top of page
Delta_Logo_Light__portrait_-removebg-preview_edited.png

Terms and Conditions

​LAST UPDATED: MARCH 2026
 

Part A – General Terms and Conditions
1. INTERPRETATION AND DEFINITIONS
1.1. These Conditions incorporate the subsequent definitions and guidelines for interpretation: 
Charges: Refers to the fees for the Goods and/or Services as outlined in the Supplier's quotation or relevant Statement of Works. 
Conditions: The terms herein, subject to modifications per condition 16.1. 
Contract: The agreement between the Supplier and the Customer for the purchase of Goods and/or Services, in accordance with these Conditions. 
Customer: The individual, entity, or organisation that purchases Goods or Services from the Supplier. 
Customer Equipment: Any equipment, systems, or facilities offered by the Customer in order to be utilised either directly or indirectly in providing the Services. 
Deliverables: All outputs created or furnished by the Supplier concerning the Services in any format, as mutually agreed upon in written form by the Supplier and the Customer. 
GDPR: The General Data Protection Regulation is a European Union regulation relating to Information privacy in the European Union and the European Economic Area, incorporated within the UK Data Protection Legislation since 2018. 
Goods: The hardware, software, licenses, and any third party delivered support (when applicable) furnished or committed to be furnished by the Supplier to the Customer. 
Input Material: All records, data, and materials submitted by the Customer pertaining to the Services, encompassing computer programs, reports, documents and specifications. 
Intellectual Property Rights: All aspects of intellectual property encompassing patents, rights to inventions, utility models, copyrights, trade and service marks, business and domain names, rights related to trade dress, goodwill rights, rights to legal action against passing off, protections against unfair competition, design rights, software rights, database rights, rights over topographies, moral rights, rights to confidential information including knowledge and trade secrets whether directly disclosed or not, along with any other forms of registered or unregistered intellectual property rights, including applications, renewals, and extensions thereof. This encompasses analogous or comparable rights and protective measures in any jurisdiction globally. 
Order: The order placed by the Customer for Goods and/or Services, as presented in the Customer's purchase order or the Customer's approval (whether via verbal or written) of the Supplier's quotation, as relevant 
Pre-existing Materials: Any materials (including computer programs, data, reports, and specifications) made available by the Supplier that are pre-existing before the commencement of the Contract. 
Security Testing Services or Security Consulting Services: The security consultation or testing services detailed in the relevant Statement of Works. 
Services: The services the Supplier is to deliver according to the Contract, which could encompass those related to Infrastructure, Security Testing or Consulting. These services are subject to any supplementary specific terms and conditions laid out in the relevant Statement of Work. 
Statement of Works: The Statement of Work that has been finalised and accepted by all involved parties. 
Supplier: Delta Cyber Security Ltd, a company incorporated under the Companies Act 2006 in England and Wales, with company registration number 15039633. 
Supplier's Equipment: Any equipment furnished by the Supplier and employed either directly or indirectly in delivering the Services, except for instances covered by a distinct agreement between the parties wherein ownership is transferred to the Customer. 
Supplier’s IPR: Refers to any Intellectual Property Rights generated by the Supplier throughout the Contract's duration, yet unrelated to Services or Deliverables. 
UK Data Protection Legislation: relates to any applicable legislation as it relates to data protection within the United Kingdom. Such as; the General Data Protection Regulation (EU 2016 679), the Data Protection Act (2018), the Data Protection Directive (95 46 EC), the Telecommunications (Lawful Business Practice) (Interception of Communications) Regulations (2000), the Regulation of Investigatory Powers Act (2000), the Electronic Communications Data Protection Directive (2002 58 EC), the Privacy and Electronic Communications Regulations (2003) (SI 2426 2003) along with any relevant laws and regulations concerning the handling of Personal Data and privacy, to include where appropriate, the advice and codes of practice provided by the Information Commissioner. 
1.2. The titles in these Conditions will not impact the interpretation. 
1.3. Within these Conditions, terms that imply a specific gender also encompass all genders, terms that indicate the singular form also pertain to the plural form, and the term "persons" covers partnerships, companies, and corporations, and vice versa. 
1.4. When the Customer is procuring any Services, the relevant Statement of Work shall be integrated into these Conditions, as appropriate. The mention of these Conditions will also encompass the applicable Statement of Work. 
1.5. Any mentions of a statute or statutory provision pertain to its current state, considering any modifications, expansions, or re-enactments, and encompass any subordinate legislation presently enforced under said statute or statutory provision. 
1.6. Any words subsequent to phrases like include, in particular, or any comparable expression should be taken as examples and should not restrict the meaning of the words that come before such terms. 
 
2. IMPLEMENTATION OF TERMS
2.1. The Order represents a proposal from the Customer to buy the Goods and/or Services outlined in the relevant Statement of Work, subject to these Conditions 
The Supplier will only accept an Order from the Customer under the following conditions: 
2.1.1. Through a written acknowledgment provided and signed by the Supplier; or 
2.1.2. By the acceptance of both parties on a relevant Statement of Work; or 
2.1.3 upon the Supplier commencing the delivery of the Goods and/or Services (if occurring before), thereby establishing the commencement of the Contract. 
2.2 These Conditions will be relevant to and integrated into the Contract, taking precedence over any contradictory terms or conditions, whether encompassed, attached or cited in the Customer's Order, specification, or any other document provided by the Customer, or inferred through legal means, trade norms, customary practices, or established patterns of interaction. 
2.3 Quotations are non-binding for the Supplier and are presented with the understanding that a Contract will only be established in accordance with Conditions.  
2.3.1 A quotation remains valid for 14 days from its issuance date, unless it has been retracted by the Supplier prior to this point. 
2.4 Should there be any conflict or inconsistencies between a term within these Conditions and any provision in a Statement of Work, the provisions stated in the relevant Statement of Work will take precedence. 
2.5 Any explanatory content including drawings, samples or promotional material provided by the Supplier, as well as any depictions or representations of the Goods and/or Services found in the Supplier's brochures, catalogues or website, are offered or released solely to provide a general understanding of the described Services and/or Goods. These materials will not be considered as part of the Contract nor hold any contractual weight. 


3. INITIATION AND DURATION OF SERVICES
3.1 The Supplier will provide the Services outlined in the Contract to the Customer starting from the date indicated in the relevant Statement of Work. 
3.2 The provision of Services in accordance with a Contract will continue for the duration of the term detailed in the relevant Statement of Work or until the Supplier confirms the fulfilment of the applicable Services (subject to Conditions 7.9.2 and 14). 
4. PROVISION OF GOODS
4.1 Upon confirmation that the Services are ready to be Delivered, the Supplier will provide the Services to the Customer remotely or at a mutually agreed location, as applicable. 
4.2 Delivery of the Services will be deemed complete once the agreed Services have been made available to the Customer at the agreed delivery point, whether remote access or an agreed physical location. 
4.3 Responsibility and any associated risks relating to the Services transfer to the Customer upon successful delivery of the Services. 
4.4 Ownership of any Deliverables arising from the Services will transfer to the Customer only once the Supplier has received full payment for: 
4.4.1 The Services to which the Deliverables relate; 
4.4.2 Any additional services or deliverables supplied by the Supplier for which payment is outstanding; and 
4.4.3 Any other services or deliverables supplied by the Supplier for which payment has become due. 
4.5 Any prepaid time-based Services (e.g., professional services billed on a daily rate or allocated days) must be used within 12 months from the start of the Contract. Any unused time beyond this period will expire, and no reimbursement or credit will be provided for such unused Services unless specifically stated otherwise. 


5. RESPONSIBILITIES OF THE SUPPLIER
5.1 The Supplier will make all reasonable efforts to adhere to any performance or delivery dates outlined in the Contract, yet these dates should be considered approximations, and timely performance of the Services or delivery of the Goods shall not be a critical aspect. 
5.2 When delivering Services, the Supplier will exert reasonable efforts to provide said Services and to furnish the Deliverables to the Customer, aligning in substantial aspects with the relevant Statement of Work. 
5.3 The Supplier is authorised to implement any modifications to the Goods and/or Services that are necessary to adhere to applicable laws or safety regulations, or which do not significantly impact the fundamental nature or quality of the Goods and/or Services. 
 
6. RESPONSIBILITIES OF THE CUSTOMER
6.1 Concerning the Services, the Customer shall offer full co-operation with the supplier in all matters connected to the services and at no cost to the Supplier: 
6.1.1 Grant the Supplier access to the Customer's premises, office space, data, and additional facilities as necessitated by the Supplier. 
6.1.2 Furnish the Supplier with any necessary Input Material and other information promptly and ensure its accuracy in all aspects; 
6.1.3 The Customer is responsible for preparing and maintaining the relevant premises and any Customer Equipment necessary for the provision of Services. This includes identifying, managing, removing, and safely disposing of any hazardous materials on its premises in compliance with all applicable laws. 
6.1.4 Notify the Supplier of all pertinent health and safety regulations, along with any other sensible security prerequisites, that are applicable at any of the Customer's locations. 
6.1.5 Guarantee that all Customer Equipment is in satisfactory operational condition, appropriate for its intended use concerning the Services, and adheres to pertinent standards or requirements of the United Kingdom. 
6.1.6 Retain and uphold the Supplier's Equipment based on the Supplier's provided instructions, refraining from disposing of or using the Supplier's Equipment contrary to the Supplier's directives. 
6.1.7 Acquire and sustain all essential licenses and approvals, and adhere to all applicable laws concerning the Services, installation of Supplier's Equipment, utilisation of Input Material, and usage of Customer Equipment, to the extent that these licenses, consents, and laws pertain to the Customer's operations, facilities, personnel, and equipment. All these requirements should be met before the commencement date of the Services. 
6.2 The Supplier will not be held responsible for any expenses, fees, or damages endured or accrued by the Customer, whether directly or indirectly, due to such hindrance or delay, if the Supplier's fulfilment of its responsibilities under the Contract is impeded or postponed by any action or omission from the Customer, its representatives, subcontractors, advisors, or personnel. 
6.3 The Customer will be accountable for promptly settling to the Supplier, upon request, all expenses, fees, or damages incurred or sustained by the Supplier (inclusive of direct, indirect, or resulting losses, loss of profit, reputation damage, property loss or damage, as well as those stemming from injuries, fatalities, or the inability to deploy resources elsewhere), either directly or indirectly, owing to the Customer's fraud, negligence, failure to fulfil, or postponement in carrying out any obligations under the Contract. This is subject to the Supplier officially verifying such expenses, charges, and losses to the Customer in written form. 
6.4 The Customer shall cooperate fully with the Supplier in the provision of the Services and shall provide all information, assistance, access, and resources reasonably required by the Supplier to carry out the Cyber Essentials Plus assessment and any related services. 
6.5 The Customer is responsible for ensuring that all information, documentation, and responses supplied to the Supplier are complete, accurate, and not misleading. The Supplier shall not be liable for any delay, additional work, or failure to achieve certification arising from incomplete or inaccurate information provided by the Customer. 
6.6 The Customer shall, before the date of the scheduled assessment, complete all prerequisites, mandatory controls, preparatory actions, and technical implementations as set out in the DCS Audit Guide or otherwise notified to the Customer in writing. This includes, but is not limited to: 
a) Installing and configuring required tools and software; 
b) Ensuring relevant systems and devices are available and operational; 
c) Providing appropriate administrative access and credentials; and 
d) Ensuring all mandatory evidence and supporting documentation is prepared. 
6.7 The Customer shall ensure that: 
a) All relevant personnel, including technical staff, are available during the agreed audit window; 
b) All required systems, networks, and devices are accessible to the Suppliers assessors; and 
c) Any remote-access requirements (where applicable) are configured and tested in advance. 


7. PRICING AND REMITTANCE
7.1 In respect of the Supplier's provision of Goods and/or Services, the Customer is obliged to remunerate the Charges. 
7.2 For Services offered on a time and materials basis, the Charges will be calculated following the Supplier's prevailing standard daily fee rates, which may be adjusted periodically. 
7.21 The standard daily fee rates established by the Supplier pertain to each individual and are formulated considering a seven-hour workday occurring from 9:00 am to 5:00 pm on weekdays (excluding public holidays). Additionally, the Supplier retains the right to impose an overtime rate for any fractional part of a day or for hours worked by individuals engaged in the Services outside the specified hours. 
7.3 For Services rendered on a fixed price basis, the overall remuneration has been determined according to the Input Materials supplied by the Customer to the Supplier. This fixed price may be subject to re-evaluation between the Supplier and the Customer under either of the following conditions: 
7.3.1 If the Input Materials presented to the Supplier are erroneous or if the Customer neglects to furnish the Supplier with any additional information that the Supplier reasonably deems necessary to furnish the Services; or 
7.3.2 If the scope of the Services, as agreed upon by the Supplier and the Customer, undergoes modification or extension. In case of any reduction in the scope of Services, the Customer is obliged to notify the Supplier of its intent to re-evaluate the price no less than 14 days prior to the commencement date of Service initiation. Furthermore, any reduction in the scope of Services is subject to the constraint that the original Contract value should not decrease by more than 25%. If a reduction in scope surpasses the 25% limit of the original Contract value and if the notice period is less than 3 days before the commencement of the relevant Services, this reduction will be treated as a partial cancellation, leading to the application of the provisions stipulated in condition 13. 
7.4 Without undermining the previously mentioned, the Supplier retains the entitlement to: 
7.4.1 Adjust the Charges to account for any escalation in the expenses of the Goods or Services for the Supplier, which arises from unavoidable third-party expenses incurred by the Supplier. 
7.4.2 Adjust and/or increase the Charges with a notification period of at least 30 days provided to the Customer before delivering the relevant Goods and/or executing the relevant services; and 
7.5 Should the Customer raise objections to any upsurge in the Charges as per condition 7.4.2, the Customer shall possess the option, within 14 days from receiving a notice from the Supplier, to issue a notice to the Supplier to terminate the Contract. In the event of such termination, the Customer will not be subject to any responsibility or commitment to the Supplier due to such cancellation. 
7.6 Unless stipulated otherwise through written agreement from the Supplier, the Charges do not include: 
7.6.1 The Charges do not encompass expenses like hotel, meals, travel, and additional associated costs reasonably accrued by individuals engaged by the Supplier for Service-related purposes. Similarly, the Charges do not include expenses for materials or services supplied by third parties, as reasonably and legitimately required by the Supplier for Service provision. These costs, materials, and third-party services will be invoiced separately by the Supplier. 
7.6.2 Value Added Tax (VAT), which the Supplier will incorporate into its invoices at the relevant rate (if applicable); and 
7.7 For Services, the Supplier retains the right to issue an invoice to the Customer on the day when the Supplier initiates the provision of Services (as mentioned in the relevant Statement of Work). For Goods, the Supplier will raise an invoice for the Customer upon the conclusion of delivery or at any point thereafter. For Cyber Essentials and Cyber Essentials Plus the Supplier will issue an invoice to the Customer once an agreement is in place and payment must be settled in full (cleared funds or cash) prior to the provision of any Services and/or Goods. 
7.8 The Customer must settle each invoice presented by the Supplier in its entirety with funds processed, within 30 days from the invoice date. 
7.9 Without affecting any other entitlement or recourse at its disposal, in the event that the Customer does not fulfil payment of an invoice by the stipulated due date, the Supplier has the authority to: 
7.9.1 Impose interest charges on that amount starting from the payment's due date at the annual rate of 4% above the prevailing base lending rate of Lloyds Bank plc, compounded quarterly on a daily basis until the sum is settled. This applies regardless of whether payment is made prior to or after legal judgment, and the Customer must promptly remit the interest upon request; and 
7.9.2 Halt all Services until complete payment has been received. 
7.10 The Supplier reserves the right, without undermining any other rights it possesses, to offset any liability of the Customer to the Supplier against any liability of the Supplier to the Customer. 
 
8. INTELLECTUAL PROPERTY RIGHTS
8.1 In the context of the Customer and the Supplier, the Supplier or its third-party licensors (when relevant) will hold ownership of all Intellectual Property Rights and other rights concerning the Deliverables and Pre-existing Materials. With regard to condition 8.2, the Supplier grants the Customer a cost-free, non-exclusive, worldwide license to these Intellectual Property Rights, to the extent necessary for the Customer to reasonably utilise the Deliverables and Services. This license will terminate automatically if the Contract is terminated. 
8.2 The Customer recognises that, in cases where the Supplier lacks ownership of Pre-existing Materials, the Customer's utilisation of rights associated with Pre-existing Materials is contingent upon the Supplier securing a written license (or sub-license) from the appropriate licensor(s) under terms that enable the Supplier to grant the Customer a license for such rights. 
8.3 The Customer acknowledges that the Supplier holds ownership of Intellectual Property Rights in Supplier IPR, and the Contract does not aim to transfer or license these Intellectual Property Rights to the Customer. 
 
9. CONFIDENTIALITY AND THE PROPERTY OF THE SUPPLIER
9.1 Both parties agree not to divulge any confidential information regarding the business, operations, customers, clients, or suppliers of the other party to any third party, unless as permitted under condition 9.2. 
9.2 One party has the right to reveal confidential information of the other party: 
9.2.1 Each party is responsible for ensuring that any employees, officers, representatives, or advisers to whom confidential information is disclosed (who require such information for the fulfillment of their responsibilities under this agreement) comply with condition 9.2; and 
9.2.2 As necessitated by law, court order, or any governmental or regulatory authority. 
9.3 Each party is prohibited from utilising the confidential information of any other party for any purpose apart from fulfilling its obligations as outlined in the Contract. 
 
10. LIABILITY LIMITATION
10.1 This condition outlines the complete liability of the Supplier, encompassing liability for the actions or oversights of its employees, agents, consultants, and subcontractors, towards the Customer. 
10.2 Except as explicitly detailed in the Contract, all implied warranties, conditions, and other terms established by statute or common law are, to the extent allowable, excluded from the Contract. 
10.3 These Conditions do not restrict or exclude the Supplier's liability concerning: 
10.3.1 Fraud and/or any fraudulent misrepresentation; or 
10.3.2 Fatality or personal injury arising from negligence; 
10.3.3 Any other liability that cannot be lawfully excluded. 
10.4 Subject to condition 10.3: 
10.4.1 The Supplier shall never be held liable to the Customer, whether in contract, tort (including negligence), breach of statutory duty, or any other legal basis, for any loss of: business; profit; goodwill; anticipated savings; contract; goods; use; data or information corruption; or any indirect or consequential loss arising in relation to or under the Contract; and 
10.4.2 The Supplier's aggregate liability to the Customer for all other losses stemming from or linked to this Contract, encompassing tort, breach of contract, indemnification, misrepresentation, restitution, or any other basis, shall not surpass the price paid and payable for the pertinent Goods and/or Services in connection with that specific contract. 
 
11. GOODS WARRANTY
11.1 The Supplier will make reasonable efforts to transfer or secure any warranties provided by the manufacturer or distributor of the Goods for the benefit of the Customer. 
11.2 To eliminate any confusion and unless otherwise specified in writing by the Supplier: 
11.2.1 The Supplier does not furnish any warranty regarding the Goods, and all Goods are supplied without any requirement for the Supplier to provide maintenance or support for them. 


12. DATA PROTECTION
12.1 Both the Supplier and the Customer guarantee their adherence to UK Data Protection Legislation when carrying out and/or receiving Services within the framework of the Contract. 
12.2 The Customer and the Supplier recognise that, in line with UK Data Protection Legislation, the Customer functions as the Data Controller and the Supplier serves as the Data Processor (as referred to in UK Data Protection Legislation at any given point) regarding any and all Personal Data managed by the Supplier under the terms of the Contract. 
12.3 The Customer acknowledges that the Supplier depends on the Customer for guidance regarding the degree to which the Supplier is authorised and/or obligated to Process the Personal Data. The Customer acknowledges its role as the Data Controller, responsible for guaranteeing that the Supplier possesses the necessary authorisation to access and process the Personal Data. Accordingly, the Supplier will not be held accountable for any claims raised by a Data Subject (as referred to in UK Data Protection Legislation) that arise from any action or oversight by the Supplier, to the extent that such action or oversight stems from the Customer's directives. 
12.4 The Customer is required to guarantee that no Sensitive Personal Data (as referred to in UK Data Protection Legislation) is incorporated within the Personal Data. The Supplier will not be accountable for handling such Sensitive Personal Data and will not be held responsible for any breaches of compliance with UK Data Protection Legislation in connection to it. 
12.5 The Supplier is obligated to handle Customer Data solely as per the Customer's instructions and must refrain from processing Customer Data for any objectives other than those explicitly authorised by the Customer. 
12.6 The Supplier has the authority to engage a third-party subcontractor for processing the Personal Data, under the condition that the subcontractor's agreement adheres closely to the terms outlined in these conditions and automatically concludes upon the termination of the Contract for any reason. 
12.7 The Supplier shall not be held accountable for any loss, alteration, destruction, or unauthorised disclosure of Personal Data arising from actions by third parties (except for those third parties subcontracted by the Supplier to carry out tasks linked to the maintenance and backup of Personal Data). 
12.8 Both parties acknowledge that starting from 25th May 2018, GDPR will be integrated into UK Data Protection Legislation. GDPR will broaden the scope of definition for Personal Data within the UK Data Protection Legislation to encompass designated categories such as data related to ethnicity, socioeconomic circumstances, biometric details, and online identifiers (IP addresses). In alignment with GDPR provisions, the Customer grants consent and authorises the Supplier to process such specific Personal Data exclusively to the extent required for delivering Goods and/or Services as stipulated in this Agreement. 
 
13. CHARGES FOR CANCELLATION AND POSTPONEMENT
13.1 In the event that the Customer desires to cancel or reschedule any or all of the Services within 14 days prior to the scheduled commencement date of Services, the Supplier holds the right to levy fee’s. In cases where Services are initially postponed but subsequently cancelled, the applicable cancellation fee as per condition 13.4 will be calculated based on the later cancellation date. 
13.2 In the instance where the Customer has made advance payments for the Services, the Customer retains the right to seek a reimbursement of the Charges, with the exception of the relevant cancellation or postponement fee as outlined in condition 13.4. 
13.3 In cases where the Customer hasn't made advance payments, following notification of any cancellation or postponement, the Supplier will issue an invoice to the Customer for the relevant cancellation or postponement fee, as specified in condition 13.4. 
13.4 Where the Customer cancels or postpones Services, the following charges shall apply: if notice is given 48 hours (two working days) or less before the scheduled commencement of the Services, 100% of the Charges shall be payable; where notice is given between three and ten working days before the scheduled commencement of the Services, a postponement fee of 35% of the Charges or a cancellation fee of 50% of the Charges shall apply. For Cyber Essentials and Cyber Essentials Plus Services, the applicable cancellation and milestone charges are set out separately in Schedule 1. The payment of the invoice for any cancellation or postponement fee by the Customer shall adhere to the provisions detailed in condition 7. 
13.4.1 In regard specifically to all Charges related to Cyber Essentials and/or Cyber Essentials Plus, the Cancellation Charge will be 100% of Charges regardless of the period of Notice Given. 
13.5 The Customer is responsible for completing all prerequisites and mandatory preparatory actions set out in the DCS Audit Guide before the date of the scheduled Cyber Essentials Plus assessment. If the Customer fails to implement the required tools, provide the necessary access or information, or ensure the attendance of required personnel, and this prevents the assessment from being completed within the agreed audit timeframe, the Supplier may include additional fee’s. Such fee’s may include the cost of rescheduling the audit, undertaking further testing, and any additional resources required to complete the certification process. 
13.5.1 Where mandatory elements have not been completed by the Customer and a further audit is required, a re-audit fee of £450, excluding VAT, will be payable. 
13.6 For Customers who purchase Cyber Essentials and Cyber Essentials Plus, the following schedule (tables below) outline the potential Charges which may apply if Cyber Essentials or Cyber Essentials Plus milestones or IASME deadlines are not met. 


14 TERMINATION 
14.1 Without diminishing the effect of condition 13 or any other rights or remedies available to either party, either party possesses the right to terminate the Contract without incurring liability to the other party by providing immediate notice if the other party: 
14.1.1 engages in a substantial violation of any terms within the Contract and, if such violation is capable of remedy, neglects to rectify the violation within a period of 30 days subsequent to receiving written notice regarding the violation; or 
14.1.2 continuously violates any provisions within the Contract in a manner that reasonably substantiates the belief that its behaviour is incongruous with the intention or capability to adhere to the terms of the Contract; or 
14.1.3 becomes subject to liquidation, engages in negotiations with creditors for settlement, becomes insolvent, or undergoes the appointment of an administrator, receiver, or a comparable officer over its entire or partial business (or is subject to a filing with any court for such officer's appointment), or experiences any occurrence or legal action leading to an outcome equivalent or comparable. 
14.2 The parties recognise and concur that any violation of conditions 6, 7, 8, and 9 will be considered a significant breach under the terms of this condition 14. 
14.3 Furthermore, the Supplier will have the right to terminate the Contract instantly and without incurring any liability by notifying the Customer, if the Customer: 
14.3.1 Neglects to settle any sum owed according to the Contract by the stipulated payment deadline and persists in default for a period of at least 14 days following written notice requesting the settlement of the outstanding payment; or 
14.3.2 Experiences a change in control as defined by section 1124 of the Corporation Tax Act 2010 
14.4 Without prejudicing any other available right or remedy, the Supplier can terminate this Agreement by giving the Customer written notice of no less than ninety (90) days. 
14.5 Upon the termination of the Contract, regardless of the cause: 
14.5.1 The Customer is required to promptly settle all outstanding unpaid invoices and interest due to the Supplier, and if Services have been provided but no invoice has been issued, the Supplier reserves the right to submit an invoice, which must be settled immediately upon receipt. 
14.5.2 The Customer is obligated to return all Supplier's Equipment, Pre-Existing Materials, and Deliverables. 
14.5.3 The rights and obligations that have been accrued by the parties up to the point of termination, as well as any provisions explicitly mentioned to continue or which continue implicitly after termination, shall remain unaffected. 
14.6 Upon termination of the Contract (regardless of the manner of termination), conditions 7, 8, 9, 11, 13, 14, and 19 shall endure and remain fully effective. 
 
15. FORCE MAJEURE
15.1 The Supplier shall not be held liable to the Customer under the Contract if it is hindered or delayed in fulfilling its obligations under the Contract or in conducting its business due to events, acts, omissions, or unforeseeable incidents beyond its reasonable control. Such circumstances may include strikes, lock-outs, or other labour disputes (whether involving the Supplier's workforce or any other party), utility service or transportation network failures, natural disasters, warfare, civil unrest, malicious damage, compliance with laws or governmental orders, accidents, machinery breakdowns, fires, floods, storms, or the non-performance of suppliers or subcontractors. 
 
16. GENERAL CONDITIONS
16.1 Except as stipulated in condition 16.2, any alteration to the Contract, these Conditions, or any referenced documents will only be deemed valid if it is in written form and signed by or on behalf of both parties. 
16.2 The Supplier reserves the right to modify the Services or the Goods' specifications as needed to adhere to safety or statutory obligations, without prior notice. These alterations shall not significantly impact the charges for the Goods or Services or, in the case of Services, the nature and extent of the Services. 
16.3 The Contract represents the complete understanding between the parties and replaces all prior agreements pertaining to its subject matter. 
16.4 Should any provision of the Contract (or a portion thereof) be determined as invalid, illegal, or unenforceable by a competent court or authority, that particular provision or portion shall be considered as not included within the Contract, and this omission will not impact the validity and enforceability of the remaining provisions of the Contract. 
16.5 A waiver of any right under the Contract is valid only when it's documented in writing and is applicable solely to the particular circumstances outlined. Any delay or failure by a party to exercise a right or remedy under the Contract or by law doesn't amount to a waiver of that specific right or remedy, nor does it limit its future exercise. The partial or isolated use of such right or remedy also does not hinder its future application. 
16.6 Both parties acknowledge that, by entering into the Contract, they have not relied on and will not have any entitlement to any statement, representation, assurance, or warranty (whether made negligently or innocently) other than what is explicitly stipulated in the Contract. 
16.7 The provisions of the Contract does not imply, nor should it be interpreted as establishing, a partnership or joint venture relationship among the parties. Furthermore, the Contract does not designate any party as an agent of another party for any reason. No party is authorised to act as an agent for or to legally bind the other party in any capacity. 
16.8 The Customer shall not, unless the Supplier gives prior written consent, assign, transfer, charge, mortgage, subcontract, or otherwise dispose of any of its rights or obligations under the Contract. The Supplier, retains the right to assign, transfer, charge, mortgage, subcontract, or otherwise deal with its rights under the Contract at any time. Additionally, the Supplier may subcontract or delegate its obligations to a third party or agent as necessary. 
16.9 An individual who is not a party to the Contract shall not possess any rights under or associated with it. 
 
17. NOTICES
17.1 Any communication mandated by the Contract must be in written form and can be personally delivered, sent via prepaid first-class post, recorded delivery, or through a commercial courier to the other party's address as stipulated in these Conditions or as communicated otherwise by the respective party in writing. A notice will be considered duly received if delivered personally, when left at the address, or if sent by prepaid first-class post or recorded delivery, at 9:00 am on the second working day following mailing. In the case of delivery by a commercial courier, it will be deemed received on the date and time indicated by the courier's delivery receipt confirmation. 
18. PROTECTION OF QUALYS
18.1 The Supplier acknowledges that the cloud services are the property of Qualys and the Partner will not receive any license or right to the use the Cloud Services. The cloud services are provided “AS IS,” without any express or implied warranties, and Qualys shall have no liability to the Supplier or any end customer for direct, indirect, or consequential damages.  
19. GOVERNING LAW AND JURISDICTION
19.1 The laws of England shall govern the Contract, as well as any disputes or claims arising from or related to it, its subject matter, or its formation (including non-contractual disputes or claims). Any such dispute or claim will be exclusively settled within the jurisdiction of the English courts.

Part B – Security Testing Services Additional Terms
These Additional Terms apply only to Security Testing Services and are incorporated into the Contract where such Services are purchased.

Security Testing Services – Additional Terms (Penetration Testing)
The following additional terms apply where the Customer purchases Security Testing Services (including penetration testing) from Delta Cyber Security. In the event of conflict between these Additional Terms and the General Terms above, these Additional Terms shall prevail for Security Testing Services only.


1. Definitions
1.1 In these Additional Terms, the following definitions apply:
Authorisation Form: Delta Cyber Security’s Authorisation Form signed by the Customer to demonstrate acceptance of these Additional Terms and to confirm authority for the Services.
Conditions: these terms and conditions of service.
Confidential Information: all technical or commercial know-how, specifications, inventions, processes, methods (including without limitation processes and methods adopted or used by Delta Cyber Security in the provision of the Services) or initiatives which are of a confidential nature and any other commercially sensitive, proprietary or confidential information which a reasonable person familiar with the parties' industries would consider to be confidential or proprietary in nature.
Contract: the contract between Delta Cyber Security and the Customer for the supply of Services incorporating these Additional Terms, the Authorisation Form, the Proposal and the Order.
Customer: the purchaser of Services from Delta Cyber Security.
Data Protection Laws: means as binding on either party or the Services (i) the Data Protection Act 2018 and the UK General Data Protection Regulation ("UK GDPR"); (ii) any laws which implement, replace, extend, re-enact, consolidate or amend any of the foregoing; and (iii) applicable guidance or codes of practice issued by the Information Commissioner’s Office. The terms "Controller", "Data Subject", "Personal Data", "Processor", "processing" and related expressions shall have the respective meanings given to them in the UK GDPR.
Deliverables: means the deliverables to be provided by Delta Cyber Security arising out of the Services described in the Proposal.
Intellectual Property Rights: all patents, rights to inventions, utility models, copyright and related rights, trademarks, service marks, trade, business and domain names, rights in trade dress or get-up, rights in goodwill or to sue for passing off, unfair competition rights, rights in designs, rights in computer software, database right, topography rights, moral rights, rights in confidential information (including know-how and trade secrets) and any other intellectual property rights, in each case whether registered or unregistered and including all applications for and renewals or extensions of such rights, and all similar or equivalent rights or forms of protection in any part of the world.
Order: the Customer's order for Services as notified to Delta Cyber Security by email or telephone or via Delta Cyber Security’s website.
Proposal: the description of the Services provided in writing by Delta Cyber Security to the Customer.
Protected Data: Personal Data received from or on behalf of the Customer or otherwise accessed through the Systems in connection with the Services and/or the performance of the Contract. This does not include name and contact details of employees or other individuals working for the Customer that are provided to Delta Cyber Security in connection with the Services which shall be processed in accordance with Delta Cyber Security’s Privacy Policy.
Delta Cyber Security: Delta Cyber Security Ltd, a company registered in England and Wales with company number 15039633 at registered office Unit 9, Vinnetrow Business Centre, Vinnetrow Road, Runcton, CHICHESTER, West Sussex, PO20 1QH.
Restricted Person: any employee, contractor, consultant or personnel of either party who are materially involved in the provision of the Services.
Service Date: the date on which the Services are to be supplied by Delta Cyber Security to the Customer as set out in the Authorisation Form or as otherwise agreed between the parties.
Services: the cyber security services supplied by Delta Cyber Security to the Customer in accordance with the Contract.


2. Basis of Contract
2.1 The Order constitutes an offer by the Customer to purchase Services subject to and in accordance with these Additional Terms.
2.2 The Contract shall come into existence only when the Authorisation Form, having been issued by Delta Cyber Security, is signed by the Customer.
2.3 The Contract constitutes the entire agreement between the parties. The Customer acknowledges that it has not relied on any statement, promise or representation made or given by or on behalf of Delta Cyber Security which is not set out in the Contract.
2.4 Any samples, drawings, descriptive matter or advertising issued by Delta Cyber Security, and any descriptions or illustrations contained in Delta Cyber Security’s catalogues or brochures, are issued or published for the sole purpose of giving an approximate idea of the Services described in them. They shall not form part of the Contract or have any contractual force.
2.5 These Additional Terms apply to the Contract to the exclusion of any other terms that the Customer seeks to impose or incorporate, whether attached or incorporated into the Order or otherwise or which are implied by trade, custom, practice or course of dealing.
2.6 In the event of any conflict between these Additional Terms, the Authorisation Form, the Proposal and the Order, the order of priority shall be (i) these Additional Terms, (ii) the Authorisation Form, (iii) the Proposal and (iv) the Order.
2.7 Delta Cyber Security may recommend the use or deployment of third-party products and services. The Customer shall enter into a direct contract with the third party for such products and services and the products and services shall be used and supplied in accordance with the terms and conditions agreed between the Customer and such third party. Delta Cyber Security shall have no liability in respect of such third party products and services.


3. Supply of Services
3.1 Delta Cyber Security shall supply the Services and the Deliverables to the Customer in accordance with the Contract. Where the Services are to be supplied at the Customer's premises, Delta Cyber Security shall comply with the Customer's health and safety policy and such other policies that are notified by the Customer to Delta Cyber Security.
3.2 Delta Cyber Security shall use all reasonable endeavours to meet the Service Dates, but any such dates shall be estimates only and time shall not be of the essence for performance of the Services.
3.3 Delta Cyber Security shall have the right to make any changes to the Services which are necessary to comply with any applicable law or safety requirement, or which do not materially affect the nature or quality of the Services, and Delta Cyber Security shall notify the Customer in any such event.
3.4 Delta Cyber Security warrants to the Customer that the Services will be provided using reasonable care and skill in line with accepted industry practice and that the Services and the Deliverables shall conform to the requirements of the Contract.
3.5 The Customer must report any deficiency in the Services to Delta Cyber Security in writing within 15 days of receipt of the Deliverables containing the alleged deficiency. Where Delta Cyber Security determines the Services were deficient, Delta Cyber Security will at its option and expense remedy the Services in order that they comply with the warranty at clause 3.4 or refund amounts paid solely in relation to the defective Services. The Customer shall provide Delta Cyber Security with a reasonable opportunity to remedy any such defect. The remedies set out in this clause 3.5 are the Customer's sole remedy for breach of the warranty at clause 3.4. Delta Cyber Security makes no other warranties, express or implied in respect of the Services or the Deliverables.
3.6 The Services shall be deemed complete upon delivery of the Deliverables. Delta Cyber Security shall deliver the Deliverables to the Customer following completion of the Services.


4. Customer's Obligations and Warranties
4.1 The Customer shall:
(i) ensure that the terms of the Order and Authorisation Form and all other information provided to Delta Cyber Security in connection with the Services is complete and accurate;
(ii) co-operate with Delta Cyber Security in all matters relating to the Services and ensure that it has in place all permissions, consents and authorisations required in connection with the Services;
(iii) provide Delta Cyber Security, its employees, agents, consultants and subcontractors, with Customer's premises, systems and other facilities as reasonably required by Delta Cyber Security and prepare the premises and systems for the supply of the Services;
(iv) provide Delta Cyber Security such information and materials as Delta Cyber Security may reasonably require in order to supply the Services and provide the Deliverables and ensure that such information is accurate in all material respects;
(v) ensure that Delta Cyber Security has the right to information and data, including Protected Data on its Systems that are accessed by Delta Cyber Security in connection with the Services; and
(vi) comply with all laws, including laws relating to health and safety and where the Services are provided at the Customer’s premises, to implement and adopt safety measures to ensure the health and safety of Delta Cyber Security’s personnel.
4.2 In the event that the Services include penetration testing services or other services whereby Delta Cyber Security is required to access and/or test the Customer’s systems, the Customer warrants that prior to the Service Date it shall:
(a) configure all reactive or adaptive firewall technologies that may shun or block test activities (e.g. IDP/IPS) to exclude the Delta Cyber Security testing services (as set out in the Authorisation Form);
(b) make Delta Cyber Security aware of all internal and external load balancing and/or virtual hosting that affects the systems that are subject to the Services;
(c) ensure that, where the Services are to be performed on systems which are hosted, managed, shared or owned by a third party, it has obtained (and shall maintain) the relevant third party consent, permissions and licences for the Services prior to the date on which the Services are scheduled to be performed and ensure that where the Services are to be performed on Systems owned by the Customer that it has made all necessary notifications and received all necessary internal consents;
(d) complete and sign the Authorisation Form.
4.3 The Customer acknowledges and accepts that the provision of Services may cause disruption to the Customer's systems (including systems of third parties that are linked to the Customer's systems) and the Customer shall ensure that all such systems are fully and effectively backed up and resilient to the Services. Delta Cyber Security shall not be liable for any loss or damage caused to the Customer's (or any third party's) data or systems as a result of the Services or the failure to back up systems or data or to ensure system resilience.
4.4 The Customer represents and warrants to Delta Cyber Security that (i) it has all necessary power and authority to enter and perform its obligations under this Contract; and (ii) it has taken all requisite corporate and other action to approve the entering and performance of this Contract and shall provide evidence of that action on request.
4.5 The Customer shall indemnify and hold harmless Delta Cyber Security against any claims, losses, liabilities, damages, costs or expenses (including reasonable legal fees) arising from or in connection with the Customer’s failure to obtain proper authority, permissions or rights to permit the Services, including where the Services are performed on systems owned, hosted or controlled by a third party.
4.6 Safe Harbour: The Customer acknowledges that testing activities may trigger intrusion detection systems, monitoring alerts or automated security responses. Activities performed by Delta Cyber Security within the authorised scope set out in the Authorisation Form shall be deemed legitimate security testing and shall not be treated as malicious activity or unauthorised access.
4.7 Scope Limitation: Delta Cyber Security shall only perform testing activities within the scope defined in the Authorisation Form or Proposal. Any systems, services or infrastructure not expressly included within that scope are excluded from the Services.


5. Price and Payment
5.1 The fee payable in consideration of the Services is as set out in the Proposal or as otherwise agreed in writing. Delta Cyber Security shall invoice the Customer for the fees on the receipt of the Deliverables by the Customer, unless otherwise agreed in writing, and the Customer shall pay without any deduction or set off in accordance with agreed payment terms which if not otherwise specified shall be 30 days from the date of Delta Cyber Security's invoice.
5.2 All amounts payable by the Customer under the Contract are exclusive of VAT which shall be payable by the Customer in addition at the prevailing rate.
5.3 If the Customer reschedules or cancels the Services within the applicable period specified below prior to the Service Date, or at any time following commencement of the Services, or if the Contract is terminated (other than for Delta Cyber Security’s default) on notice shorter than the applicable period specified below, Delta Cyber Security may charge the Customer a cancellation fee equal to the fees that would have been payable for the cancelled or rescheduled Services.
Service Type    Cancellation Period
Penetration Testing & Consultancy.    5 Working Days or less
5.4 Where the Customer has purchased a specific number of days (such as for retesting) and fails to use all of those dates within a 12 month period, any unused days will be cancelled and shall not be carried forward.


6. Intellectual Property Rights
6.1 Each party shall retain ownership of their Intellectual Property Rights and other than the licence granted pursuant to clause 6.2, neither party will acquire any rights to the other party’s Intellectual Property Rights.
6.2 Where the Deliverables are a report prepared by Delta Cyber Security, Delta Cyber Security shall retain all Intellectual Property Rights in that report subject to Delta Cyber Security granting the Customer a royalty free, irrevocable, worldwide licence to use any Intellectual Property Rights in that report for its internal business purposes and for the purposes of assessing, improving and reporting on its cyber security, including providing copies of the same to third party providers for the foregoing purpose.


7. Confidentiality
Each party (Receiving Party) shall keep in strict confidence all Confidential Information disclosed to it by the other party and/or its affiliated companies (Disclosing Party). The Receiving Party shall restrict disclosure of such confidential information to such of its employees, agents or subcontractors and those of its affiliated companies as need to know it for the purpose of discharging the Receiving Party's obligations under the Contract, and shall ensure that such employees, agents or subcontractors are subject to obligations of confidentiality corresponding to those which bind the Receiving Party. This clause 7 shall survive termination of the Contract.


8. Limitation of Liability
8.1 Subject to clause 8.3, Delta Cyber Security excludes liability for loss of profits, loss of business, depletion of goodwill and/or similar losses, loss of anticipated savings, loss of goods, loss of contract, loss of use, downtime, loss or corruption of data (whether direct or indirect) or any special, indirect, consequential or pure economic loss, costs, damages, charges or expenses sustained or incurred in connection with the Services or the Contract whether under contract, indemnity, tort (including negligence or breach of statutory duty).
8.2 Subject to clause 8.3, Delta Cyber Security's total liability in contract, tort (including negligence or breach of statutory duty), restitution or otherwise arising in connection with the performance or contemplated performance of the Contract shall be limited to a sum equal to the total fee paid by the Customer in respect of the Services.
8.3 Nothing in these Additional Terms shall limit or exclude Delta Cyber Security's liability for death or personal injury caused by its negligence, or the negligence of its employees, agents or subcontractors, fraud or fraudulent misrepresentation, breach of the terms implied by section 2 of the Supply of Goods and Services Act 1982 (title and quiet possession); or any other liability which may not properly be limited or excluded under the applicable law.
8.4 Except as set out in these Additional Terms, all warranties, conditions and other terms implied by statute or common law are, to the fullest extent permitted by law, excluded from the Contract.
8.5 Delta Cyber Security does not offer any implied or express guarantee that the results of the Services will mean that the Customer's Systems are secure from every form of attack. Cyber Security is a continually evolving matter and this cannot be guaranteed, although Delta Cyber Security shall use reasonable skill and care in the provision of the Services in accordance with industry standards.
8.6 This clause 8 shall survive termination of the Contract.


9. Termination
9.1 Without limiting its other rights or remedies, each party may terminate the Contract with immediate effect by giving written notice to the other party if:
(i) the other party commits a material breach of the Contract and (if such a breach is remediable) fails to remedy that breach within 15 days of that party being notified in writing of the breach. If such breach is not remediable then the Contract may be terminated with immediate effect on giving written notice; or
(ii) the other party becomes insolvent, has an insolvency practitioner appointed over the whole or any part of its assets, enters into any compound with creditors, or has an order made or resolution for it to be wound up (otherwise than in the furtherance of a scheme for solvent amalgamation or reconstruction) or if ownership or control shall pass into the hands of any other legal person, or an event analogous occurs in respect of a party in any Jurisdiction to which that party is subject.
9.2 Without limiting its other rights or remedies, each party shall, subject to clause 5.3, have the right to terminate the Contract for convenience by giving the other party not less than 5 working days written notice.


10. Data Protection
10.1 Definitions
For the purposes of this clause 10, the terms “Controller”, “Processor”, “Personal Data”, “Personal Data Breach”, “Data Subject” and “processing” shall have the meanings given in the UK GDPR and the Data Protection Act 2018 (together, “Data Protection Laws”).
10.2 Roles of the Parties
To the extent that Delta Cyber Security processes Personal Data on behalf of the Customer in connection with the Services, the Customer shall be the Controller and Delta Cyber Security shall be the Processor.
10.3 Customer Obligations
The Customer shall:
(a) ensure that it has all necessary rights, consents and lawful authority to permit Delta Cyber Security to process Personal Data in connection with the Services;
(b) provide lawful written instructions to Delta Cyber Security; and
(c) comply with all applicable Data Protection Laws.
10.4 Processor Obligations
Delta Cyber Security shall:
(a) process Personal Data only on documented instructions from the Customer (unless required by law to do otherwise);
(b) ensure that persons authorised to process Personal Data are subject to appropriate confidentiality obligations;
(c) implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk in accordance with Article 32 UK GDPR;
(d) notify the Customer without undue delay upon becoming aware of a Personal Data Breach affecting Personal Data processed under the Contract;
(e) not appoint a sub-processor without ensuring that a written agreement is in place imposing materially equivalent data protection obligations, and remain liable for the acts and omissions of any sub-processor;
(f) taking into account the nature of the processing, assist the Customer (at the Customer’s cost where appropriate) in responding to Data Subject requests;
(g) assist the Customer (at the Customer’s cost where appropriate) in ensuring compliance with Articles 32 to 36 UK GDPR (security, breach notification, DPIAs and prior consultation);
(h) make available to the Customer information reasonably necessary to demonstrate compliance with this clause 10 and allow for reasonable audits on reasonable notice (subject to confidentiality and security restrictions);
(i) at the choice of the Customer, delete or return all Personal Data at the end of the provision of the Services, unless retention is required by law.
10.5 International Transfers
Delta Cyber Security shall not transfer Personal Data outside the United Kingdom or to any country not recognised as providing adequate protection under Data Protection Laws unless it has implemented appropriate safeguards in accordance with UK GDPR.
10.6 Survival
This clause shall survive termination of the Contract.


11. General
11.1 Assignment - Delta Cyber Security may at any time assign, transfer, charge, subcontract or deal in any other manner with all or any of its rights under the Contract and may subcontract or delegate in any manner any or all of its obligations under the Contract to any third party or agent. The Customer shall not, without the prior written consent of Delta Cyber Security, assign, transfer, charge, subcontract or deal in any other manner with all or any of its rights or obligations under the Contract.
11.2 Notices - Notices under the Contract shall be validly given if in writing and delivered to the other party in person, by registered post to the registered office of the other or by email to the address notified to the other (subject to a successful delivery receipt being obtained).
11.3 Waiver - No failure or delay by a party in exercising any right or remedy under the Contract or by law shall constitute a waiver of that or any other right or remedy, nor preclude or restrict its further exercise.
11.4 Force Majeure - Neither party shall be liable for any delay or failure in carrying out its obligations under the Contract (except any obligations to pay fees) which is attributable to any acts, events, omissions or accidents beyond the reasonable control of the party in default. In such circumstances, the impacted party shall be entitled to a reasonable extension of time for the performance of its obligations.
11.5 Severance - If a court or other competent authority finds any provision or part provision of the Contract to be illegal, invalid or unenforceable that provision or part provision shall be deemed deleted and the remaining provisions shall continue with full force and effect.
11.6 Variation - No variation of the Contract shall be effective unless it is in writing and signed by each party.
11.7 Third Parties - A person who is not a party to the Contract shall not have any rights under or in connection with it.
11.8 Non-Solicitation - During the term of the Contract and for a period of 6 months after its termination or expiry, neither party shall directly or indirectly whether for its own benefit or for the benefit of another person:
(i) solicit, entice or induce any Restricted Person of the other party with a view to employing or engaging that Restricted Person; or
(ii) employ or engage or offer to employ a Restricted Person without the prior written consent of the other party. Notwithstanding the foregoing, either party may employ or engage a Restricted Person who has responded to a bona fide recruitment drive either through a recruitment agency or via publicly placed adverts.
11.9 Signing - The Authorisation Form, these Additional Terms and any other document referred to in these Additional Terms may be executed in counterparts. Each party may evidence their signature of any of the foregoing documents by emailing an executed signature page in PDF format to the other which shall constitute an executed counterpart.
11.10 Relationship - Nothing in the Contract is intended to, or shall be deemed to establish, any partnership or joint venture between the parties, constitute a party as an agent of the other or authorise a party to make commitments on behalf of the other.
11.11 Governing Law & Jurisdiction - The Contract shall be governed by and construed in accordance with the laws of England and Wales and the parties submit to the exclusive jurisdiction of the Courts of England and Wales.

Schedule 1 – Cyber Essentials Milestone Fees
Cyber Essentials (CE)

If the Customer fails the Cyber Essentials Self-Assessment Questionnaire (SAQ), no additional fees shall apply and the Customer will retain access to the IASME portal for a period of six (6) months in order to successfully obtain Cyber Essentials certification.

If the Customer does not obtain Cyber Essentials certification within six (6) months of being granted access to the IASME portal, the Customer will be required to restart the Cyber Essentials certification process. In such circumstances, the applicable fees shall reflect the Cyber Essentials Certification setup cost at the point of expiry, as detailed on the Supplier’s Pricing page.

Cyber Essentials (CE) and Cyber Essentials Plus (CE+) Combined

Where the Customer has purchased Cyber Essentials and Cyber Essentials Plus together, and the Customer does not obtain Cyber Essentials certification within six (6) months of being granted access to the IASME portal, the Customer will be required to restart the Cyber Essentials certification process.

In such circumstances the total cost will consist of two separate fees:

The Cyber Essentials Certification Fee, charged at the rate applicable at the time of renewal (see Pricing); and

A Cyber Essentials Plus Administration Fee of £220 (excluding VAT).

Cyber Essentials Plus (CE+)

Where the three (3) month deadline following the Customer successfully obtaining Cyber Essentials certification expires and the Customer has not booked their Cyber Essentials Plus audit, the Customer will be required to restart the Cyber Essentials certification process and the Cyber Essentials Plus engagement.

In such circumstances the total cost will consist of two separate fees:

The Cyber Essentials Certification Fee, charged at the rate applicable at the time of renewal (see Pricing); and

A Cyber Essentials Plus Administration Fee of £220 (excluding VAT).

If the three (3) month deadline following the Customer passing Cyber Essentials expires and the Customer has attended their Cyber Essentials Plus audit but did not achieve certification, the Customer will be required to restart the Cyber Essentials certification process and Cyber Essentials Plus engagement. The applicable fees shall reflect the Cyber Essentials Certification and Cyber Essentials Plus setup cost at the point of expiry, as detailed on the Combi Pricing page.

If the 30-day remediation deadline following the Customer’s Cyber Essentials Plus audit expires and the Customer is no longer within their three (3) month validity period from passing Cyber Essentials, the Customer will be required to restart both Cyber Essentials certification and Cyber Essentials Plus. The applicable fees shall reflect the Cyber Essentials Certification and Cyber Essentials Plus setup cost at the point of expiry, as detailed on the Combi Pricing page.

If the 30-day remediation deadline following the Customer’s Cyber Essentials Plus audit expires but the Customer remains within the three (3) month validity period from passing Cyber Essentials, the Customer will be required to restart Cyber Essentials Plus only. The applicable fees shall reflect the Cyber Essentials Plus setup cost at the point of expiry, as detailed on the Plus Pricing page.

bottom of page