Cyber Essentials Certification Terms and Conditions
Important: Please read these carefully before accepting as they form part of the contract between you and Shonsys Limited.
1.1 The definitions and rules of interpretation in this clause apply to these Terms.
We: refers to Shonsys Limited, whose registered office address is Gyleview House, 3 Redheughs Rigg, Edinburgh, EH12 9DQ, Scotland, UK. “Us” and “Our” shall be interpreted accordingly.
You: refers to the application organisation seeking certification under the Scheme. “Yours” and “Your” shall be interpreted accordingly.
Scheme: Cyber Essentials is owned by NCSC and managed for NCSC by IASME Consortium Limited.
Scheme Controls: refers to the technical controls described in the Cyber Essentials Requirements for IT infrastructure (https://www.ncsc.gov.uk/files/Cyber-Essentials-Requirements-for-IT-infrastructure-2-1.pdf)
Questionnaire: refers to the self-assessment questionnaire by which You will describe how you implement the Scheme Controls.
Contract: the contract between you and us for the supply of Services in accordance with these Terms.
Services: the services that we are providing to you on these Terms.
Terms: the terms and conditions set out in this document.
writing or written: includes email.
1.2 The headings do not affect the interpretation of these Terms.
1.3 A person includes a natural person, corporate or unincorporated body (whether or not having separate legal responsibility).
1.4 A reference to a particular law is a reference to it as it is in force for the time being taking account of any amendment, extension, or re-enactment and includes any subordinate legislation for the time being in force made under it.
1.5 Unless the context otherwise requires, words in the singular include the plural and in the plural include the singular.
2. BASIS OF AGREEMENT
2.1 These Terms constitute the entire agreement between you and us. You acknowledge that you have not relied on any statement, promise or representation made or given by or on behalf of us that is not set out in these Terms.
2.2 These Terms shall become binding on you and us and a contract shall be formed between us upon you instructing us to commence work in relation to the Services (whether in writing, (including by email) or orally), whichever is the earlier.
2.3 These Terms take precedence over any other terms and conditions (including your own terms of business) and any course of dealing or industry practice.
3. THE SERVICES
3.1 We shall provide the Services with all due care, skill and ability and shall use our reasonable endeavours to meet any timescales but these dates are estimates only and if we fail to meet these dates you shall not have any legal rights in relation to this.
3.2 We shall provide the following Services to you:
(a) We will upon receipt of the Fees give you access to a Scheme self-assessment Questionnaire and will, subject to You meeting Your obligations under this agreement, assess the completed Questionnaire in accordance with the Scheme Controls;
(b) You must complete and submit the Questionnaire to Us within 6 months of our sending You the Scheme Questionnaire form. Any Questionnaire submitted after that date will not be assessed and no refund of the Fees will be due or payable to You;
(c) We will notify You of the results of our assessment as soon as reasonably practicable after completing its assessment;
(d) If You are successful, We will issue You with a Scheme Certificate (valid for 12 months from the date of issue);
(e) We will perform the assessment with reasonable skill and care but the results are made entirely at Our sole and absolute discretion;
(f) If You are unsuccessful in your first assessment attempt We will carry out one further assessment free of any additional charge provided that your resubmission is made within 48 hours of receipt of our notice that Your first assessment attempt has failed. Any further assessment attempts will be charged as a new application.
4. YOUR OBLIGATIONS
4.1 You warrant and represent that
(a) Your submitted Questionnaire is complete and accurate in all material respects and has been completed honestly and in good faith;
(b) Your Scheme Questionnaire has been completed and signed by an authorised and suitably competent person of suitable seniority within Your organisation;
(c) You will not do or permit to be done anything that might damage the reputation or standing of the Scheme, Us or NCSC;
(d) You will cooperate with Us and our permitted agents and advisers in the management and auditing of the Scheme and will in particular provide Us with access to Your records, personnel and premises for the purposes of auditing Your compliance with the terms of this agreement.
4.2 You acknowledge that the Scheme is intended to reflect the fact that certified organisations have themselves established the Security Controls set out in the Cyber Essentials Requirements for IT Infrastructure only and that receipt of a Certificate does not indicate or certify or guarantee that Your organisation is free from cyber security vulnerabilities. You acknowledge and accept that We have not warranted or represented the Scheme or certification under the Scheme as conferring any additional benefit to You.
4.3 You will comply with the Scheme Documentation and all reasonable directions made to You by Us.
4.4 You will follow the Branding Guidelines in your use of the Cyber Essentials Certification.
5.1 You will pay the Fee in accordance with the published fee scale. The Fees are non-refundable.
6.1 We acknowledge that we will have access to confidential information about your business, your suppliers and your customers in the course of providing the Services. We shall not use or disclose to any third party any such confidential information, except where we need to in order to properly perform the Services.
6.2 You will keep strictly confidential all information about our business, our suppliers and our customers.
6.3 The restrictions in clauses 6.1 and 6.2 do not apply to:
(a) any use or disclosure required by law;
(b) any disclosure authorised by the party who owns the confidential information; or
(c) any information which is already public knowledge (otherwise than through unauthorised disclosure by the party to whom the information does not relate).
7.1 Both Parties will comply with their respective obligations under the Data Protection Act 2018 and the General Data Protection Regulation (GDPR).
7.2 You consent to our holding and processing data relating to you for [legal, personnel, administrative, management and marketing purposes].
7.3 You shall hold Us harmless from and against any and all claims (including reasonable and properly incurred costs and expenses) made against Us by an individual arising as a result of any loss, unauthorised disclosure of or unauthorised access to any Personal Data by the You or any of Your staff in relation to this Agreement or the Scheme.
7.4 You consent to our making such information available to those who provide products or services to us such as advisers, regulatory authorities, governmental or quasi-governmental organisations and potential purchasers of us or any part of our business.
7.5 The provisions of this Clause 7 shall apply during the continuance of this Agreement and for twelve months after the expiry or termination of this Agreement.
8. LIMITATION OF LIABILITY
8.1 We do not accept any liability to You resulting from any security breach or vulnerability in Your systems or processes either during the assessment or subsequently.
8.2 Other than (i) liability for death or personal injury to any person caused by our negligence, (ii) liability for any fraud or fraudulent misrepresentation made by us or (iii) liability for any other matter which we may not legally exclude or limit, we exclude all liability for any loss or damage suffered by you resulting from the Contract (including all consequential loss or damage howsoever caused and whether or not this was in your or our reasonable contemplation and including any loss or damage suffered by you as a result of advice or opinions given by us or by any of our employees, agents, consultants or subcontractors).
8.3 In the event that we are found liable to you for any loss or damage, this liability shall be limited to the amount of any fees you paid to us in accordance with these Terms in the 12 months preceding the date on which any claim is made.
8.4 If we are prevented from or delayed in performing our obligations by your act or omission or by any circumstance outside of our control, we shall not be liable for any costs, charges or losses incurred by you that arise from such prevention or delay.
8.5 All warranties, conditions and other terms implied by statute or common law are, to the fullest extent permitted by law, excluded from these Terms
8.6 This clause 8 shall survive termination of the Contract.
9.1 We may terminate the certification process at any stage without notice to you in the event that you are in breach of any of your obligations under this agreement.
9.2 We will not be obliged to return any Fee or other payment You have made in connection with the assessment that we terminate.
9.3 Termination of the assessment will not prohibit Us from enforcing our other rights under this Agreement.
10. DISPUTE RESOLUTION
Any dispute regarding this agreement shall first be discussed between us with a view to resolving it promptly. If it cannot be resolved within 28 days then you and we hereby agree that will be referred for alternative dispute resolution by an appropriate mediation practitioner who is a member of and subject to the rules of the Chartered Institute of Arbitrators.
11.1 If any court or competent authority decides that any of the provisions of these Terms are invalid, unlawful or unenforceable to any extent, the term will, to that extent only, be severed from the remaining terms, which will continue to be valid to the fullest extent permitted by law.
11.2 If we delay in exercising any rights under these Terms or by law, that shall not constitute a waiver of such right or prevent us from exercising that right at a later date.
11.3 We may vary these Terms at any time (other than in relation to the fee to be charged).
11.4 A person who is not party to these Terms shall not have any rights under or in connection with them under the Contracts (Rights of Third Parties) Act 1999.
11.5 These Terms and any dispute or claim arising out of or in connection with them or their subject matter or formation (including non-contractual disputes or claims) shall be governed by Scottish law and we both agree to the exclusive jurisdiction of the Scottish courts.
11.6 Nothing in this clause shall limit Our right to take proceedings against You in any other court of competent jurisdiction, nor shall the taking of proceedings in any one or more jurisdictions preclude the taking of proceedings in any other jurisdictions, whether concurrently or not, to the extent permitted by the law of such other jurisdiction.