Important : please read this carefully before accepting.


In these conditions, the following words and expressions have the meanings set out below.
(whether registered or unregistered), trade secrets and all other similar rights of ownership.


Self Assessment, Questionnaire, DIY, assessment, Test – your Cyber Essentials Assessment (online, hard copy or Onsite).

We, us, our, assessors – Ascent Cyber (and anyone who takes over our business), whose registered office address is 272 Bath Street, Glasgow, United Kingdom, G2 4JR.

Certification Body – ID Cyber Solutions (and anyone who takes over their business), whose registered office address is 29 Eagle Street, Glasgow, Scotland, UK, G4 9XA.

You, your – the person or organisation named as the client on the client application form.

The cyber essentials scheme is owned by HM Government (the authority), QG Management is the accreditation body, ID Cyber Solutions are the certification body and Ascent Cyber are the assessors.

This agreement is intended to govern the relationship between the assessors and you under which you wish to apply for certification under the scheme. The assessment for certification will be carried out only on the basis that you have paid the fees and that you accept the terms and conditions of this agreement in full. Your assessment account will remain live for 12 months and will be closed after this time. If you have not submitted your assessment within 12 months we are under no obligation to carry out an assessment and no refund will be paid.

If you are accepting on behalf of a corporate body, you represent to us that you are doing so as an authorised representative of that corporate body. If you are not so authorised nor deemed by law to have such authority, then you assume sole personal liability for the obligations set out in this agreement.

If you do not accept all of the terms of this agreement you must not purchase any services or move on to the assessment and not download, copy or use the marks or claim to be certified under the scheme. You should also destroy any unlicensed copies of the marks or other materials under the scheme which might be in your possession.


1.1 We will, upon receipt of the Fees, allow you to complete your Assessment within 12 months of date of application and will, subject to you meeting your obligations under this Agreement, assess your completed Questionnaire against the Scheme’s criteria. If you have not submitted your assessment within 12 months this agreement is terminated and no refund will be paid to you.

1.2 We will perform the assessment using reasonable skill and care.

1.3 In the event that your Assessment meets the Scheme criteria (which we shall assess at our sole and absolute discretion) we will notify you by phone or by email and, subject to you meeting your obligations under clause 2, will arrange for the issue of a Scheme Certificate to you.

1.4 In the event that your Questionnaire does not meet the Scheme criteria (which we shall assess at our sole and absolute discretion). We will re assess against the Scheme profile any changes to your assessment that you notify to us or which otherwise come to our attention within 14 Days for the time we notify you that you do not meet the Scheme criteria. If we have not heard from you within 14 Days, you must pay the relevant re-test fee and resubmit the assessment.

1.5 In the event that your Questionnaire does not meet the Scheme criteria (which we shall assess at our sole and absolute discretion) for a second time, you must pay the relevant re-test fee and resubmit the assessment. Alternatively, we may offer (at our sole and absolute discretion) an upgrade to the Guided Cyber Essentials service.


2.1 You will complete the Assessment Questionnaire accurately, fully and honestly.

2.2 You will not use the Marks or claim to be certified unless you are in receipt of a current, valid Scheme Certificate duly issued by the accreditation body or a certification body.

2.3 You will not make any derogatory statements about the Scheme or behave in any manner that would damage the reputation of the Scheme.

2.4 You acknowledge that the Scheme is intended to reflect that certificated organisations have themselves established the cyber security profile set out in the Scheme documents only and that receipt of a Scheme Certificate does not indicate or certify that the certificate holder is free from cyber security vulnerabilities. You acknowledge that we have not warranted or represented the Scheme or certification under the Scheme as conferring any additional benefit to you.

2.5 You will comply with the Scheme documentation and all reasonable directions made to you by the Authority, the accreditation body or certification body.


You must pay the Fees before the certification process can begin. The Fees are non -refundable.


You must pay the Renewal Fee and be reassessed at each anniversary of the issue of your original certificate. Non-payment of the Renewal Fee or non-compliance at the reassessment will result in the certificate becoming invalid.


The Scheme Profile details and methodology are confidential and you agree to keep them confidential save where disclosure is required by an order of the courts or tribunal or as required by HMRC and only in accordance with the terms of that order or requirement.


6.1 You warrant that the Scheme Questionnaire has been completed by an authorised and suitably competent person.

6.2 You warrant that you will maintain the Security Profile indicated in your completed Questionnaire.

6.3 You warrant that the Scheme Questionnaire you submit is complete and accurate in all material respects.


7.1 We do not accept any liability to you resulting from any security breach or vulnerability in your systems or processes.

7.2 Without prejudice to the generality of clause 7.1, we shall not be liable to you whether in contract, tort including negligence) for breach of statutory duty or otherwise arising under or in connection with this agreement for:-

(a) loss of profits;
(b) loss of sales or business;
(c) loss of agreements or contracts;
(d) loss of anticipated savings;
(e) loss of or damage to goodwill;
(f) loss of use or corruption of software, data or information;
(g) any indirect or consequential loss.


7.3 The terms implied by sections 3 to 5 of the Supply of Goods and Services Act 1982 are, to the fullest extent permitted by law, excluded from this agreement.

7.4 The limitations and exclusions on liability in this section will not apply to any liability for death or personal injury caused by our negligence, for fraud or fraudulent misrepresentation or for any other liability that cannot lawfully be excluded or limited.

7.5 Subject to clause 7.4, the total limit of our liability to you whether in contract or tort is the sum equivalent to the Fees that you have paid to us in the 12 months preceding the date of your claim against us.


8.1 We may terminate the certification process at any stage without notice to you in the event that you are in breach of any of your obligations under this agreement.


Any dispute regarding this agreement shall first be discussed between us with a view to resolving it promptly. If it cannot be resolved within 28 days then you and we hereby agree that will be referred for alternative dispute resolution by an appropriate mediation practitioner who is a member of and subject to the rules of the Chartered Institute of Arbitrators.


This agreement will be governed by Scottish Law or English Law dependent where the company is registered. When a company is based out with the UK the agreement will be governed by Scottish Law.


The following personal data is collected, held, and processed by Ascent Cyber:

Data type: Customer Name
Purpose: To identify a Contact

Data type: Customer Email address
Purpose: As above and to contact for purposes of notifications about their Cyber Essentials assessment and renewal

Data type: Customer Orders
Purpose: We record the time and IP address of every order so that we have a data trail of access to the system.

Data type: Customer Company Name and Address
Purpose: To identify a company in the system

Data type: Customer Phone Number
Purpose: To contact for purposes of notifications about their Cyber Essentials assessment and renewal

3rd Party Access

Your data will only be passed to a 3rd parties when it is needed to preform and complete the contract that has been entered into. eg, Cyber Essentials Assessment and Certification

3rd parties include but are not limited to: The Certification Body, The Accreditation Body, The National Cyber Security Centre, our Cyber Essentials Assessors, our Service Partners and your IT Support Company.

For more details on data protection, please visit our Data Protection Policy