Cyber Essentials Terms and Conditions
1. DEFINITIONS
Assessment
the assessment process to achieve Cyber Essentials Certification.
Authorised Representatives
representatives of the Certified Body authorised by the Certified Body to carry out the Certification Services.
Branding Guidelines
the branding guidelines applicable (as the case may be) to use of the Cyber Essentials Certification Mark as may be updated by NCSC from time to time.
Certified Body (we/us/our)
Silvatech Solutions Ltd (Company No. 14042176) whose registered office is The Generator Hub The Gallery, Kings Wharf, Exeter, Devon, England, EX2 4AN, appointed by IASME to provide CertificationServices.
Certification Services
as the service offered by the Certified Body as set out in clause 3.
Cyber Essentials Scheme
the NCSC Scheme as detailed here: www.ncsc.gov.uk/cyberessentials.
Customer (you/your)
refers to the applicant company or other organisation seeking certification under the Cyber Essentials Scheme.
Cyber Essentials Certification
the certificate issued by a Certification Body to an organisation which has successfully certify to Cyber Essentials.
Cyber Essentials Certification Mark
the visual mark awarded to organisations that successfully certify to Cyber Essentials.
Data Protection Legislation
all applicable data protection and privacy legislation in force from time to time in the UK including the UK GDPR; the Data Protection Act 2018 (DPA 2018) (and regulations made thereunder); and the Privacy and Electronic Communications Regulations 2003 (SI 2003 No. 2426) as amended.
Fee
the fee payable for to use for the Certification Services, including the fee charged by IASME for each Assessment.
IASME
the IASME Consortium Limited who are NCSC’s exclusive Cyber Essentials partner.
NCSC
the National Cyber Security Centre.
Privacy Policy
https://silvatech.uk/privacy-policy/
Scheme Controls
the technical controls described in the Cyber Essentials: Requirements for IT Infrastructure, as updated by NCSC from time to time (version 3.1 available here: www.ncsc.gov.uk/files/Cyber-Essentials-Requirements-for-Infrastructure-v3-1-April-2023.pdf)
Terms
these terms and conditions.
Questionnaire
the self-assessment questionnaire by which you will describe how you implement the Scheme Controls.
Website
https://silvatech.uk/
1.1 References to clauses and Schedules are to the clauses and Schedules of these Terms; references to paragraphs are to paragraphs of the relevant Schedule to these Terms.
1.2 A reference to a company shall include any company, corporation or other body corporate, wherever and however incorporated or established.
1.3 Unless the context otherwise requires, words in the singular shall include the plural and words in the plural shall include the singular.
1.4 A reference to a statute or statutory provision is a reference to it as amended, extended or re-enacted and includes all subordinate legislation made from time to time under that statute or statutory provision.
1.5 A reference to writing or written includes e-mail but not fax or instant messaging.
1.6 Any phrase introduced by the words including, includes, in particular or for example, or any similar phrase, shall be construed as illustrative and shall not limit the generality of the related words.
2. CERTIFIED BODY
2.1 We have been appointed by IASME to provide Certification Services. Our provision of the Certification Services is in accordance with our agreement with IASME.
2.2 These Terms are provided in accordance with IASME’s terms and conditions for the Cyber Essentials Scheme. Please ensure you are familiar with both IASME’s terms and these terms. Where IASME’s terms and our terms conflict, IASME’s terms will take priority.
3. CERTIFICATION SERVICES
3.1 Upon receipt of payment of Fees in accordance with clause 5, we will give you access to the self-assessment Questionnaire.
3.2 To start the Assessment process, you must complete and submit the self-assessment Questionnaire for the Cyber Essentials Scheme to us.
3.3 As a Certified Body, we will assess the completed Questionnaire with reasonable care and skill and in accordance with the Scheme Controls and notify you with the results of the Assessment within five working days.
3.4 The result of the Assessment is at our sole discretion and is based on the information provided by you. We are not responsible for any unsuccessful results.
3.5 If you are successful in your application, we will issue you with the Cyber Essentials Certification which is valid for 12 months from the date of issue.
3.6 If you are unsuccessful in the Assessment, in accordance with IASME’s terms, we will carry out one further Assessment free of any additional charge provided that your resubmission is made within 48 hours of receipt of our notice that your first Assessment has failed. Any further Assessment attempts will be charged as a new application.
3.7 In accordance with their terms, IASME reserve the right to rescind the Cyber Essentials
Certification if issued to you in error.
4. YOUR OBLIGATIONS
4.1 You will ensure that the information provided for the Questionnaire is complete and accurate.
4.2 You will ensure that the representatives from your organisations providing the information for the Questionnaire have authority to do so.
4.3 You will permit us and our Authorised Representatives with access to the information required for the purpose of undertaking the Assessment.
4.4 You will not do or permit to be done anything that might damage the reputation or standing of the Cyber Essentials Scheme, IASME, NCSC or us.
4.5 You will comply with all reasonable directions made by us and IASME during the Cyber Essentials Services and during the period of Cyber Essentials Certification if successfully achieved.
4.6 If successful in gaining Cyber Essentials Certification, you will follow the Branding Guidelines provided by IASME in your use of the Certification Essentials Certification Mark.
4.7 You agree to IASME and NCSC publishing your company name, certification level, and, if revenant, the scope of the Assessment if you are successful.
4.8 In accordance with IASME’s terms, you acknowledge that the Cyber Essentials Scheme is intended to reflect the fact that certified organisations have established the Security Controls only and that receipt of Cyber Essentials Certification does not indicate or certify or guarantee that your organisation is free from cyber security vulnerabilities.
5. PAYMENT
5.1 Payment of the Fee is required prior to commencement of the Certification Services, and is non-refundable.
5.2 The Fee is set out on the Website and includes the fees charged by IASME for the Assessment.
6. TERMINATION
6.1 Without limiting our other rights or remedies, we may terminate the Certification Services with immediate effect by giving written notice to the Customer if the Customer:
6.1.1 commits a material breach of any term of the Contract and (if such a breach is remediable) fails to remedy that breach within 14 days of that party being notified in writing to do so;
6.1.2 takes any step or action in connection with its entering administration, provisional liquidation or any composition or arrangement with its creditors (other than in relation to a solvent restructuring), obtaining a moratorium, being wound up (whether voluntarily or by order of the court, unless for the purpose of a solvent restructuring), having a receiver appointed to any of its assets or ceasing to carry on business;
6.1.3 suspends, threatens to suspend, ceases or threatens to cease to carry on all or a substantial part of its business; or
6.1.4 financial position deteriorates so far as to reasonably justify the opinion that its ability to give effect to these Terms is in jeopardy.
6.2 Without limiting its other rights or remedies, we may suspend provision of the Certification Services under these Terms if the Customer becomes subject to any of the events listed in clause 6.1.2 to clause 6.1.4, or we reasonably believes that the Customer is about to become subject to any of them, or if the Customer fails to pay
any amount due under these Terms on the due date for payment.
6.3 Without limiting its other rights or remedies, we may terminate the Certification Services with immediate effect by giving written notice to the Customer if the Customer fails to pay any amount due under these Terms on the due date for payment.
6.4 On termination of the Certification Services for any reason the Customer shall immediately pay to us all of our outstanding unpaid invoices and interest and, in respect of the Certification Services supplied but for which no invoice has been submitted, we shall submit an invoice, which shall be payable by the Customer
immediately on receipt.
6.5 Termination of the Certification Services, however arising, shall not affect any of the parties’ rights and remedies that have accrued as at termination or expiry, including the right to claim damages in respect of any breach of these Terms which existed at or before the date of termination.
6.6 Any provision of these Terms that expressly or by implication is intended to come into or continue in force on or after termination or expiry of the Certification Services shall remain in full force and effect.
6.7 The termination provisions in IASME’s terms apply in relation to revocation of the Cyber Essentials Certification.
7. CONFIDENTIALITY
7.1 Each party undertakes that it shall not at any time disclose to any person any confidential information concerning the business, assets, affairs, customers, clients or suppliers of the other party, except as permitted by clause 7.2.
7.2 Each party may disclose the other party’s confidential information:
7.2.1 to its employees, officers, representatives, contractors, subcontractors or advisers who need to know such information for the purposes of exercising the party’s rights or carrying out its obligations under these Terms. Each party shall ensure that its employees, officers, representatives, contractors, subcontractors or advisers to whom it discloses the other party’s confidential information comply with this clause; and
7.2.2 as may be required by law, a court of competent jurisdiction or any governmental or regulatory authority.
7.3 Neither party shall use the other party’s confidential information for any purpose other than to exercise its rights and perform its obligations under or in connection with these Terms.
8. DATA PROTECTION
For the purpose of Data Protection Legislation, we are a Data Controller of personal data which is processed in accordance with our Privacy Policy.
9. LIMITATION OF LIABILITY
Neither party limits any liability arising under these Terms which are not capable of limitation or exclusion by law.
10. CHANGES TO THESE TERMS
10.1 We may need to change these Terms to reflect changes in law or best practice or to deal with additional features which we introduce.
10.2 If you do not accept the changes you may not be permitted to continue to use the Certification Services.
11. NO AGENCY OR PARTNERSHIP
11.1 Nothing in these Terms is intended to, or shall be deemed to, establish any partnership or joint venture between any of the parties, constitute any party the agent of another party, nor authorise any party to make or enter into any commitments for or on behalf of any other party.
11.2 Each party confirms it is acting on its own behalf and not for the benefit of any other person.
12. NO RIGHTS FOR THIRD PARTIES
These Terms do not give rise to any rights under the Contracts (Rights of Third Parties) Act 1999 to enforce any term of these Terms.
13. SEVERANCE
13.1 If any provision or part-provision of these Terms is or becomes invalid, illegal or unenforceable, it shall be deemed deleted, but that shall not affect the validity and enforceability of the rest of these Terms.
13.2 If any provision or part-provision of these is deemed deleted under clause 13.1 the parties shall negotiate in good faith to agree a replacement provision that, to the greatest extent possible, achieves the intended commercial result of the original provision.
14. WAIVER
14.1 Failure to exercise, or any delay in exercising, any right or remedy provided under these Terms or by law shall not constitute a waiver of that or any other right or remedy, nor shall it preclude or restrict any further exercise of that or any other right or remedy.
14.2 No single or partial exercise of any right or remedy provided under these Terms or by law shall preclude or restrict the further exercise of that or any other right or remedy.
15. NOTICE
15.1 A notice given to a party under or in connection with these Terms shall be in writing to the contract details as provided.
15.2 The following table sets out methods by which a notice may be sent and its corresponding deemed delivery date and time:
| Delivery method | Deemed delivery date and time |
| Pre-paid first class post or other next working day delivery service providing proof of postage. |
Midday on the second Business Day after posting or at the time recorded by the delivery service – whichever is earlier. |
| Email. | At the time of transmission if within Business Hours, otherwise at 10:00 on the next Business Day after transmission. |
15.3 This clause does not apply to the service of any proceedings or other documents in any legal action or, where applicable, any arbitration or other method of dispute resolution.
16. MULTI-TIERED DISPUTE RESOLUTION PROCEDURE
16.1 If a dispute arises out of or in connection with these terms or any part of it or the performance, validity or enforceability of the same (Dispute) then the parties shall follow the procedure set out in this clause:
16.1.1 either party shall give to the other written notice of the Dispute, setting out its nature and full particulars (Dispute Notice), together with relevant supporting documents. On service of the Dispute Notice, the Customer and the Certified Body shall attempt in good faith to resolve the Dispute;
16.1.2 if the Customer and the Certified Body are for any reason unable to resolve the Dispute within 15 days of service of the Dispute Notice, the Dispute shall be referred to the directors (or equivalent) of the Customer and Certified Body who shall attempt in good faith to resolve it; and
16.1.3 if the parties’ directors (or equivalent) are for any reason unable to resolve the Dispute within 15 days of it being referred to them, the parties will attempt to settle it by mediation and the parties must agree on a mediator within 15 days. To initiate the mediation, a party must serve notice in writing (ADR notice) to the other party to the Dispute, requesting mediation. The mediation will start not later than 90 days after the date of the ADR notice.
16.2 The commencement of mediation shall not prevent the parties commencing or continuing court proceedings in relation to the Dispute under clause 17 which shall apply at all times.
17. GOVERNING LAW AND JURISDICTION
The validity, construction and performance of these Terms shall be governed by English law and shall be subject to the exclusive jurisdiction of the English courts.