Assessment Terms & Conditions

Important : Please read this carefully before accepting.

The Cyber Essentials Scheme is owned by HM Government (the Authority) and IASME Consortium Limited is the Accreditation Body (AB).

HMG and IASME own respectively all the intellectual property rights in the Cyber Essentials mark (as appears on the website) and the IASME Governance Standard mark (as appears on the website).

This agreement is intended to govern the relationship between the AB (or a Certification Body appointed by the AB) and you under which you wish to apply for certification under the scheme. The assessment for certification will be carried out only on the basis that you have paid the fees and that you accept the terms and conditions of this agreement in full.

You can signify acceptance by selecting checking the box to accept the terms.

If you are accepting on behalf of a corporate body, you represent to us that you are doing so as an authorised representative of that corporate body. if you are not so authorised nor deemed by law to have such authority then you assume sole personal liability for the obligations set out in this agreement.

If you do not accept all of the terms of this agreement you must not download, copy or use the marks or claim to be certified under the scheme. You should also destroy any unlicensed copies of the marks or other materials under the scheme which might be in your possession.

A “pass” under the GDPR assessment does not mean that you are assessed as being legally compliant. It indicates only that your organisation is starting on the pathway to compliance and is committed to ensuring ‘privacy by design’.

You should ensure that your organisation obtains specialist legal advice on the GDPR as on any other data protection issue. This GDPR assessment is not legal advice and must not be relied upon as such and The IASME Consortium Ltd accepts no liability for loss or damage suffered as a result of reliance on views expressed here.

The full extent of the GDPR regime and its application post Brexit (for example) is not yet fully known but the assessment addresses what we consider to be key elements and to help organisations demonstrate progress towards meeting the policy objectives that underpins the GDPR.


1.1 We will, upon receipt of the Fees, allow you to complete a Scheme Self Assessment Questionnaire and will, subject to you meeting your obligations under this Agreement, assess your completed Questionnaire against the Scheme’s criteria.

1.2 We will perform the assessment using reasonable skill and care.

1.3 In the event that your Questionnaire meets the Scheme criteria (which we shall assess at our sole and absolute discretion) we will notify you in writing and, subject to you meeting your obligations under clause 2, will arrange for the issue of a Scheme Certificate to you.

1.4 If you are unsuccessful in your first assessment attempt, we will consider and re assess against the Scheme profile any changes to your profile that you notify to us or which otherwise come to our attention over the following two working days. We will not conduct this reassessment more than one time within the price quoted.

1.5 Prior to issuing a Scheme Certificate we will send you an agreement for you to sign, setting out the conditions of use and constraints on your use of the Marks. On receipt of the signed agreement from you (unamended) we will then issue the certificate.


2.1 You will complete the Self Assessment Questionnaire accurately, fully and honestly within 6 months of application. After these 6 months your account may be closed and no refund will be due.

2.2 You will use not use the Marks or claim to be certified unless you are in receipt of a current, valid Scheme Certificate duly issued by the AB or a CB.

2.3 You acknowledge that any Scheme Certificate will be issued to you only upon acceptance of a signed agreement governing the terms and conditions of use including constraints on the use of the Marks. (The form of that agreement is available on the website).

2.4 You will not make any derogatory statements about the Scheme or behave in any manner that would damage the reputation of the Scheme.

2.5 You acknowledge that the Scheme is intended to reflect that certificated organisations have themselves established the cyber security profile set out in the Scheme documents only and that receipt of a Scheme Certificate does not indicate or certify that the certificate holder is free from cyber security vulnerabilities. You acknowledge that we have not warranted or represented the Scheme or certification under the Scheme as conferring any additional benefit to you.

2.6 You will comply with the Scheme documentation and all reasonable directions made to you by the Authority, the AB or CB.


You must pay the Fees before the certification process can begin. The Fees are non -returnable.


The Scheme Profile details and methodology are confidential and you agree to keep them confidential, save where disclosure is required by an order of the courts or tribunal or as required by HMRC and only in accordance with the terms of that order or requirement.


5.1 You warrant that the Scheme Questionnaire has been completed by an authorised and suitably competent person.

5.2 You warrant that you will maintain the Security Profile indicated in your completed Questionnaire.

5.3 You warrant that the Scheme Questionnaire you submit is complete and accurate in all material respects.


6.1 We do not accept any liability to you resulting from any security breach or vulnerability in your systems or processes.

6.2 We do not accept any liability to you resulting from any security breach or vulnerability in the systems or processes that have been applied

6.3 Without prejudice to the generality of clause 6.1 and subject to clause 6.5 we shall not be liable to you whether in contract, tort (including negligence) for breach of statutory duty or otherwise arising under or in connection with this agreement for:-

(a) loss of profits;

(b) loss of sales or business;

(c) loss of agreements or contracts;

(d) loss of anticipated savings;

(e) loss of or damage to goodwill;

(f) loss of use or corruption of software, data or information;

(g) any indirect or consequential loss.

6.4 The terms implied by sections 3 to 5 of the Supply of Goods and Services Act 1982 are, to the fullest extent permitted by law, excluded from this agreement.

6.5 The limitations and exclusions on liability in this section will not apply to any liability for death or personal injury caused by our negligence, for fraud or fraudulent misrepresentation or for any other liability that cannot lawfully be excluded or limited.

6.6 Subject to clause 6.5, the total limit of our liability to you whether in contract or tort is the sum equivalent to the Fees that you have paid to us in the 12 months preceding the date of your claim against us.


7.1 We may terminate the certification process at any stage without notice to you in the event that you are in breach of any of your obligations under this agreement.


Any dispute regarding this agreement shall first be discussed between us with a view to resolving it promptly. If it cannot be resolved within 28 days then you and we hereby agree that will be referred for alternative dispute resolution by an appropriate mediation practitioner who is a member of and subject to the rules of the Chartered Institute of Arbitrators.


Our relationship with you will be governed by English law and will be subject to the exclusive jurisdiction of the English courts. However, we may bring legal proceedings in any other jurisdiction, including the jurisdiction where you are domiciled or based, to recover fees or other sums payable to us.

You also agree to us publishing the name of your company and, if relevant, the scope of the assessment if you are awarded certification.

You also agree to the UK Government publishing the following details on their website:

  • Company name
  • Location (town)
  • Market sector
  • Date of certification
  • Certification level
  • Certification scope
  • Certificate number