Cyber Essentials & Cyber Essentials Plus
Self-assessment Scheme Terms

Your attention is particularly drawn to the provisions of clause 13 (limitation of liability).

  1. ABOUT US

    1. Company details. We are Strategic Network Consulting Limited (trading as Method IT) (company number 03372355) (we and us. Our VAT number is GB 696 8091 75. We operate the website www.method-it.co.uk.
    2. Contacting us. To contact us, telephone our customer service team at 0345 521 6111 or email us at enquiries@method-it.co.uk. How to give us formal notice of any matter under the Contract is set out in clause 14.2.

  2. OUR CONTRACT WITH YOU

    1. Our contract. These terms and conditions (Terms) apply to the order by you and supply of Access Services by us to you (Contract). They apply to the exclusion of any other terms that you seek to impose or incorporate, or which are implied by law, trade custom, practice or course of dealing.
    2. Entire agreement. The Contract is the entire agreement between you and us in relation to its subject matter. You acknowledge that you have not relied on any statement, promise or representation or assurance or warranty that is not set out in the Contract.

  3. PLACING AN ORDER AND ITS ACCEPTANCE

    1. Placing your order. Please follow the onscreen prompts to place your order. You may only submit an order using the method set out on the site. Each order is an offer by you to buy Access Services subject to these Terms.
    2. Correcting input errors. Our order process allows you to check and amend any errors before submitting your order to us. Please check the order carefully before confirming it. You are responsible for ensuring that your order is complete and accurate.
    3. Acknowledging receipt of your order. After you place your order, you will receive an email from us acknowledging that we have received it, but please note that this does not mean that your order has been accepted. Our acceptance of your order will take place as described in clause 3.4.
    4. Accepting your order. Our acceptance of your order takes place when we send an email to you to accept it (Order Confirmation), at which point and on which date he Contract between you and us will come into existence.
    5. If we cannot accept your order. If we are unable to supply you with the Access Services for any reason, we will inform you of this by email and we will not process your order. If you have already paid for the Access Services, we will refund you the full amount.

  4. OUR SERVICES

    1. Scheme. Cyber Essentials and Cyber Essentials Plus (individually and together referred to as the Scheme) are owned by NCSC and managed for NCSC by IASME Consortium Limited (IASME).
    2. Services. We are authorised to provide you with access to a Scheme self- assessment Questionnaire under our agreement with IASME. Once you have paid the Charges and subject to you complying with the terms of this Contract we will provide you with login details to the online portal maintained by IASME (Portal) for the purposes of you completing the Scheme self-assessment Questionnaire (Access Services).
    3. Questionnaire. Once you have accessed the Portal you will be required to complete the self-assessment questionnaire by which you will describe how you implement the technical controls described in the Cyber Essentials Requirements for IT Infrastructure (https://www.ncsc.gov.uk/files/Cyber-Essentials-Requirements-for-Infrastructure-v3-1-April-2023.pdf as updated from time to time)(Questionnaire). You are solely responsible for completion of the Questionnaire within 6 months of our providing you with access to the Portal. Any Questionnaire submitted after that date will not be assessed by IASME and no refund of the Charges will be due or payable to you.
    4. Certification. IASME will review your Questionnaire and are responsible to you for assessing your compliance with the Scheme requirements. If you are successful IASME will issue you with a certificate valid for 12 months from the date of issue. If you are unsuccessful you will have two working days to make any adjustments that are needed to obtain certification (in accordance with the requirements of IASME). If you fail to obtain certification following the second attempt or you take longer than 2 days to resubmit your answers you will be required to pay the assessment fee again.
    5. Exclusions. We will not provide you with any additional or ancillary consultancy services nor will we aid or assist you in completing the Questionnaire or provide any other form of support unless we have otherwise agreed to do so in writing (Consultancy Services). Where we have agreed to provide you with Consultancy Services you will be required to enter into a separate agreement with us and pay our fees. Please contact us using the above details if you require these services.
    6. Time for performance. We will use all reasonable endeavours to meet any performance dates specified in the Order Confirmation, but any such dates are estimates only and failure to perform the Access Services by such dates will not give you the right to terminate the Contract.
    7. Portal. You acknowledge that the Portal is owned and operated by IASME. We have no control over the data you input into the Portal, nor are we responsible to you for any loss, corruption of data, data breach or other liability connected to or arising from your use of the Portal. Any such use is at your own risk.

  5. YOUR OBLIGATIONS

    1. It is your responsibility to ensure that:
      1. the terms of your order are complete and accurate;
      2. you cooperate with us, our agents and IASME in all matters relating to the Access Services and the Scheme;
      3. you comply with all documentation relevant to the Scheme made available by IASME or NCSC;
      4. you provide us with such information and materials we may reasonably require in order to supply the Access Services, and ensure that such information is complete and accurate in all material respects; and
      5. your submitted Questionnaire: (i) is complete and accurate in all material respects and has been completed honestly and in good faith; and (ii) has been completed and signed by an authorised and suitably competent person of suitable seniority within your organisation; and
      6. you comply with the requirements of the Scheme and any additional terms applicable to your use of the Portal, the self-assessment process and submitting your Questionnaire.
    2. You will not do or permit to be done anything that might damage the reputation or standing of the Scheme, IASME, NCSC or us.
    3. Third parties or publicly available sources. We will receive personal data about you from various third parties and public sources as set out in this Policy.
    4. You acknowledge that, under the terms of this Contract, we do not provide you with any licence or authority to use any Scheme branding (including any marks awarded to organisations that successfully certify to the Scheme). You may only use such branding or marks in accordance with the brand guidelines made available by NCSC (as updated from time to time).
    5. If our ability to perform the Access Services is prevented or delayed by any failure by you to fulfil any obligation listed in clause 5.1 (Your Default):
      1. we will be entitled to suspend performance of the Access Services until you remedy Your Default, and to rely on Your Default to relieve us from the performance of the Access Services, in each case to the extent Your Default prevents or delays performance of the Access Services. In certain circumstances Your Default may entitle us to terminate the Contract under clause 12 (Termination);
      2. we will not be responsible for any costs or losses you sustain or incur arising directly or indirectly from our failure or delay to perform the Access Services; and
      3. it will be your responsibility to reimburse us on written demand for any costs or losses we sustain or incur arising directly or indirectly from Your Default.

  6. CHARGES

    1. In consideration of us providing the Access Services you must pay our charges (Charges) in accordance with this clause 6.
    2. The Charges are the prices quoted on our site at the time you submit your order.
    3. If you require additional certificates (due to a change in company name or address or to correct an error on the original certificate) the Charges for obtaining these are set out on our website.
    4. If you fail to obtain certification, subsequent payments for further assessments will be charged as a new application and subject to further payment of the Charges.
    5. We take all reasonable care to ensure that the prices stated for the Access Services are correct at the time when the relevant information was entered into the system. However, please see clause 6.7 for what happens if we discover an error in the price of the Access Services you ordered.
    6. Our Charges may change from time to time, but changes will not affect any order you have already placed.
    7. We will not issue any refunds for Charges paid, save as determined in our absolute discretion.
    8. Our Charges are exclusive of VAT. Where VAT is payable in respect of some or all of the Access Services you must pay us such additional amounts in respect of VAT, at the applicable rate, at the same time as you pay the Charges.
    9. It is always possible that, despite our reasonable efforts, some of the Access Services on our site may be incorrectly priced. If the correct price for the Access Services is higher than the price stated on our site, we will contact you as soon as possible to inform you of this error and we will give you the option of continuing to purchase the Access Services at the correct price or cancelling your order. We will not process your order until we have your instructions. If we are unable to contact you using the contact details you provided during the order process, we will treat the order as cancelled and notify you in writing. However, if we mistakenly accept and process your order where a pricing error is obvious and unmistakeable and could reasonably have been recognised by you as a mispricing, we may cancel supply of the Access Services and refund you any sums you have paid.

  7. HOW TO PAY

    1. Payment for the Access Services is in advance. We will take your payment upon acceptance of your order.
    2. You can pay for the Access Services using:
      1. a debit card or credit card. We accept the following cards: Visa, MasterCard and American Express
      2. direct bank transfer;

  8. INTELLECTUAL PROPERTY RIGHTS

    1. All intellectual property rights in or arising out of or in connection with the Access Services will be owned by us or our third-party licensors (including IASME or NCSC).

  9. HOW WE MAY USE YOUR PERSONAL INFORMATION

    1. We will use any personal information you provide to us to:
      1. provide the Access Services;
      2. process your payment for the Access Services; and
      3. inform you about similar products or services that we provide, but you may stop receiving these at any time by contacting us.
    2. We will process your personal information in accordance with our privacy policy which can be found at www.method-it.co.uk/privacy-policy, the terms of which are incorporated into this Contract.

  10. LIMITATION OF LIABILITY: YOUR ATTENTION IS PARTICULARLY DRAWN TO THIS CLAUSE.

    1. Nothing in the Contract limits any liability which cannot legally be limited, including liability for:
      1. death or personal injury caused by negligence;
      2. fraud or fraudulent misrepresentation; and
      3. breach of the terms implied by section 2 of the Supply of Goods and Services Act 1982 (title and quiet possession).
    2. Subject to clause 10.1, we will not be liable to you, whether in contract, tort (including negligence), for breach of statutory duty, or otherwise, arising under or in connection with the Contract for:
      1. loss of profits;
      2. loss of sales or business;
      3. loss of agreements or contracts;
      4. loss of anticipated savings;
      5. loss of use or corruption of software, data or information;
      6. loss of or damage to goodwill; and
      7. any indirect or consequential loss.
    3. Subject to clause 10.1, our total liability to you arising under or in connection with the Contract, whether in contract, tort (including negligence), breach of statutory duty, or otherwise, will be limited to 100% of the total Charges paid under the Contract.
    4. The terms implied by sections 3, 4 and 5 of the Supply of Goods and Services Act 1982 are, to the fullest extent permitted by law, excluded from the Contract.
    5. We are not liable to you for any loss arising from or in connection with:
      1. your use of the Portal;
      2. the certification services and self-assessment process;
      3. the security controls you have applied or stated to have applied;
      4. use of your confidential information by a third party to whom you have provided that information;
      5. any actions taken by IASME or NCSC; or
      6. failure of our payment processing provider.
    6. This clause 10 will survive termination of the Contract.

  11. CONFIDENTIALITY

    1. We each undertake that we will not at any time during the Contract, and for a period of two years after termination of the Contract, disclose to any person any confidential information concerning one another's business, affairs, customers, clients or suppliers, except as permitted by clause 11.2.
    2. We each may disclose the other's confidential information:
      1. for the purposes of performing, managing or reviewing the assessment and for the purposes of the effective management, supervision and development of the Scheme;
      2. to such of our respective employees, officers, representatives, subcontractors or advisers who need to know such information for the purposes of exercising our respective rights or carrying out our respective obligations under the Contract. We will each ensure that such employees, officers, representatives, subcontractors or advisers comply with this clause 11; and
      3. as may be required by law, a court of competent jurisdiction or any governmental or regulatory authority.
    3. You agree that the name of your company and, if relevant, the scope of the assessment if you are awarded certification may be published by IASME. You also agree to the UK Government publishing the details of your organization and the level of certification held on the IASME website and on NCSC’s website.
    4. Each of us may only use the other's confidential information for the purpose of fulfilling our respective obligations under the Contract.

  12. TERMINATION, CONSEQUENCES OF TERMINATION AND SURVIVAL

    1. Termination. Without limiting any of our other rights, we may suspend the performance of the Access Services, or terminate the Contract with immediate effect by giving written notice to you if:
      1. you commit a material breach of any term of the Contract and (if such a breach is remediable) fail to remedy that breach within 14 days of you being notified in writing to do so;
      2. you fail to pay any amount due under the Contract on the due date for payment;
      3. you suspend, threaten to suspend, cease or threaten to cease to carry on all or a substantial part of your business; or
      4. your financial position deteriorates to such an extent that in our opinion your capability to adequately fulfil your obligations under the Contract has been placed in jeopardy.
    2. Consequences. on termination of this Contract you may make no further use of the Access Services and shall pay the Charges that are outstanding as at the date of termination.
    3. Survival. Any provision of the Contract that expressly or by implication is intended to come into or continue in force on or after termination will remain in full force and effect.

  13. EVENTS OUTSIDE OUR CONTROL

    1. We will not be liable or responsible for any failure to perform, or delay in performance of, any of our obligations under the Contract that is caused by any act or event beyond our reasonable control (Event Outside Our Control).
    2. If an Event Outside Our Control takes place that affects the performance of our obligations under the Contract:
      1. we will contact you as soon as reasonably possible to notify you; and
      2. our obligations under the Contract will be suspended and the time for performance of our obligations will be extended for the duration of the Event Outside Our Control. We will arrange a new date for performance of the Access Services with you after the Event Outside Our Control is over.
    3. You may cancel the Contract affected by an Event Outside Our Control which has continued for more than 30 days. To cancel please contact us. If you opt to cancel we will refund the price you have paid, less the charges reasonably and actually incurred us by in performing the Access Services up to the date of the occurrence of the Event Outside Our Control.

  14. COMMUNICATIONS BETWEEN US

    1. When we refer to "in writing" in these Terms, this includes email.
    2. Any notice or other communication given by one of us to the other under or in connection with the Contract must be in writing and be delivered personally, sent by email.
    3. A notice or other communication is deemed to have been received, if sent by email, at 9.00 am the next working day after transmission.
    4. In proving the service of any notice, it will be sufficient to prove, in the case of an email, that such email was sent to the specified email address of the addressee.
    5. The provisions of this clause will not apply to the service of any proceedings or other documents in any legal action.

  15. GENERAL

    1. Assignment and transfer
      1. We may assign or transfer our rights and obligations under the Contract to another entity.
      2. You may only assign or transfer your rights or your obligations under the Contract to another person if we agree in writing.
    2. Variation. Any variation of the Contract only has effect if it is in writing and signed by you and us (or our respective authorised representatives).
    3. Waiver. If we do not insist that you perform any of your obligations under the Contract, or if we do not enforce our rights against you, or if we delay in doing so, that will not mean that we have waived our rights against you or that you do not have to comply with those obligations. If we do waive any rights, we will only do so in writing, and that will not mean that we will automatically waive any right related to any later default by you.
    4. Severance. Each paragraph of these Terms operates separately. If any court or relevant authority decides that any of them is unlawful or unenforceable, the remaining paragraphs will remain in full force and effect.
    5. Third party rights. The Contract is between you and us. No other person has any rights to enforce any of its terms.
    6. Governing law and jurisdiction. The Contract is governed by English law and we each irrevocably agree to submit all disputes arising out of or in connection with the Contract to the exclusive jurisdiction of the English courts.