Basket
United Kingdom
Select regional store:
IT Governance Ltd is now a GRC Solutions company. Find out more
Terms for buying goods and services on our site

Terms and Conditions of Online Purchases

Version: 11 Issue date: [04/03/2025]

1. Applicability

1.1 These Terms apply to all transactions made on the Website, regardless of location. However, certain jurisdiction-specific terms may apply based on local laws and regulations, which will take precedence where required.

1.2 These Terms exclusively govern the sale of goods and services you purchase from us online. However, if there is a separate written contract signed by both parties that specifically covers the sale of these goods and services, the terms of that contract will take precedence over these Terms in the event of any inconsistencies.

1.3 A formal contractual relationship for any transaction between you and us exists only when we accept your order. Until acceptance is confirmed, no contract is formed between you and us.

1.4 By placing an order on our Website, you confirm that you have read and understood our Terms and Conditions and expressly agree to be bound by them. Before completing your purchase, you must review and accept these Terms. If you do not agree, you must not proceed with your purchase.

2. Key Definitions

Confidential Information: means any information marked as confidential or that should reasonably be understood to be confidential due to its nature or the circumstances of disclosure.

Customer: the individual or entity visiting this Website and/or purchasing products or services from us; also referred to as “you” and “your” herein.

Data Protection Law: means all applicable laws, regulations and binding guidance relating to the processing, protection and security of personal data, privacy and electronic communications, including but not limited to the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018 (UK), the Irish Data Protection Act 2018, the EU General Data Protection Regulation (EU GDPR), and relevant national laws of EU member states, as well as applicable US privacy laws and other laws governing the collection, use, processing, retention and security of personal data in jurisdictions where the parties operate.

GRC International Group: the GRC International Group Limited company that operates the Website, any GRC International Group company whose products or services you purchase, as well as GRC International Group Limited itself; also referred to as “us”, “our” and “we” herein.

GRC International Group Companies:

  • Data Quality Management Group Limited
  • GRC International Group Limited
  • GRC Solutions Inc
  • GRC eLearning Limited
  • GRCI Law Limited
  • IT Governance Limited
  • IT Governance Europe Limited
  • IT Governance USA Inc.
  • IT Governance Publishing Limited
  • Vigilant Software Limited

RPA: means a recurring payment authority.

Service Descriptions: means the service descriptions set out in clause 16 and any other service schedules, statements of work, or other documentation expressly agreed between the parties.

Terms: means these terms and conditions together with our Terms and Conditions of Website Use.

Website: any website or platform owned and/or operated by a GRC International Group company.

3. Our Terms and Conditions

3.1 These Terms provide important information about us and govern any contract between you and us. Please read these Terms carefully and ensure you understand them before placing an order on our Website. If any additional terms and conditions apply to a specific contract, we will notify you at the point of purchase.

3.2 These Terms apply to the supply of both products and services unless stated otherwise.

3.3 You agree to waive any right you might otherwise have to rely on any terms that are endorsed upon, delivered with, or contained in any of your documents if they are inconsistent with these Terms.

4. Prices

4.1 The prices for products and services available for purchase on our Website are as displayed at the time of your order. These prices do not include packaging, shipping, insurance or any applicable travel costs, unless expressly stated otherwise. Additionally, all prices are exclusive of any applicable Value Added Tax (VAT), sales tax, or other national, state or local taxes, which will be added in accordance with the relevant regulations of the applicable jurisdiction.

4.2 Prices are displayed in the currency indicated on our Website at the time of purchase. If you choose to make a payment in a different currency, the applicable exchange rate and any associated conversion fees will be determined by your payment provider and will be your responsibility. We do not control exchange rates or additional charges applied by banks, credit card issuers or payment processors.

4.3 While we strive to ensure that all pricing information on our Website is accurate, errors may occasionally occur. If we discover an error in the price of a product or service you have ordered, we will notify you as soon as possible. We are not obligated to fulfil an order at an incorrect price, and we reserve the right to cancel any such order before dispatch or service provision.

4.4 Prices may be subject to periodic promotions, discounts or special offers, which will be available for a limited time as indicated. Unless otherwise stated, promotional prices apply only during the period specified and cannot be applied retrospectively or in combination with other offers.

4.5 We reserve the right to modify our prices at any time by updating the pricing on our Website. However, any such changes will apply only to future purchases and will not affect any orders that have already been placed and confirmed.

4.6 For international orders, additional customs duties, import taxes and other fees may be applicable in the destination country. These costs are your responsibility. We advise checking with the relevant customs authorities before placing an order.

5. Payment

5.1 Subject to clauses 9 and 10, payment must be made in full at the time of purchase unless an approved credit arrangement is in place.

5.2 Payment is of the essence. If any payment due is not received by the due date, we reserve the right to charge interest on the overdue sum as follows:

  • 5.2.1 UK and Ireland (EU jurisdictions): 8% per annum above the Bank of England’s base rate (UK) or the European Central Bank’s reference rate (EU/IE), in line with the Late Payment of Commercial Debts (Interest) Act 1998 and Directive 2011/7/EU.
  • 5.2.2 US (including New York): 1.5% per month (18% per annum) or the maximum rate permitted by law, in accordance with New York UCC § 2-710.

5.3 We may recover reasonable collection costs, including legal fees.

5.4 We may suspend services if an invoice remains unpaid 30 days beyond the due date.

6. Consumer and Business Purchases

6.1 Individual Consumers: If you are purchasing as a consumer (i.e. not for business, trade or professional use), you may have additional rights under applicable consumer protection laws. These may include the right to cancel an order within a specific cooling-off period as set out in clause 7 below, the right to refunds or replacements for faulty goods, and protections against unfair contract terms. Your statutory rights are not affected by these Terms.

6.2 Business Customers (B2B transactions): If you are purchasing on behalf of a business, a company or an organisation, you confirm that you have the authority to bind the entity to these Terms. Business-to-business transactions are not subject to the same consumer protections, including statutory cooling-off periods. Our liability for business Customers is limited as set out in these Terms, and we exclude any implied warranties to the fullest extent permitted by law.

7. Consumer Cancellations

7.1 If you are purchasing as an individual consumer, you have a legal right to cancel your contract within the relevant cancellation period, as outlined below. For business Customers, the statutory right to cancel does not apply.

7.2 Your legal right to cancel starts from the date we confirm acceptance of your order.

7.3 If you change your mind or decide for any reason that you do not wish to receive or keep a product or service, you must notify us within the relevant period to cancel the contract and request a refund. Under this right to cancel, and where the first day for delivery of any service falls within 14 days from the day on which the contract was established, you must make the cancellation at least one clear day before the planned first day of delivery; in other words, your right of cancellation does not apply on or after the last business day preceding the first day for delivery of that service.

7.4 This right is provided under UK and EU consumer laws (such as the Consumer Contracts Regulations 2013 and the EU Consumer Rights Directive) and may also be subject to state or federal laws in the US. Further advice is available from your local consumer protection authority, such as Citizens Advice (UK), Trading Standards (UK), or the relevant consumer agency in your country.

7.5 The cancellation right for consumers does not apply in the following cases:

  • 7.5.1 Digital content (such as software, e-books, audiobooks, PDFs, electronic templates, reports or online tools) once the download has started. By downloading the content, you expressly consent to waive your right to cancel under consumer law.
  • 7.5.2 Personalised or custom-made products that have been created to your specifications.
  • 7.5.3 Services where the first scheduled delivery begins within 14 days from the date of contract confirmation, unless cancellation is made at least one clear business day before the service starts.
  • 7.5.4 Products that, after delivery, become inseparably mixed with other items.
  • 7.5.5 Training courses and online learning where no specific course date is selected at the time of purchase; in such cases, the right to cancel expires 14 days from the contract date.

7.6 To cancel your order, you must inform us in writing by email or using our cancellation form, clearly stating your decision to cancel and providing details of your order. You must do so before the relevant cancellation deadline, as set out below. To cancel a contract during the 14-day period allowed for cancellations, you need to let us know that you have decided to cancel. The easiest way to do this is to email servicecentre@itgovernance.co.uk, identifying the Website from which you purchased and quoting the electronic purchase sale number, the date of the transaction and the items purchased. This email must contain a categorical statement that goods that have been delivered have not been copied, duplicated or used in any way. If there are physical goods to return, please also obtain a returns number at the time of notifying us of your decision to cancel, and we will at that time also notify you of our returns address.

7.7 If you cancel within the permitted time frame, we will process your refund within 14 days of receiving your cancellation request (or, if applicable, within 14 days of receiving any returned physical goods). Refunds will be issued using the original payment method unless agreed otherwise.

7.8 If your order includes physical goods, you must return them in their original condition, and you are responsible for the cost of returning the goods unless the product is faulty.

7.9 Cancellation Deadlines

  • 7.9.1 Your deadline for cancelling the contract depends on what you have ordered and how it is delivered, as set out in the table below:
Product/service Cancellation deadline
Physical goods
  • Single product, which is not delivered in instalments on separate days.
 14 days from receipt.
Physical goods
  • A product delivered in instalments on separate days.
  • Multiple products delivered on separate days.
 The end date is 14 days after the day on which you receive an individual product or the last instalment of the product or the last of the separate products ordered. For example, if we provide you with an order confirmation on 1 January and you receive the first instalment of your product or the first of your separate products on 10 January and the last instalment or last separate product on 15 January, you may cancel in respect of all instalments and any or all of the separate products at any time between 1 January and the end of the day on 29 January.
Your contract is for the regular delivery of a product over a set period. The end date is 14 days after the day on which you receive the first delivery of the products. For example, if we provide you with an order confirmation on 1 January in respect of products to be delivered at regular intervals over a year and you receive the first delivery of your product on 10 January, you may cancel at any time between 1 January and the end of the day on 24 January. 24 January is the last day of the cancellation period in respect of all products to arrive during the year.
Digital content (e.g. downloads) You have a 14-day right to cancel, unless you download, stream or access the content before the cancellation period ends. By purchasing digital content, you acknowledge and expressly consent to waive your right to cancel once the download, streaming or access begins.
Personalised/custom-made items No right to cancel.
Services (if no specified start date) 14 days from contract date.
Services (if a start date is chosen) Cancellation permitted up to 14 days from the contract date, but if services have started, a pro-rata charge applies. Example: If you cancel on day 10 of a 30-day service, you will be charged for the 10 days already provided.
Online training (self-paced) 14 days from contract date.
Training courses (scheduled date) You may cancel within 14 days from booking, but once the course has started, no refund will be provided. If you book a course that starts within 14 days of purchase, you acknowledge and expressly consent to waive your right to cancel once the course begins.
Training courses (no specified start date) You may cancel within 14 days from the contract date. If you cancel after 14 days, you will not be entitled to a refund. If you have already started the training or received any course materials before the cancellation period ends, you acknowledge and expressly consent to waive your right to cancel, and a pro-rata charge may apply for any services already provided.
  • 7.9.2 There are further terms, set out in clause 16 below, that apply specifically to the purchase of training courses, Cyber Essentials, elearning, self-paced online training courses (distance learning), toolkits and other products through our Website, where any of those terms conflict with applicable consumer law.

8. Consequences of Consumer Cancellation

8.1 If you cancel your contract, we will:

  • 8.1.1 Refund the price paid for the products. However, if you have handled the goods in a way not permitted in a shop, we may reduce your refund to reflect any loss in value. If we refund you before inspecting the goods and later find they were mishandled, you must reimburse us appropriately.
  • 8.1.2 Refund return delivery costs, but only up to the cost of the least expensive delivery method we offer. If you choose a more expensive return option, we will only refund the standard cost.
  • 8.1.3 If you have received the product and we have not offered to collect it from you, you must return it to us within 14 days of the date on which you notify us of the cancellation and we will make any refund due 28 days after the day on which we receive the product back from you or, if earlier, the day on which you provide us with legal evidence that you have sent the product back to us.
  • 8.1.4 If you have not received the product, or you have received it and we have offered to collect it from you: 28 days after you inform us of your decision to cancel the contract.
  • 8.1.5 If you have returned the product to us because it is faulty or not as described, we will refund the price of the product in full, together with any applicable delivery charges, and any reasonable costs you incur in returning the item to us. We will make any refund due 28 days after the day on which we receive the product back from you.
  • 8.1.6 We will refund you on the credit or debit card you used to pay. If you used vouchers to pay for the product, we may refund you in vouchers. If you paid via PayPal or a similar payment processor, or via bank transfer, we will make the refund by the same route.

8.2 The legal rights of consumers are not affected by the rights of return and refund outlined above or anything else in these Terms. For advice about your rights, contact Citizens Advice or Trading Standards (UK), the CCPC (Ireland), your national consumer protection authority via the European Consumer Centres Network (EU), or the New York State Attorney General’s Office or FTC (US).

9. Recurring Payment Authority (Subscription Products)

9.1 Subscriptions

  • 9.1.1 Some of our products and services are offered on a subscription basis, where deliverables are provided on a recurring or cyclical basis. These products are clearly identified as subscription-based on our Website and may include, but are not limited to, elearning training, cyber security services (such as Cyber Essentials and Cyber Essentials Plus), scanning services, software, and toolkits.
  • 9.1.2 The subscription period (monthly or annual) is specified on the individual product pages at the time of purchase. The subscription will automatically renew at the end of each billing period unless you cancel before the next renewal date.
  • 9.1.3 When you purchase a subscription product online using a payment card or any other electronic payment method, you authorise us to collect recurring payments in line with the selected subscription period under an RPA. This authorisation remains in effect until you cancel it in accordance with these Terms. By agreeing to an RPA, you acknowledge that payments will be automatically deducted unless and until you formally cancel your subscription.

9.2 Subscription Cancellation and Effect of Cancellation

  • 9.2.1 You may cancel your subscription at any time via the “My Account” section of our Website.
  • 9.2.2 Cancellation of an RPA will take effect at the end of the current paid billing period. You will continue to have access to the subscription service until the end of that period, after which all related benefits and access rights will be revoked.
  • 9.2.3 You cannot cancel a subscription in arrears. Once a renewal date has passed, the subscription will remain active until the next renewal period.
  • 9.2.4 Upon cancellation of an RPA, your access to the subscription services will terminate at the end of the current paid billing period. Any associated registrations, benefits or access rights will also be revoked from that date.
  • 9.2.5 No refunds will be issued for unused portions of a subscription, except where required by applicable consumer protection laws. Refund rights may vary depending on your jurisdiction, including the UK Consumer Contracts Regulations 2013, the EU Consumer Rights Directive 2011/83/EU, the Consumer Rights Act of 2022 of the Republic of Ireland, and relevant US state laws.

9.3 Subscription Payment Responsibilities

  • 9.3.1 You must ensure that your payment details remain valid and up to date throughout your subscription period.
  • 9.3.2 If your payment method fails, you agree to cover any additional costs incurred by us due to failed transactions or non-payment.
  • 9.3.3 If you are purchasing on behalf of an organisation, you must ensure that your billing contact details are accurate and kept up to date within your “My Account” section of the Website. Your organisation remains liable for all due payments, even if contact details are not updated.
  • 9.3.4 If your initial subscription payment is made via a purchase order, you agree that all subsequent invoices for recurring subscription payments will be paid in accordance with your agreed credit terms, until the RPA is formally cancelled via your “My Account” section of the Website.

9.4 Subscription Renewal Notices and Price Changes

  • 9.4.1 We will make reasonable efforts to notify you at least 5 days before the renewal date of your subscription. However, it is your responsibility to manage your subscription and be aware of renewal dates.
  • 9.4.2 If there is a change in pricing, we will notify you before your next renewal date. If you do not cancel your subscription before the renewal date, the new price will apply from the next billing period.
  • 9.4.3 You are responsible for ensuring that your contact details are current and that our emails are not blocked, marked as spam, or otherwise undelivered.

10. Online Credit Purchasing Agreements

10.1 Approved Credit Accounts

  • 10.1.1 If you have applied for and been granted an approved credit account, you are authorised to place orders through our Website using a purchase order, in accordance with the terms of your credit agreement with us.
  • 10.1.2 Any purchases made via purchase order will be invoiced in line with the specific terms of your credit agreement with us, with payment due in full within 28 days from the invoice date, unless otherwise agreed in writing.
  • 10.1.3 Title to any goods purchased via purchase order shall not pass to you until full payment of the invoice has been received and has cleared.

10.2 Security and Account Responsibility

  • 10.2.1 You agree to take all reasonable steps to ensure that only authorised personnel place orders through our Website using your credit account.
  • 10.2.2 You shall be fully responsible for all invoices generated as a result of any transaction made on your account, whether such orders were placed by your authorised personnel or not, except in cases where fraudulent activity is proven.

10.3 Special Provisions for Representative Services

If you are purchasing either the GRCI Law EU Representative Service or the GRCI Law UK Representative Service, and you are purchasing by purchase order, then you agree that you will pay for these services annually in advance by direct debit (or by SEPA direct debit if you are in the EU or by automated clearing house debit payment if you are in the US), and that you will provide us with a duly authorised, valid and accurate annual direct debit, SEPA debit or automated clearing house debit form before the commencement of the subscription period.

11. Data Protection

11.1 We process personal data in accordance with Data Protection Law. As a data controller, we determine the purposes and means of processing personal data related to the sale of goods and services. Our processing activities are detailed in our Privacy Notice (www.grci.group/privacy-notice), which sets out the lawful bases for processing personal data in compliance with applicable regulations.

11.2 We only collect and process the minimum personal data necessary to provide the purchased product or service, ensuring compliance with data minimisation principles under Data Protection Law.

11.3 We implement appropriate technical and organisational measures to ensure the confidentiality, integrity and availability of all personal data processed in compliance with Data Protection Law. Security controls are based on risk assessments and take into account the nature of processing and risks to data subjects’ rights and freedoms.

11.4 We conduct ongoing risk assessments to identify, mitigate and manage risks to personal data, implementing safeguards to prevent unauthorised access, loss, alteration or destruction in line with Data Protection Law requirements.

11.5 Individuals have rights under Data Protection Law regarding access, correction, deletion, objection and portability of their personal data, subject to legal and contractual limitations. These rights may vary depending on the applicable jurisdiction, and may include the right to restrict processing, withdraw consent where applicable and lodge a complaint with the relevant data protection authority.

11.6 Requests to exercise any of these rights should be made in accordance with our Privacy Notice and will be subject to identity verification and any applicable legal or contractual limitations.

12. Intellectual Property

12.1 You acknowledge that all intellectual property rights, including copyright, trademarks and proprietary rights in our Websites, products and services belong to us or, where applicable, to third-party providers. Purchasing a product or service does not grant you any right to use, modify, reproduce or distribute our intellectual property unless expressly permitted under a separate, written contract.

12.2 You acknowledge that use of our Website or the purchase of products or services from our Website does not grant any licence to use, modify, reproduce or distribute our intellectual property, including trademarks and copyrights, except where expressly permitted for a specific product. Unauthorised use, including copying, modifying, distributing or otherwise exploiting our intellectual property without our explicit written permission, is strictly prohibited. We may take appropriate legal action to enforce our rights, including requiring you to cease unauthorised use, seeking financial compensation for any loss suffered, or pursuing legal proceedings where necessary.

12.3 You agree to indemnify, defend and hold us, our affiliates, licensors and any third-party providers harmless from and against any claims, liabilities, damages, losses, costs and expenses (including reasonable legal fees) arising from any unauthorised use, modification, reproduction or distribution of our intellectual property or any third-party intellectual property we provide to you, whether by you or any third party acting on your behalf.

13. Delivery of Goods and Performance of Services

13.1 Digital services and downloads will be provided electronically upon confirmation of payment. Physical goods will be delivered to the address provided at checkout, subject to applicable shipping fees and estimated delivery timelines. Delivery dates are for guidance only, and we shall not be liable for delays caused by unforeseen circumstances, including but not limited to supply chain disruptions.

13.2 Where a service requires your collaboration, including providing access, information or approvals necessary for performance, any failure to meet these obligations may impact delivery timelines. We shall not be liable for any resulting delays or failure to perform where such delays arise due to your non-compliance with agreed requirements.

13.3 We will make reasonable efforts to meet any performance dates specified in this contract, but such dates are indicative only and not legally binding. The scope and specifications of the services provided are as set out in this contract, and no other documentation shall apply unless expressly incorporated.

13.4 The specific services provided under this contract are described in the relevant Service Descriptions in clause 16, which define the scope, specifications, and any additional terms and conditions specific to each service. In the event of any conflict or inconsistency between this contract and a Service Description, the terms in the Service Description shall take precedence but only in relation to the specific services they cover and as far as they comply with applicable consumer law. This precedence shall not apply where expressly stated otherwise in this contract or where mandatory legal provisions require a different interpretation.

14. Limitation of Liability

14.1 Our total liability under or in connection with any contract shall not exceed twice the total amount paid by you under that contract. To the fullest extent permitted by applicable law, we shall not be liable for any indirect, consequential, incidental, punitive or special losses, including but not limited to loss of profit, revenue, business, anticipated savings, data, goodwill or any other economic loss, whether arising in contract, tort (including negligence) or otherwise.

14.2 Nothing in this clause excludes or limits our liability where such exclusion or limitation is prohibited by law, including liability for death or personal injury caused by our negligence, fraud or fraudulent misrepresentation, breach of statutory rights under consumer protection laws that cannot be excluded, or any other liability that cannot lawfully be excluded or limited.

15. General

15.1 Each party agrees to keep confidential all Confidential Information disclosed by the other party. The receiving party shall not disclose, use, or permit the use of Confidential Information except as necessary to fulfil its obligations under this contract. This obligation shall not apply to information that is publicly available, independently developed or lawfully obtained from a third party without confidentiality restrictions.

15.2 If any provision of this contract is found to be void, invalid or unenforceable, it shall be modified to the extent necessary to be valid. If modification is not possible, it shall be severed, and the remainder of the contract shall remain in effect.

15.3 Provisions intended to survive termination, including those on intellectual property, confidentiality and liability, shall remain in force.

15.4 Neither party is liable for delays or failure to perform due to events beyond their control, including natural disasters, war, government actions, labour disputes or third-party failures. The affected party must notify the other and take reasonable steps to mitigate the impact.

15.5 Failure or delay in enforcing any right under this contract does not constitute a waiver. A waiver is only valid if in writing.

15.6 This contract supersedes all prior agreements and can only be amended in writing by both parties.

15.7 These Terms are governed by and interpreted in accordance with the laws of England and Wales, the State of New York, or the Republic of Ireland, depending on the applicable jurisdiction for the relevant Website. The courts of the relevant jurisdiction have exclusive authority over any disputes relating to the use of the Website, any transactions carried out through it, or compliance with applicable Data Protection Law. By using this Website, you waive any right to bring claims in any other jurisdiction unless required by mandatory legal provisions. Consumers in the EU may also have the right to bring claims in their home country under EU consumer protection laws.

15.8 We reserve the right to update this contract at any time. The version in force at the time of purchase shall apply.

16. Service Scope and Descriptions

16.1 Cyber Essentials and Cyber Essentials Plus

  • 16.1.1 The following Terms apply to all purchases of Cyber Essentials and Cyber Essentials Plus (both of which are annual subscription products and so auto-renew) (the ‘Cyber Services’):
    • (i) You must complete and submit the completed Cyber Essentials self-assessment questionnaire (‘SAQ’) for assessment within 6 months of purchasing the Cyber Services. If the application is not completed within this period, it will be marked as void and automatically archived. In these circumstances, no refunds will be issued, and you acknowledge that you will not be entitled to a refund or fee reduction.
    • (ii) Cyber Essentials Plus services are valid for 6 months from purchase. Any request to extend this deadline, including delays in completing the prerequisite Cyber Essentials certification, will be at our sole discretion and may incur additional fees. If you fail to complete the Cyber Essentials Plus certification within that period, your application will be archived, and you agree that no refund or fee reduction will be provided.
    • (iii) If you need certification by a specific date or before an existing certificate expires, it is your responsibility to start the application in time to ensure completion before your deadline. You must also provide an up-to-date asset inventory and ensure that all in-scope assets, systems and applications are supported and meet the Cyber Essentials scheme requirements.
    • (iv) We provide these services in accordance with IASME requirements, which is the National Cyber Security Centre’s (‘NCSC’) Cyber Essentials Partner for the delivery of the Cyber Essentials scheme. Our liability is limited to compliance with these requirements. As the cyber security sector evolves, IASME or the NCSC may introduce changes, including price adjustments, which will be passed on to you.
    • (v) If your initial Cyber Essentials submission is unsuccessful, you will receive either a ‘More Information’ or ‘Fail’ outcome. You then have 2 working days to resubmit a further attempt for certification. If your second attempt is also unsuccessful, or if you fail to resubmit your second attempt within 2 days, you will be required to purchase a new Cyber Essentials package and reapply.
    • (vi) Before applying for Cyber Essentials Plus certification, you must confirm that you hold Cyber Essentials certification achieved through an IASME-licensed certification body within 3 months of applying.
    • (vii) You will need to complete the Cyber Essentials Plus certification within 3 months of achieving your most recent basic-level Cyber Essentials certification. If your Cyber Essentials Plus application is unsuccessful, your Cyber Essentials certification may be revoked.
    • (viii) For Cyber Essentials Plus applications, all vulnerability scans, both internal and external, along with any other required subtests and retests, must be completed in time for us, as the certification body, to review them. The tests must be successfully passed at least 1 month before the certification date or within 3 months of the Cyber Essentials certificate, whichever is earlier.
    • (ix) If, FOR ANY REASON, you do not meet the deadlines outlined in the Terms and Conditions, then we will be under no obligation to provide the Cyber Services nor to refund any part of the agreed fee. Conversely, if we are required to do any additional work to help you complete your application, we may charge you separately for that work.
    • (x) For Cyber Essentials Plus applications, your explicit authorisation is required, as well as that from any additional parties involved in hosting any infrastructure or application that is in scope, before the start of any tests; this should be submitted in writing alongside the list of scan targets/IPs.
    • (xi) Any limitations on the testing, such as a requirement for out-of-hours testing or weekend testing, or restrictions such as testing only during office hours, should be stipulated at the time of submitting the testing request. Any surcharges incurred for any out-of-hours testing will be agreed in advance and billed separately.
    • (xii) If you fail any of the Cyber Essentials Plus testing performed as part of the overall engagement, we will provide you with details of further tests required. The delay between the original assessment and retest should not exceed 1 month, including completion of the application and including time to allow review by us (in our capacity as the certification body). These tests will be billed separately.
    • (xiii) Where we are required to provide on-site consultancy or testing at a Customer site within or outside of the mainland United Kingdom, travel time and costs, accommodation and subsistence expenses may be chargeable. These expenses will be billed separately.
    • (xiv) Unless otherwise agreed, we reserve the right to list your name and/or logo on our Website as evidence that certification has been achieved.
    • (xv) Cancellations – we reserve the right to charge in full for booked days where you cancel with less than 5 business days’ notice, and to charge 50% of the contracted rate where the day is cancelled between 5 and 10 days in advance. In each case, we may waive the right to charge for a specific cancellation if we are able to deploy the consultant’s time with an alternative client. We also reserve the right to charge (at cost) for any non-refundable expenses incurred in respect of travel and accommodation arrangements made in line with this contract.
    • (xvi) If you are UK-domiciled, with a turnover under £20 million, and you achieve self-assessed certification covering your whole organisation to the basic level of Cyber Essentials, you are entitled to Cyber Liability Insurance (terms apply). The cover is underwritten by American International Group UK Limited and administered via Sutcliffe & Co. Insurance Brokers. This Cyber Liability Insurance does not form part of the contract. Please visit https://iasme.co.uk/cyber-essentials/cyber-liability-insurance/.
    • (xvii) Your subscription product cannot be downgraded to an alternative package and, should you decide not to complete your application, you will not be entitled to a refund.

16.2 Penetration testing, including for Cyber Essentials Plus certification, and vulnerability scanning

  • 16.2.1 You must identify and disclose to us any third parties that may be affected by our testing activities. Any damages and/or loss of service caused by your failure to identify and/or disclose such third parties will remain your sole responsibility, and you therefore indemnify us against all and any costs or damages howsoever arising from such activities. Your authorisation to commence testing activities is deemed to include confirmation that any relevant internal or external parties have been appropriately notified, and that all necessary permissions from such parties for us to commence testing have been provided to us.
  • 16.2.2 We will only identify vulnerabilities that are already known at the date on which any tests are carried out, and which are capable of being exposed by the range of testing tools we deploy. You accept that it is in the nature of technical security testing that there may be flaws that will be uncovered in the future or by the use of alternative tools and attack methodologies, none of which could normally be identified at the time of testing, and you therefore agree that you will not, now or in the future, hold us to account for any such matters.
  • 16.2.3 We will accept no liability for damages caused to you by any automated or non-automated attacks on your Internet-facing infrastructure or its applications, irrespective of whether our security testing activity carried out under this contract did, did not, or could have but did not identify any vulnerability exploited, or which might in future be exploited by any such attack.
  • 16.2.4 We will identify vulnerabilities that our testing has exposed and, wherever possible, we will identify by reference to commonly available and published information the appropriate patches and fixes that are recommended to deal with the identified vulnerability, but it will be entirely your responsibility to formally identify and deploy an appropriate solution to the vulnerabilities identified by our security testing.

16.3 Training Courses

All our training courses, including all those for which we act as booking agents for third-party training providers, are subject to the Terms and Conditions set out below. By booking a training course or a third-party training course through us, you accept these Terms and Conditions.

  • 16.3.1 Prices for individual courses are as advertised on our Website and exclude VAT. Where required, VAT will be added to the advertised price to arrive at the final total cost. The course price includes trainers’ time, provision of training rooms and necessary facilities, all necessary training materials and, as appropriate, morning, lunch and/or afternoon refreshments. It does not include travel or other subsistence costs. Exam costs are either included in the course cost or an extra charge; we set out which option applies on our product pages.
  • 16.3.2 Bookings, which are in all cases subject to the availability of places on courses and, for third-party courses, on confirmation to us by the training provider that the course will actually run, will be accepted by us, and the rights and responsibilities in respect of cancellation will apply from the date on which the booking is accepted by us.
  • 16.3.3 We reserve the right to refuse admittance to any course unless:
    • (i) The full purchase price has been paid for the course;
    • (ii) A valid purchase order has been received by us from a UK local authority, other UK public-sector organisation or a company that has an approved credit account with us; or
    • (iii) The full purchase price has been received by us before the course start date.
  • 16.3.4 Delegates will not be permitted to enter the classroom if payment has not been made as set out above. The cancellation Terms below will also apply.
  • 16.3.5 Once we have accepted your booking, the below cancellation Terms apply:
    • (i) There is no cancellation fee provided we receive written notice more than 20 days before the start of the relevant training course.
    • (ii) No refunds will be given for written cancellations received 20 days or less before the start of the training course.
    • (iii) No refunds will be given if you fail to attend a course for which you have made a booking.
  • 16.3.6 Delegates can be transferred from one course to another, or alternative delegates can be substituted for those already booked on a course, and in-house course dates can be rescheduled. For this to happen, the following fees apply:
    • (i) There is no fee where we receive written notification more than 21 days before the start of the relevant training course.
    • (ii) Where the written request is received between 21 and 15 days before the start of the training course, there is a 15% transfer fee.
    • (iii) Where the written request is received between 14 and 8 days before the start of the training course, there is a 25% transfer fee.
    • (iv) Where a transfer request is received 7 days or less before the start of the training course, there will be a 50% transfer fee.
    • (v) Where the course booking is for multiple delegates, or you are not yourself the delegate, we need to know the names of delegates 5 working days before the start of the course so that we can ensure exams are correctly organised, as well as to provide attendance certificates at the end of the training course. If you do not provide the names of the delegates before the 5-working-day window described in this clause, the cancellation clauses above will apply to those delegates and a 100% cancellation fee will apply.
    • (vi) We (and our selected training partners) reserve the right to cancel training courses but will endeavour not to do so within 10 working days of the start of the course. If a training course is cancelled, our only obligation to you will be, at our discretion, either to reschedule the cancelled course within 4 months or to refund in full the fees paid by you for the training course. To the fullest extent permitted by law, we will not be liable to you in contract, tort, negligence or otherwise for any loss, damage, costs or expenses of any nature whatsoever incurred or suffered by you as a direct, indirect, special or consequential nature arising from such a cancellation.
  • 16.3.7 Delegates from outside the UK may require visas to attend a training course in the UK. We will endeavour to provide you with reasonable support to obtain a visa, but the actual issue of a visa is beyond our control, and we have no liability to you in respect of the issue of such a visa. We will only issue appropriate invitation letters once you have booked and paid for the course(s) you wish to attend, and our visa invitation letters will only be in respect of such course(s). If your visa is not issued in time for you to travel to the UK to attend your chosen course, we will, at your discretion, arrange for you to attend an alternative course at a later date or we will, without deduction, refund any course fees paid. We will not under any circumstances be responsible for travel costs you may have incurred. If your visa is issued in sufficient time for you to attend your course but you do not attend, then our standard cancellation clauses will apply, including your liability to make payment in full.
  • 16.3.8 You are responsible for ensuring that the backgrounds of you or your delegates are suitable for the training course(s) that you/they are attending. We will not be liable for any refund if delegates decide that the course material is inappropriate for them or where they are unable to participate fully for any reason. In no circumstances will we be liable to refund any amount in excess of the agreed and paid price for any training course. This applies in particular (but is not limited) to any travel, subsistence or consequential expenses of any sort incurred by delegates.
  • 16.3.9 All copyright and other intellectual property rights in or relating to any course materials provided or made available in connection with the course are and remain our sole property and/or that of our third-party providers. Course materials may not be used, copied, reproduced, stored in a retrieval system, distributed or transmitted in whole or in part, or in any form or by any means, whether electronically, mechanically or otherwise, or translated into any language, without the prior written permission of us and/or our third-party providers.
  • 16.3.10 Exam vouchers are only valid for 12 months from the date of the transaction.

16.4 CISSP Blended Online Training Course

  • 16.4.1 Further to taking this course, we are confident you will pass the CISSP exam on your first attempt. If you do not, we will train you again for free and pay for the full cost of retaking the exam.
  • 16.4.2 To qualify, you must have completed the following:
    • (i) All assessments required of you.
    • (ii) Attendance at all 4 one-on-one and group sessions over the 13-week course duration.
    • (iii) Your end-of-course assessment, with a recommendation from your instructor of when might be best to take the exam (please be aware we may recommend further study and exam preparation).
    • (iv) Your first exam within 3 months of completing the course.
  • 16.4.3 This offer only applies to the cost of a single CISSP examination that is retaken after you have failed your first exam.

16.5 International Standards

  • 16.5.1 Any standards you purchase from us are for your internal business use. Your end users are permitted to print a single copy of the publication.
  • 16.5.2 Neither you nor your end users may remove any proprietary markings or electronic watermarks, including original publisher copyrights and trademarks.
  • 16.5.3 Your end users may not copy, transfer, sell, license, lease, give, download, modify, publish, assign, transmit or otherwise reproduce, disclose or make available to others, or create derivative works from the standards or any portion thereof.

16.6 Staff Awareness Elearning

  • 16.6.1 We license you and, as set out in your sales receipt, the maximum number of your users to access on our elearning portal the specific elearning course(s) you have selected for the length of time you have purchased.
  • 16.6.2 If we have agreed to it, we will provide a single session of training for one or more administrators nominated by you to enable you to administer the elearning portal for your users.
  • 16.6.3 Where you have purchased a corporate elearning licence, your identified administrator may personalise your elearning portal with your corporate branding (including colours and logos) as well as relevant corporate content such as procedure and contact information.
  • 16.6.4 Self-paced courses are only valid for 12 months from the date of purchase. Extensions to the 12 months can be arranged for the following fees:
    • (i) Foundation courses: £50 +VAT for 3 months, £100 +VAT for 6 months.
    • (ii) Advanced courses: £100 +VAT for 3 months, £200 +VAT for 6 months.
    • (iii) No extension can be applied after the valid period has expired.
    • (iv) Exam vouchers are only valid for 12 months from the date of the transaction.
  • 16.6.5 Our elearning courses have been designed to work on the following browsers and mobile apps:
    • (i) Windows: Microsoft Edge 2019 or later, Google Chrome v 30 or later, and Mozilla Firefox v 25 or later.
    • (ii) Mac: Apple Safari v 6 or later, Google Chrome and Mozilla Firefox.
    • (iii) Mobile: Safari in Apple iOS 12 or later, Google Chrome in Apple iOS 12 or later, and Google Chrome in Android OS 6 or later.
  • 16.6.6 Please ensure that JavaScript is enabled in your browser, and that font downloads are enabled to see the correct fonts and characters in the course. Note that older browsers may encounter playback issues related to browser feature releases, so we strongly recommend using the latest browser version for the best experience.
  • 16.6.7 You agree to:
    • (i) Permit us to place cookies on your users’ computers to facilitate providing our elearning staff awareness training courses;
    • (ii) Establish connectivity to the elearning portal; and
    • (iii) Ensure that your users are instructed in the proper use of our elearning portal and any elearning staff awareness courses.
  • 16.6.8 In relation to the elearning portal, we agree that:
    • (i) With the exception of Internet outages and scheduled downtime, the elearning portal will be available for 99.5% of each calendar month;
    • (ii) We will provide you with at least 72 hours’ email notification of scheduled downtime (that is, any planned or scheduled interruption of services from the elearning portal, for the purposes of elearning portal or infrastructure upgrades, software patching, software improvement, or for the replacement of any hardware or software); and
    • (iii) We will make regular backups of all data on the elearning portal and will retain them for 60 days.
  • 16.6.9 We reserve the right to deny access to the elearning portal by any of your users who are, or we reasonably suspect may be, engaged in any illegal activity or that may in any way affect the performance of the elearning portal or its continued use by any of our users.
  • 16.6.10 You also agree that, unless otherwise identified, we own the copyright in all the content material (whether text, graphics, designs, guidance notes or information of any kind) (‘Courseware’), as well as in any upgrades or updates of any sort that may, from time to time, be made available to you on our elearning portal.

16.7 DPO as a Service/Privacy as a Service: Specific Terms

  • 16.7.1 Scope of Work
    • (i) You agree that you will be solely responsible for obtaining appropriate legal advice on any matters on which you need legal advice, and that you will be solely responsible for agreeing and settling any legal fees arising in respect of that advice.
    • (ii) We rely on you to ensure that all your directors and authorised officers fully understand these Terms and that any instructions or questions on the Terms from such directors, officers or any other individuals are authorised by you.
    • (iii) You agree to provide us with appropriate resources and access to relevant data and processes in order for us to provide the services.
    • (iv) You will make available a board member to whom we can report in respect of the services.
  • 16.7.2 Liability
    • (i) You agree that you alone are responsible for your compliance with the General Data Protection Regulation (GDPR) and any other relevant laws and regulations, not limited to those relating to personal data.
    • (ii) You agree that the services are provided by us, and not by any employees of ours, and that our liability in respect of the services is limited to us. You agree that you will under no circumstances seek to bring any form of action, legal or otherwise, against any employee of ours in relation to the services.
    • (iii) We will not be liable for any delay in providing advice or guidance within the scope of the services where this is caused by circumstances beyond our reasonable control.
    • (iv) We will not be liable for failure or delay in performance by you in respect of advice, guidance or instructions given within the scope of the services where this is due to causes beyond our reasonable control. Where the services require us to deal with third parties on behalf of you, we do not accept any liability in relation to such third parties.
    • (v) If there are other advisers or third parties involved in any matter on which we are also engaged, the extent to which any loss or damage will be recoverable by you from us will be limited, without prejudice, in proportion to the overall fault for such loss or damage or as agreed in advance with the other parties. If our ability to claim a contribution to our costs under these circumstances from a third party is prejudiced by any limitation of liability agreed by you with that third party, we will not be liable to you for any amount that we would have been able to recover from that third party but for that limitation of liability.
    • (vi) In respect of obtaining advice on any issue that is within scope of the services, it is your responsibility to engage with us in a timely manner. We will not be held liable for any delay in you engaging the services and any associated delay in us delivering the services.
    • (vii) It is your responsibility to follow the advice we provide within the scope of the services. Should you not follow the advice we provide, we will not be held liable for any consequences, financial or otherwise, experienced by you as a result. If you fail to follow any advice we provide within the scope of the services, we will be entitled to terminate this contract with immediate effect and without any obligation to make any refund of any fees already paid under the contract.
    • (viii) Unless otherwise agreed in writing, we are not responsible for reminding you of key dates or other time-sensitive actions or information.
  • 16.7.3 People responsible for delivering on behalf of GRC International Group Limited
    • (i) We undertake to ensure that those of our employees who are deployed to provide the services have the necessary skills, knowledge and experience. You agree that we alone will determine what skills, knowledge and experience are necessary in relation to the services.
    • (ii) The services will be carried out by a team of our employees and the contact details for the team will be provided in the contract.
    • (iii) We will identify a lead manager within the team who has ultimate responsibility for delivery of our services to you. If we change the lead manager for any reason, we will notify you as quickly as possible.
  • 16.7.4 Processes and Procedures
    • (i) GDPR and UK Data Protection Act (DPA) 2018 advice and guidance, including helpline.
      • We will provide email and telephone advice only to nominated contacts of yours; such nominations are to be made in writing.
      • We will record and track all requests for advice or guidance, or other types of calls received from you. A quarterly report will be generated by us and sent to the nominated contacts. This report will also record the trends in terms of the categories of requests, highlighting root causes of issues raised and potential organisational issues.
    • (ii) Review of GDPR and UK DPA 2018 policies
      • You will provide us with copies of all your policies and procedures that relate to data protection and compliance with EU and UK data protection legislation.
      • We will review all documents provided in relation to their compliance with applicable laws and regulations. We will provide written feedback to you, highlighting areas for improvement, as soon as possible.
      • We will allocate an appropriate consultant(s) to carry out privacy audits as may be required for the services.
      • Such audits will be scoped and planned in consultation with you. For the avoidance of doubt, audits will not be conducted by the lead manager.
      • Audit reports, with recommendations for improvement or otherwise, will be provided to you after completing the data gathering phase of the audit and after undergoing any necessary further review.
    • (iii) GDPR and UK DPA 2018 updates
      • We will provide your nominated contacts with regular updates on issues critical to data protection compliance.
      • The copyright in all the updates (whether text, graphics, designs, guidance notes or information of any kind) may belong to us or to other third parties.
      • You may distribute internally any update material to which we own the copyright, but you are hereby notified that any third-party material may have different copyright restrictions and that you are solely responsible for complying with any restrictions in respect of such third-party material.
  • 16.7.5 Availability of Services
    • Unless otherwise agreed between us, we will provide the services between the hours of 9:00 am and 5:00 pm in the United Kingdom, on a day, other than a Saturday, Sunday or bank holiday, on which clearing banks are open for non-automated commercial business in the City of London.
    • Calls received outside of the standard hours of service will go through to an answerphone service and will not be accessed by us until the next working day.
    • Emails received outside of the standard hours of service will be received by our server, but no action will be taken by us until the next working day.

16.8 Cyber Security as a Service (CSaaS): Specific Terms

  • 16.8.1 The following Terms apply to all purchases of Cyber Security Advice Service and Cyber Security as a Service (both of which are annual subscription products that you will be billed for monthly).
    • (i) Cyber Security Advice Service
      • With the exception of bank holidays, our unlimited Cyber Security Advice Service is available 9:00 am – 5:00 pm Monday to Friday (BST/GMT).
      • The Cyber Security Advice Service is limited to providing advice on how to address cyber risks within your organisation. This advice will be provided by our cyber security experts. It covers common cyber security concerns and best practices. Wherever possible, recommendations to control and reduce cyber risk will be appropriate to your organisation.
      • The Cyber Security Advice Service is available to your nominated point of contact and can be delivered by email, phone or Microsoft Teams during our usual business hours.
      • Where additional support is needed to implement advice, you are entitled to a discounted rate on pre-paid blocks of consultancy hours. The level of this discount will depend on the level of services purchased in accordance with the size of your organisation. Such consultancy will be billed separately.
      • We will provide you, insofar as we are reasonably able, with information about the latest cyber threats and risks. This will be delivered via email as a monthly newsletter.
    • (ii) Cyber Security as a Service
      • You will be provided with a dedicated point of contact. Your specific cyber security expert will be available via phone, email and Microsoft Teams during office hours on weekdays.
      • You should nominate a project coordinator or a single point of contact in a senior role to coordinate delivery of this service with us.
      • Our Cyber Security as a Service includes all the elements of the above Cyber Security Advice Service. Depending on the level of services purchased in accordance with the size of your organisation, we will provide you with the following additional services:
    • (iii) Cyber Security Assessment
      • Our Cyber Security Assessment is designed to establish whether your organisation has basic security controls in place to protect you against commonly occurring cyber threats. The output of the assessment indicates where you might need to increase your defences to reduce the risk of suffering a cyber incident.
    • (iv) Data Breach and Incident Response Planning Support
      • Depending on the level of services purchased, we will provide you with access to an incident response expert as part of these services. The level of support provided will depend on the services purchased. The scope of this service will be as follows:
      • Year 1: help you develop an effective incident response process.
      • Year 2 onwards: help test your incident response capability and provide advice on improving and maintaining it.
    • (v) Staff Awareness Training – additional terms and conditions apply. See “Staff awareness elearning”
      • We will provide you with licences for three staff awareness elearning courses: Information Security and Cyber Security, GDPR: Email Misuse, and Phishing. The number of licences will depend on the level of services purchased. Additional licences are available to purchase at additional cost.
      • If the number of additional licences purchased is more than the number of employees stated for the organisation size you have purchased the services for, you may be charged for the higher organisation package. You should select the services appropriate to the number of employees as classified.
    • (vi) Policies and Procedures
      • Template document policies and procedures are provided that can be tailored to your organisation or used as the basis for developing your own cyber security documentation.
    • (vii) Internal Network Vulnerability Scans and External Vulnerability Scanning
      • We will provide you with access to our external vulnerability scanning service. This service will allow unlimited access to automated scans for your external infrastructure. Access will be provided for up to four IP addresses. Scans for additional IP addresses can be provided at an additional cost.
      • Depending on the level of services purchased, this service includes an annual internal vulnerability scan of your internal infrastructure and endpoint devices. Under some circumstances, this service can be provided remotely.
      • Where we are required to provide on-site consultancy or testing at a Customer site within or outside of the mainland United Kingdom, travel time and costs, accommodation and subsistence expenses may be chargeable. These expenses will be billed separately.
      • All our testing services are subject to the conditions set out further above in respect of penetration testing and vulnerability scanning.
    • (viii) Emergency Cyber Incident Response and Digital Forensic Services: Specific Terms
      • The Terms in this section apply only to contracts that cover the provision of emergency cyber incident response and digital forensic services.
      • You acknowledge and agree that in providing these services, we may modify our approach as appropriate to assist you in investigating a cyber security incident.
      • We will work with you at the outset to identify appropriate incident response aims and objectives that are realistic and achievable by the cyber incident response team.
      • Throughout the engagement, logs are kept of the actions taken by the cyber incident response team. In line with our data retention procedure, these are retained, along with all your other files, for 6 years and are then destroyed.
      • Your files will be encrypted and classified as appropriate.
      • Access to your artefacts and documentation is restricted to our cyber incident response consultants and senior management.
      • Should the delivery of these services require specific hardware, software or specialised products, you may be provided with a quotation for the equipment and any additional services.
      • You authorise us to perform any off-site analysis of your data necessary for the delivery of these services.
      • You acknowledge and agree that we may be required to connect our computers or equipment directly into your computer network or assets. You assume all risk and liability in this regard and we will have no liability in this regard whatsoever.
      • We will carry out all emergency cyber incident response and digital forensic services using reasonable care and skill and in a professional manner.
      • You acknowledge and agree that while delivering these services, we may find evidence of issues such as a data breach, a malware infection, network intrusion, etc., and that may require regulatory reporting for one or more territories in which you operate. You remain solely responsible for all such reporting requirements and we will have no liability in this regard whatsoever.
      • While delivering these services, we reserve the right to assign any suitably skilled resource(s) available to provide these services. We are not obligated to provide a specific resource or third party.
      • The emergency cyber incident response triage will not exceed the time as set out in the Letter of Engagement. Where the triage will require more time than as set out in the Letter of Engagement, we reserve the right to charge additional fees. We will not exceed the agreed time without your consent.
      • We will require explicit authorisation to proceed from you and from any additional parties that are in scope before the start of any emergency cyber incident response or digital forensic activities.
      • Following purchase of the Cyber Incident Response Annual Retainer – Gold or Platinum service, you acknowledge that you will not be able to call upon the emergency cyber incident response service for at least 48 hours.

We will not:

  • Disclose information regarding ongoing or closed cyber security incidents to third parties without your prior permission, unless otherwise required by law;
  • Allow anyone, other than those with a need to know, access to information regarding your cyber security incident; or
  • Exchange information in relation to a cyber security incident over an unencrypted or unsecure medium.

Your responsibilities

  • You will provide appropriate personnel who have the necessary technical, operational and business knowledge and authority to make decisions concerning the emergency cyber incident response service.
  • You will provide us with all necessary cooperation, information and support that we may reasonably require to deliver these services.
  • You will provide us with escalation/contact details that can be used as required.
  • You will make any decisions required promptly and without delay, and we will be entitled to rely on such decisions and approvals.
  • You will identify and disclose to us any third parties that may be affected by our cyber incident response or digital forensic services in relation to the investigation. Damage and/or loss of service/delays caused by your failure to identify and/or disclose such third parties will remain your sole responsibility and you therefore indemnify us against all and any costs or damages howsoever arising from such activities. Your authorisation to commence cyber incident response or digital forensic activities is deemed to include confirmation that any relevant internal or external parties have been appropriately notified and that all necessary permissions from such parties for us to commence work have been provided to us in writing.
  • You are responsible for notifying us of any applicable legal, regulatory or export control requirements related to your assets. If necessary, you will obtain any necessary licences with respect to these services.
  • If emergency cyber incident response services are to be conducted on your premises, you agree to provide the cyber incident response team with a suitable working space.
Save 25% on
foundation
training