CE+ CERTIFIED

Fast & Hassle-Free

GET CERTIFIED
SERVICE AGREEMENT

TERMS OF SERVICE

Terms and conditions governing Cyber Essentials and CE+ certification services

1. Definitions and Interpretations

1.1 Definitions

  • Services: Remote Cyber Essentials Basic (Self Assessment) and/or Remote Cyber Essentials Plus assessment and certification
  • Fees: Sum to be paid for Services per Order Form or written agreement
  • Parties: Net Sec Group Limited (Service Provider) and the Client
  • Output: Reports, advice, analyses, methodologies, code or any other deliverable produced
  • Facilities: Working space, computer equipment, network access, and telecommunications systems
  • Authorised Targets: Systems, applications, networks and data identified in writing for certification scope
  • Security Testing: Non-destructive testing limited to vulnerability scanning and configuration assessment

1.2 Interpretations

Singular words include plural; persons include companies; references to Acts of Parliament include modifications and amendments; consent requires written approval.

2. Specification of Services

The Service Provider will:

  • Provide Cyber Essentials Basic (Self Assessment) and/or Cyber Essentials Plus remote assessment and certification
  • Perform Services through appropriate employees or agents
  • Provide time reports upon request
  • Carry out Services as agreed in discussions
  • Confirm that no data scraping will be carried out

3. Client's Obligations

3.1 General Obligations

The Client undertakes to:

  • Pay Fees without retention, deduction or set-off
  • Cooperate as reasonably required
  • Provide necessary information and documentation
  • Ensure staff and agents cooperate with Service Provider
  • Complete the Cyber Essentials questionnaire within 6 months of receiving access
  • Achieve Cyber Essentials Plus certification within 3 months of Cyber Essentials Basic certification

3.2 Authorisation for Security Testing

IMPORTANT: Computer Misuse Act 1990 Compliance

The Client expressly authorises Net Sec Group Limited to perform Security Testing strictly per current Cyber Essentials methodology against Authorised Targets.

The Client confirms:

  • Ownership or lawful control of Authorised Targets with full authorisation authority
  • All necessary third-party permissions obtained (hosting, cloud, telecommunications providers)
  • Appropriate backup, disaster recovery and business continuity arrangements have been implemented
  • Notification of relevant internal and external parties
  • All actions undertaken by Net Sec Group Limited shall be treated as fully authorised per Computer Misuse Act 1990

3.3 Acknowledgement of Testing Risks

The Client acknowledges that Security Testing may result in reduced performance, system errors, data corruption or temporary loss of availability and that testing cannot guarantee identification of all vulnerabilities.

If Net Sec Group reasonably believes active compromise exists, it will notify the Client and may suspend or modify testing.

3.4 Data Protection Compliance

The Client confirms lawful basis for processing, proper notices to data subjects, and necessary consents for Net Sec Group access. Net Sec Group will process personal data only as necessary for testing, validation, and reporting in accordance with UK GDPR and Data Protection Act 2018.

4. Fees and Payments

  • Fees specified at time of purchase
  • Payment is required in full at the time of booking via secure online payment (Stripe)
  • Services commence upon payment confirmation
  • Service Provider may charge reasonable additional costs (travel, accommodation, courier) subject to prior Client agreement
  • All amounts stated include VAT where applicable

Refunds

Refund requests considered case-by-case. No refunds will be issued once the assessment has commenced or if the Client fails to complete the Cyber Essentials questionnaire within 6 months.

5. Ownership and Intellectual Property

Unless otherwise agreed:

  • Client receives licence to use the Services and/or any Output for their own internal purposes only
  • Client will not be entitled to publish, sell, make available to third parties Services or Output
  • The copyright and database right (and all other intellectual property rights) belong to Service Provider

6. Confidentiality

Each Party keeps the other Party's confidential information confidential and secret, using it only for Agreement performance purposes.

Confidential Information includes:

  • Information from the other Party, advisers, visits, or demonstrations
  • Business activities, practices, and finances information
  • Evaluation material, design work, strategic plans, ideas, and innovations
  • Information derived from above

Exceptions (not confidential):

  • Publicly available information (except through breach)
  • Lawfully available from third parties without confidentiality restrictions
  • Marked 'Non Confidential' by Supplying Party
  • Information required by law/regulation (minimal disclosure)

This clause survives Agreement termination.

7. Sub-Contractors

  • Service Provider may use sub-contractors with Client approval
  • Service Provider remains responsible for sub-contractor work to the same standard
  • More restrictive sub-contractor terms govern their work if applicable

8. Warranties and Liability

THE CLIENT'S ATTENTION IS PARTICULARLY DRAWN TO THIS CLAUSE.

8.1 Warranty

Service Provider warrants use of reasonable care and skill in performing Services.

8.2 Excluded Losses

No Party liable for: Loss of profit, market, business, or contract, goodwill damage, loss of projected or anticipated savings, revenue loss, or consequential/indirect loss.

8.3 Unlimited Liability

Nothing limits liability for:

  • Death or personal injury from negligence
  • Fraud or fraudulent misrepresentation
  • Property loss/damage from negligent acts
  • Matters where liability exclusion is illegal

8.4 Liability Cap

Except in the case of death or personal injury caused by the Service Provider's negligence, the liability of the Service Provider shall not exceed the Fee paid.

9. Time for Performance

Time shall not be of the essence for Service Provider performance. Dates and times specified are estimates only.

10. Termination

Agreement terminates following completion of Services and payment of Fees.

11. General Provisions

11.1 Force Majeure

Neither Party liable for delays/failures from circumstances beyond reasonable control. If circumstances continue beyond 6 months, either Party may terminate via written notice.

11.2 Amendments

Agreement may only be amended in writing by duly authorised representatives.

11.3 Assignment

Neither Party may assign, delegate, sub-contract, mortgage, charge, or transfer rights/obligations without prior written agreement, except to assignees of entire business (with written undertaking).

11.4 Entire Agreement

This Agreement contains the whole agreement between the Parties and supersedes any prior written or oral agreements. Fraud liability is not excluded.

11.5 Waiver

No failure or delay in exercising rights impairs or waives them.

11.6 Agency, Partnership etc

Agreement creates only contractual relationship, not partnership, joint venture, agency, or fiduciary relationship.

11.7 Announcements

No public announcement or information disclosure without other Party approval, except for legal/regulatory compliance.

11.8 Notices

Written notices via first class mail, air mail, or email (confirmed by mail/air mail). Deemed received: 3 working days (inland first class), 7 working days (air mail), next working day (email).

12. Severance

If any provision is prohibited by law or judged unlawful/void/unenforceable, it shall be severed without modifying remaining provisions.

13. Law and Jurisdiction

The validity, construction and performance of this Agreement shall be governed by the laws of England and Wales and shall be subject to the exclusive jurisdiction of the courts of England and Wales.

14. Third Parties

Under the Contracts (Rights of Third Parties) Act 1999, this Agreement is not intended to, and does not, give any person who is not a Party to it any right to enforce any of its provisions.

Contact Information

Net Sec Group Limited

Company Registration: 12960489

Registered Office: 85 Great Portland Street, London, W1W 7LT
[email protected]
020 3026 2904

Last Updated: January 2026. These terms govern all Cyber Essentials and Cyber Essentials Plus services provided by Net Sec Group Limited.