1.3 In the event that your Assessment meets the Scheme criteria (which we shall assess at our sole and absolute discretion) we will notify you by phone or by email and, subject to you meeting your obligations under clause 2, will arrange for the issue of a Scheme Certificate to you.
1.4 In the event that your Questionnaire does not meet the Scheme criteria (which we shall assess at our sole and absolute discretion). We will re assess against the Scheme profile any changes to your assessment that you notify to us or which otherwise come to our attention within 2 Days for Cyber Essentials/IASME Governance and 30 days for Cyber Essentials Plus/IASME Governance Audited from the time we notify you that you do not meet the Scheme criteria. If we have not heard from you within this time period, you must wait 30 days, pay the relevant fee and resubmit the assessment.
2 YOUR OBLIGATIONS
2.1 You will complete the Assessment Questionnaire accurately, fully and honestly.
2.2 You will not use the Marks or claim to be certified unless you are in receipt of a current, valid Scheme Certificate duly issued by the Cyber Essentials/IASME Governance Partner or a certification body.
2.3 You will not make any derogatory statements about the Scheme or behave in any manner that would damage the reputation of the Scheme.
2.4 You acknowledge that the Scheme is intended to reflect that certificated organisations have themselves established the cyber security profile set out in the Scheme documents only and that receipt of a Scheme Certificate does not indicate or certify that the certificate holder is free from cyber security vulnerabilities. You acknowledge that we have not warranted or represented the Scheme or certification under the Scheme as conferring any additional benefit to you.
2.5 You will comply with the Scheme documentation and all reasonable directions made to you by the Authority, Cyber Essentials Partner or certification body.
3 THE FEES
You must pay the Fees before the certification process can begin. The Fees are non -refundable
You must pay the Renewal Fee and be reassessed at each anniversary of the issue of your original certificate. Non-payment of the Renewal Fee or non-compliance at the reassessment will result in the certificate becoming invalid.
The Scheme Profile details and methodology are confidential and you agree to keep them confidential save where disclosure is required by an order of the courts or tribunal or as required by HMRC and only in accordance with the terms of that order or requirement.
6.1 You warrant that the Scheme Questionnaire has been completed by an authorised and suitably competent person.
6.2 You warrant that you will maintain the Security Profile indicated in your completed Questionnaire.
6.3 You warrant that the Scheme Questionnaire you submit is complete and accurate in all material respects.
7 LIMITATION OF LIABILITY
7.1 We do not accept any liability to you resulting from any security breach or vulnerability in your systems or processes.
7.2 Without prejudice to the generality of clause 7.1, we shall not be liable to you whether in contract, tort (including negligence) for breach of statutory duty or otherwise arising under or in connection with this agreement for:-
(a) loss of profits;
(b) loss of sales or business;
(c) loss of agreements or contracts;
(d) loss of anticipated savings;
(e) loss of or damage to goodwill;
(f) loss of use or corruption of software, data or information;
(g) any indirect or consequential loss.
7.3 The terms implied by sections 3 to 5 of the Supply of Goods and Services Act 1982 are, to the fullest extent permitted by law, excluded from this agreement.
7.4 The limitations and exclusions on liability in this section will not apply to any liability for death or personal injury caused by our negligence, for fraud or fraudulent misrepresentation or for any other liability that cannot lawfully be excluded or limited.
7.5 Subject to clause 7.4, the total limit of our liability to you whether in contract or tort is the sum equivalent to the Fees that you have paid to us in the 12 months preceding the date of your claim against us.
8.1 We may terminate the certification process at any stage without notice to you in the event that you are in breach of any of your obligations under this agreement.
9 DISPUTE RESOLUTION
Any dispute regarding this agreement shall first be discussed between us with a view to resolving it promptly. If it cannot be resolved within 28 days then you and we hereby agree that will be referred for alternative dispute resolution by an appropriate mediation practitioner who is a member of and subject to the rules of the Chartered Institute of Arbitrators.
10 LAW AND JURISDICTION
This agreement will be governed by English Law dependant where the company is registered. When a company is based out with the UK the agreement will be governed by English Law.
10 DATA PROTECTION (GDPR)
The following personal data is collected, held, and processed by Cyberlab:
Type of Data
Purpose of Data
To identify a Contact
As above and to contact for purposes of notifications about their Cyber Essentials/IASME Governance assessment and renewal
We record the time and IP address of every order so that we have a data trail of access to the system.
Company Name and Address
To identify a company in the system
To contact for purposes of notifications about their Cyber Essentials/IASME Governance assessment and renewal
3rd Party Access
Your data will only be passed to a 3rd parties when it is needed to preform and complete the contract that has been entered into. eg, Cyber Essentials/IASME Governance Assessment and Certification
3rd parties include but are not limited to: IASME, The National Cyber Security Centre, our Cyber Essentials Assessors, our Service Partners and your IT Support Company.