MIDLANDS AUDIT HQ

A Complete Solution for Cyber Security Compliance

Protecting your business shouldn't be stressful. SafeWatch secures your entire team, from board-level executives to frontline staff. While we are based right here in the Midlands, we provide official Cyber Essentials and Cyber Essentials Plus certification audits to organizations across the entire UK. Led by Lead Assessor Steven Gordon, we make compliance simple, collaborative, and stress-free—request a scoping review or explore our training today.

NCSC CYBER ESSENTIALS

Cyber Essentials Auditing: Midlands & UK-Wide

Welcome to SafeWatch, a licensed IASME Certifying Body based in the Midlands but providing compliance verification across the entire UK. Whether you are in Oxfordshire, Warwickshire, London, Manchester, or beyond, we make cyber compliance straightforward. By auditing and signing off your Cyber Essentials perimeters, we help protect your organization, satisfy UK government supply chain mandates, and build lasting trust with your clients.

SYS.OK MFA.ON DPA.18 NCSC.CE
PRINCIPAL ASSESSOR

Steven Gordon

Lead Assessor & Cyber Security Partner

With over 30 years of IT infrastructure and governance experience, Steven brings practical expertise to your certification journey.

IASME Lead Assessor NCSC CE/CE+ Practitioner CE Council Ethical Hacker Risk Board Advisory

Based right here in the Midlands, Steven personally guides local SMEs, science parks, and tech firms through their scoping boundaries, while also delivering remote audit support to clients throughout the UK. He is dedicated to making the auditing process simple, transparent, and collaborative for your team, regardless of where they are located.

COMPLIANCE SCOPE

Official IASME Certifying Body

As a licensed certifying body, we are authorized to evaluate your perimeters and award official UK credentials:

  • Cyber Essentials: Marking and signing off on your official self-assessment perimeters.
  • Cyber Essentials Plus: Conducting physical and logical technical audits of systems and endpoints.
LATEST UK GOV ANNOUNCEMENT
£90 Million UK Government Cyber Security SME Funding Infographic

Government Commits £90 Million to SME Cyber Security

The UK Government has committed a landmark £90 million funding package to establish Cyber Essentials as the baseline standard for all UK Small & Medium Enterprises (SMEs). This highlights the critical need for securing internet perimeters, enforcing MFA, and training staff. As an accredited certifying body, SafeWatch helps Midlands SMEs prepare for their Cyber Essentials Plus audits and calculate scoping boundaries.

THE SHIELD AXIOMS

The 5 Core Technical Controls of Cyber Essentials

SafeWatch audits organizations against the five technical perimeters specified under the latest Cyber Essentials Standard. All certified systems must successfully enforce these controls:

01

Boundary Firewalls & Internet Gateways

Enforce strict corporate firewall perimeters to protect all internal network segments, WAN gateways, and subnets. Any open ports or misconfigured router access lists represent immediate vulnerabilities and will result in automatic audit failure.

02

Secure Configuration

Eliminate security drift by enforcing corporate templates that disable default manufacturer accounts, enforce complex custom logins, shut down unnecessary auto-run properties, and lock down active protocols.

03

User Access Control & MFA Mandate

Limit administrative accounts exclusively to core needs and enforce least-privilege. Under the Danzell Standard, Multi-Factor Authentication (MFA) must be active across 100% of user and admin logins for cloud services (SaaS/PaaS/IaaS) holding corporate records.

04

Malware Protection

Protect organizational systems against malicious code. Audits verify that all endpoints run active anti-malware software, utilize application sandboxing, and configure strict code signing to block untrusted applications.

05

Security Patch Management

Establish strict administrative policies ensuring all operating systems, software packages, and firewalls are patched within 14 days of a critical or high-risk vulnerability release, mitigating zero-day exploits.

TECHNICAL DIRECTIVE BLUEPRINT

SafeWatch Cyber Essentials Defense Shield & Core Pillars

Visual schematic detailing the structural cybersecurity defense columns and statutory governance shields that form a compliant corporate posture.

Accredited Cyber Essentials Defense Shield Infographic
5 Core Technical Pillars Infographic

Accredited Cyber Essentials & Cyber Essentials Plus Audit Cost

As a licensed IASME Certifying Body, SafeWatch provides clear, upfront pricing for your NCSC Cyber Essentials and Cyber Essentials Plus audit cost, alongside certified training and scoping advisory packages.

BASIC COMPLIANCE

Cyber Essentials Self-Assessment

SafeWatch reviews, verifies, and signs off on your official NCSC Self-Assessment Questionnaire, providing the foundational digital shield.

Micro (1-9 Users) £320 + VAT
Small (10-49 Users) £440 + VAT
Medium (50-249 Users) £575 + VAT
Large (250+ Users) Price On Application (POA)
  • Official IASME Portal Access
  • Pre-submission compliance review by Steven Gordon
  • Verification & formal NCSC Certification
  • £25k Financial Liability Indemnity (if compliant)
Book Self-Assessment
ADVANCED COMPLIANCE

Cyber Essentials Plus Audit

Rigorous physical and logical technical validation audit. SafeWatch assessors actively audit your endpoints and network perimeters to mark you as fully compliant.

Technical Audit Pricing

Price On Application

POA

Pricing is customized based on active endpoints, server counts, physical site scope, and teleworking distribution. Click below to generate a tailored scoping estimate.

  • All Self-Assessment marking included
  • External vulnerability scans by certified SafeWatch auditors
  • On-site or remote endpoint configuration checks
  • Email delivery & malware prevention testing
  • Official Cyber Essentials Plus certification signing
Request Custom Scoping Quote
COMPLIANCE SUPPORT

Audit Readiness & Training Support

Support courses and ongoing chief advisory retainers to assist internal IT teams in passing the Cyber Essentials audits marked by SafeWatch.

Staff Awareness Course (1-Day) Build corporate security culture. General staff.
£1,500 + VAT On-site flat (up to 25) £245 + VAT Training Centre / delegate
Technical Control Course (2-Day) IT admin architectures & configurations (no labs).
£2,800 + VAT On-site flat (up to 15) £595 + VAT Training Centre / delegate
Monthly Support Retainer Dedicated hours, quarterly scope audits, policy realignments.
Price On Application Tailored to scope & advisory hours
Inquire About Training & Retainers
AUDITING METRIC SCHEME

SafeWatch NCSC Auditing Process Lifecycle

SafeWatch assessors guide your business through a structured four-stage regulatory pathway to verify your technical perimeters and award the official IASME Cyber Essentials credentials.

SafeWatch Cyber Essentials Auditing Process Infographic
CURRICULUM ROADMAP

SafeWatch Accredited Compliance Training Pathway

Operational milestone blueprint for corporate administrators and compliance officers tracking certification audits and risk advisory levels.

SafeWatch Compliance Training Pathway Infographic

The 5 Security Controls of Cyber Essentials

By implementing these five fundamental technical controls, organizations block over 80% of common internet threats. Let's break down how each control keeps you secure and compliant.

CONTROL 01

Firewalls & Internet Gateways

Create a secure perimeter barrier between your internal network and the public internet to block unauthorized incoming traffic.

INTERNET SECURE LAN
  • Change default firewall admin passwords
  • Block all unapproved inbound connections
  • Ensure outbound rules restrict unsafe destinations
CONTROL 02

Secure Configuration

Hardening system settings to reduce vulnerability surfaces. Turn off defaults that leave your devices exposed.

DEFAULT PWD AUTO-RUN MFA ENFORCED
  • Disable unused ports and auto-run features
  • Uninstall unnecessary default programs
  • Change all manufacturer default passwords
CONTROL 03

User Access Control

Enforcing the Principle of Least Privilege. Only grant administration rights to those who absolutely need them.

  • Standard users must not have admin privileges
  • Restrict software installation rights
  • Enforce Multi-Factor Authentication (MFA)
CONTROL 04

Malware Protection

Keep malicious code from executing. Protect your endpoints from virus, worm, and ransomware infections.

  • Deploy active antivirus scanning software
  • Enable OS app store verification (sandboxing)
  • Block known untrusted browser extensions
CONTROL 05

Patch Management

Closing known security backdoors. Keep all operating systems and software updated to block active exploits.

14 DAYS
  • Install critical updates within 14 days of release
  • Remove out-of-support legacy applications
SELF-AUDITING HUD

Interactive Control Audit Verification

Select your operating system and check off your device configuration to see if you meet the Cyber Essentials requirements for each of the 5 controls.

Are Your Controls Ready for Audit?

Take our interactive Gap Diagnostic to check your compliance status across all 5 controls in under 5 minutes.

Start Gap Diagnostic Request Scope Call

Cyber Essentials for Businesses & Enterprises

Secure government contracts, satisfy corporate supply chain mandates, and protect your commercial brand from devastating ransomware and intellectual property theft.

COMMERCIAL COMPLIANCE

Bidding for Tenders & Securing Supply Chains

Under the UK Cabinet Office Procurement Policy Note (PPN 09/14), Cyber Essentials is a statutory mandate for any business bidding for central government contracts that involve handling personal or sensitive data. In the private sector, major enterprises across Oxfordshire and Warwickshire now require Cyber Essentials from all suppliers to isolate third-party supply chain liabilities.

THREAT MATRIX

Critical Cyber Threats Targeting UK Businesses

Commercial estates face targeted, financially-motivated attack vectors daily:

Ransomware & Cryptolocking Extortion

Infiltrating corporate networks via compromised endpoints, encrypting databases and billing files, and demanding massive ransom payments to restore operational status.

Intellectual Property & R&D Exfiltration

Malicious competitor or state-sponsored espionage actors stealing proprietary designs, CAD files, and chemical formulas to erase your market advantage.

Supply Chain & Vendor Account Takeovers

Exploiting weak supplier email security (MFA omissions) to hijack active billing threads and redirect legitimate B2B invoice transfers to fraudulent bank accounts.

SafeWatch Global Threat Intelligence Operations Infographic
VALUE PROPOSITION

Key Corporate Benefits

  • Tender Readiness: Qualify immediately for UK Crown Commercial framework bids.
  • Insurance Discounts: Lower corporate cyber liability insurance premiums by proving technical controls.
  • GDPR Safeguarding: Mitigate legal liability fines (up to 4% of global turnover) under the DPA.
SAFEWATCH ADVISORY Retainer

Corporate Scoping Audit Reviews with Steven Gordon

Scoping corporate IT perimeters is notoriously complex. Defining guest Wi-Fi networks, remote work connections, and cloud tenants incorrectly will trigger automatic audit failures under the latest Cyber Essentials Standard framework. SafeWatch Principal Assessor Steven Gordon personally reviews your estate scope to ensure 100% compliance alignment, delivering a stress-free certification pathway.

REAL-WORLD CASE STUDY

How an Open RDP Port Led to Manufacturing Shutdown

The Incident: A manufacturing enterprise in Warwickshire suffered a complete operational shutdown for six days following a ransomware infection. An attacker discovered a legacy server running Remote Desktop Protocol (RDP) exposed directly to the public internet on default port 3389, without a firewall constraint. The attacker compromised the server, moved laterally, and encrypted billing records, manufacturing control logs, and CAD templates, costing the firm £280,000 in recovery expenses and lost contracts.

How Cyber Essentials Would Have Prevented It:

  • Boundary Firewalls & Internet Gateways: The framework strictly forbids exposing administrative services (like RDP, SSH, or SMB) directly to the open internet. Public-facing ports must be shut down or restricted behind a secure VPN.
  • Secure Configuration & Default Protocol Hardening: Mandates disabling legacy protocols, closing non-essential ports, and enforcing custom admin profile criteria across all endpoints.
  • Patch Management: Enforces updating all internet-facing perimeters and system firmware within 14 days of security vulnerability releases.

Cyber Essentials for Charities & Non-Profits

Protect donor financial transactions, safeguard sensitive beneficiary case files, and secure unmanaged volunteer personal devices from advanced social engineering.

MISSION PROTECTION

Donor Trust, GDPR Compliance, and Information Asset Auditing

Charities are prime targets for cyber criminals because they handle high volumes of sensitive personal data (PII) and financial donations, often without full-time IT security staff. Under the UK General Data Protection Regulation (UK GDPR) and Data Protection Act (DPA 2018), trustees must enforce strict data boundaries and maintain an up-to-date Information Asset Register mapping all personal, donor, and beneficiary data. Achieving Cyber Essentials validates the technical perimeters guarding these critical assets, reassuring grant bodies and the public that funding and data are secure.

VOLUNTEER POSTURE

The Volunteer & BYOD Challenge

Securing a charity is uniquely complex due to a revolving, temporary volunteer workforce. Unlike employees, volunteers rarely undergo structured IT training, access cloud databases using unpatched personal laptops (BYOD), and lack centralized corporate accounts.

SafeWatch helps you configure lightweight Mobile Device Management (MDM) rules and session limits to isolate database access, securing your endpoints without compromising personal privacy.

SECTOR THREATS

Critical Cyber Hazards Targeting Charities

Criminals exploit the trust-oriented, high-activity non-profit sector:

Spear-Phishing & CEO Donation Scams

Phishing campaigns that mimic trustees or CEOs to trick finance coordinators into transferring charity program funding to overseas criminal accounts.

Exfiltration of Sensitive Beneficiary Records

Targeting vulnerable non-profit servers to steal confidential beneficiary files (health status, family records, housing) to blackmail families or sell data.

Donation Portal & Website Defacement

Hijacking website domains or injection of malicious code into online donation forms to skim credit card details directly from generous donors.

SafeWatch Charity Data Security and Volunteer Isolation Infographic
GOVERNANCE & TRUSTEE SUPPORT

NCSC Charity Board Toolkit Scoping & Assessor Verification

Our lead assessor Steven Gordon works directly with charity trustees and boards to bridge the gap between compliance and mission safety. SafeWatch aligns your operational policies with the NCSC Charity Board Toolkit recommendations. We help you establish compliant boundary scopes, verify your UK GDPR Information Asset Register, audit cloud identity access (MFA), and align volunteer BYOD policies to ensure your charity secures a first-time pass at fixed SME rates.

REAL-WORLD CASE STUDY

How Unpatched Volunteer Devices Lead to Data Breach

The Incident: A mid-sized UK support charity suffered a major data breach when an attacker compromised a volunteer’s unpatched personal tablet (BYOD) via a simple phishing email. The attacker extracted cached administrative login credentials for the charity's main cloud case-management database, which lacked Multi-Factor Authentication (MFA). This resulted in the theft of 1,200 sensitive beneficiary case files and a mandatory reporting fine under UK GDPR/DPA rules.

How Cyber Essentials Would Have Prevented It:

  • Multi-Factor Authentication (MFA): Stolen cached credentials alone would be useless without a second factor, blocking access to the cloud database.
  • Patch Management & System Updates: Cyber Essentials forbids any device running unsupported or unpatched software from accessing organizational systems. Automatic updates on the volunteer's tablet would have blocked the initial browser exploit vector.
  • Secure Configuration & Scope Isolation: Restricting user accounts to local standard profiles rather than administrative privileges limits the damage from compromised BYOD credentials.

Cyber Essentials for Schools & Academy Trusts

Satisfy the Department for Education (DfE) cyber standards, safeguard student personal files, and secure classroom networks from devastating cryptolocking attacks.

EDUCATION DIRECTIVE

Satisfying the UK DfE Cyber Security Standards Mandate

The UK Department for Education (DfE) has issued mandatory Cyber Security Standards for all schools, colleges, and academy trusts. Proving compliance is a critical requirement for securing school budgets and academy capital grants. Cyber Essentials is the official government-backed framework specified to demonstrate that classroom networks, staff HR systems, and student records are defended against hostile actors.

THREAT LANDSCAPE

Critical Cyber Risks Facing Educational Institutions

Schools run dense, high-traffic networks exposing multiple entrance vectors:

Ransomware Targeting Exam & Term Operations

Encrypting central student management portals, safeguarding logs, and exam files, intentionally timed to block enrollment weeks or exams to maximize pressure.

Safeguarding & Student PII Leaks

Breaches targeting highly confidential student safeguarding databases and special educational needs (SEN) logs, resulting in severe child safety and regulatory risks.

Classroom BYOD & Open Network Hijacking

Students and staff bringing thousands of unmanaged personal Chromebooks, iPads, and smartphones onto the school Wi-Fi, introducing malware to the LAN.

SafeWatch School Network Segmentation and Database Isolation Infographic
DFE STANDARDS VALUE

Safeguarding Value

  • DfE Compliant: Satisfy mandatory standards to secure capital allocations and funding streams.
  • Student Shielding: Protect sensitive safeguarding logs and medical files.
  • Network Hardening: Secure Wi-Fi subnets used by students and teachers.
ACADEMY TRUST AUDIT MANAGEMENT

Multi-Academy Scoping & Auditing by Assessor Steven Gordon

Multi-Academy Trusts (MATs) and schools maintain highly complex boundaries with distributed campuses, staff working from home, and hundreds of public-use Chromebooks. Defining what is in-scope under the Danzell standard requires specialized assessment. Lead Auditor Steven Gordon helps schools segment student networks from administrative subnets, ensuring your admin system achieves certification smoothly while minimizing operational disruptions.

REAL-WORLD CASE STUDY

How Compromised Staff Credentials Closed a Secondary Academy

The Incident: A secondary school academy trust in the Midlands suffered a devastating ransomware attack on the first week of the autumn term, encrypting classroom registers, medical logs, SEN data, and lesson servers. The attacker compromised a teacher's remote-access VPN credentials via a credential-stuffing attack on a home computer that lacked Multi-Factor Authentication (MFA). Once inside, the attacker traversed the flat network, infecting the main administrative subnet. The trust was closed for four days, incurring £80,000 in recovery costs and severe reputational damage.

How Cyber Essentials Would Have Prevented It:

  • Multi-Factor Authentication (MFA): Stolen password credentials would be rendered useless without the secondary physical factor authentication code, blocking initial access.
  • Network Segmentation & Subnet Boundaries: Cyber Essentials requires separating high-risk networks (such as open pupil Wi-Fi or classroom labs) from the core administrative system containing student records and financial systems.
  • Supported Operating Systems & Patching: Limits external VPN connections to authorized, updated endpoints, blocking known vulnerabilities on unmanaged home computers.

Information Security Awareness Training

Foster a resilient security culture across your organization. SafeWatch provides targeted training programs tailored to different business roles, ensuring alignment with NCSC standards and security policies.

GENERAL WORKFORCE

Frontline Cyber Security Hygiene

Your employees are your first line of defense. This curriculum focuses on building practical, day-to-day security habits that protect company assets and mitigate common social engineering risks.

  • Social Engineering & Phishing: Recognize sophisticated email, SMS, and phone phishing attempts.
  • Strong Password Hygiene: Establish rules for unique passphrases and secure password managers.
  • Remote Work & Wi-Fi Safety: Secure home networks, utilize VPNs, and handle public Wi-Fi risks.
  • BYOD & Device Security: Maintain strict boundary guidelines on personal devices used for work.
LEADERS & EXECUTIVE

Governance, Scoping & Risk

Designed for C-level executives and board members to understand security from a strategic, legal, and financial perspective.

  • NCSC Board Toolkit: Align security metrics with core business governance.
  • GDPR & Compliance: Understand regulatory liabilities and corporate data protection duties.
  • Cyber Essentials ROI: Scoping auditing bounds to maximize insurance premiums and tender access.
MANAGERS & TEAM LEADS

Policy Enforcement & Access

Equip middle management with the tools to implement, monitor, and enforce security policies within their respective teams.

  • Least Privilege Access: Administer user accounts to prevent unauthorized access permissions.
  • Incident Escalation: Lead incident response procedures when alerts or breaches occur.
  • Onboarding Protocols: Enforce mandatory security setup steps (MFA, updates) for new hires.
CURRICULUM ROADMAP

SafeWatch Accredited Compliance Training Pathway

Our structured training curriculum guides teams from fundamental security awareness to technical readiness for the NCSC Cyber Essentials audit.

SafeWatch Compliance Training Pathway Infographic

General Cyber Essentials Gap Diagnostic

Assess your organization's alignment with the five core perimeters of the latest Cyber Essentials Standard. Identify potential audit redlines and estimate compliance liabilities under the UK Data Protection Act (GDPR).

STEP 1 OF 3

1. Scoping Personalisation

Provide your organization's scope parameters to customize the diagnostic metrics, DPA/GDPR compliance formulas, and exportable board reports under the latest Cyber Essentials Standard.

GOVERNANCE DECISION SCHEME

SafeWatch Boardroom Scoping & Executive Briefing Model

Executive alignment model mapping corporate risk levels, scoping configurations, and compliance values for board presentation.

Scoping Boundary Parameters

🛡️ Executive Briefing Recommendation

Scoping Class
Simple
Est. CE+ Scan Sample
5 Devices
Projected Ransomware Risk Exposure Mitigation Low (85% Protected)
Boardroom Executive Summary:

Calculating executive summary...

Lock In Custom Scoping Quote

Contact SafeWatch

Have questions about Cyber Essentials boundaries or auditing schedules? Reach out to Lead Assessor Steven Gordon for direct compliance support.

Direct Contact Channels

Connect directly with our accreditation team in the Midlands for rapid response times.

Call Our Desk

07920 151412

Email Inquiries

hello@safe-watch.co.uk

Local Office

Banbury, Oxfordshire, United Kingdom

Availability Hours

Monday - Friday: 08:30 - 17:30 GMT

Accredited Auditing Team

SG

Steven Gordon

Lead Assessor & IT Auditor

MB

Markus Backman

Accredited IASME Assessor

Send a Message

Request Cyber Essentials Certification

Input your operational metrics. SafeWatch’s smart inquiry portal recommends the ideal pathway and prepares customized engagement scopes in real-time.

Accredited Engagement Inquiry

Audits are structured and priced based on employee size bands under NCSC requirements.

ACCREDITED SCOPING SCHEME

Recommended Audit Scope

£440 + VAT
Target Standard: Cyber Essentials Self-Assessment
Estate Scoping Level: Standard Small Organization
Assessor Allocation: Steven Gordon (IASME Lead)
This scope is aligned for organizations with 10-49 users executing basic NCSC perimeters. SafeWatch provides official portal logins, guides your technical team through standard self-declaration criteria, reviews compliance forms before submission, and issues the signed IASME certification.

Privacy Policy & GDPR Statement

This statement details how SafeWatch Midlands processes, secures, and retains client data in full compliance with UK GDPR and NCSC Cyber Essentials auditing mandates.

1. Introduction & Data Controller

SafeWatch Midlands is committed to protecting the privacy of our clients and website visitors. For the purposes of the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018, the Data Controller is Steven Gordon, Lead Auditor, residing at Banbury, Oxfordshire (Email: hello@safe-watch.co.uk).

2. Information We Collect

We collect and process the following information when you interact with our website or book an audit:

  • Contact Information: Your name, organization name, phone number, email address, and physical address.
  • Auditing & Scoping Data: Scope metrics, user counts, network details, and compliance declarations submitted via forms, gap diagnostic tools, or scope calculators.
  • Technical Metadata: IP address, device type, browser information, and referral URLs gathered via web logging.

3. Lawful Basis and Purpose of Processing

We process data under the following lawful bases:

  • Contractual Obligation: To prepare scoping proposals, quote prices, schedule audits, verify questionnaire responses, and process official Cyber Essentials / Plus certifications.
  • Legitimate Interests: To operate our gap diagnostics, run awareness modules, address queries, and safeguard website perimeters.
  • Legal Compliance: To maintain official certification records as strictly required by NCSC and IASME auditing standards.

4. Third-Party Data Sharing

As an accredited Certifying Body, your organization name, registration details, and certification status are securely transmitted to IASME Consortium Ltd (the scheme partner) and the National Cyber Security Centre (NCSC) to issue certificates and publish your status on the official UK Compliant Register. We do not sell or lease your personal information to unrelated third-party marketers.

5. Data Retention & Security

Official assessment forms, scanning logs, and audit credentials are archived securely for a minimum of 3 years as mandated by the IASME Certification Body Agreement. Website contact submissions and temporary diagnostic responses are purged within 12 months if they do not lead to an active contract. All data is stored in encrypted databases with active Multi-Factor Authentication (MFA) and perimeter firewall controls.

6. Your Rights under UK GDPR

Under UK data protection laws, you hold statutory rights including:

  • The right to access your stored data and verify scoping histories.
  • The right to rectify inaccurate records or complete scoping sheets.
  • The right to erasure ("right to be forgotten"), subject to statutory audit retention mandates defined by IASME.
  • The right to lodge a complaint with the Information Commissioner's Office (ICO) if you believe we have breached your rights.

Complaints & Appeals Procedure

Official policies for Accredited IASME Certification Bodies, detailing conflict of interest mitigation, complaints escalation, and audit appeals.

1. Overview of Complaints & Appeals

SafeWatch Midlands is committed to delivering professional, objective, and accurate auditing services. In compliance with IASME licensing standards, we maintain a transparent, structured pathway for clients wishing to lodge service complaints or appeal a "Fail" result issued during a Cyber Essentials or Cyber Essentials Plus assessment.

2. How to Lodge a Complaint or Appeal

All complaints or appeals must be submitted in writing within 14 calendar days of the event or certification decision. Submissions must be emailed directly to Lead Auditor Steven Gordon at hello@safe-watch.co.uk and contain:

  • Organization Name and Primary Contact details.
  • Date of assessment and target scope details.
  • Specific details of the dispute or technical grounds for appealing a failed control checklist.

3. Investigation and Resolution Window

Upon receipt of a written appeal or complaint, SafeWatch initiates the following process:

  • Acknowledgement: Receipt will be acknowledged in writing within 3 business days.
  • Independent Review: All raw questionnaire files, scoping bounds, and endpoint scan outputs will be re-evaluated against the NCSC core requirements.
  • Formal Verdict: A comprehensive written determination outlining the findings and resolution will be issued within 10 business days.

4. Escalation to IASME

If the outcome of our review does not resolve the dispute to your satisfaction, you have the right to escalate your appeal directly to the licensing authority: The IASME Consortium. Their independent adjudication team will review our auditing records and issue a final ruling. Information on contacting IASME can be found at https://iasme.co.uk.

5. Conflict of Interest Mitigation Policy

Under the IASME Certifying Body Code of Conduct, SafeWatch maintains strict operational segregation. Assessor Steven Gordon is prohibited from auditing and signing off on any systems, configurations, or networks where he has personally designed, built, or implemented the primary security controls, unless an independent, accredited peer assessor conducts a secondary validation.

Global Cyber Threat Monitor

Real-time cyber threat advisories and security alerts dynamically aggregated from the UK National Cyber Security Centre (NCSC) and the US Cybersecurity and Infrastructure Security Agency (CISA). Active threats require swift mitigation; ensure your boundary defenses comply with Cyber Essentials standards.

Threat Intelligence Stream: Live Synchronizing
Sources: UK NCSC & US CISA Feeds
LAST UPDATE: Updating...
SCOPE: UK & US feeds

Protect Your Business Against Active Vulnerabilities

Active vulnerabilities require swift mitigation. Check if your current configurations align with the official NCSC standard using our Gap Diagnostic tool.

Start Gap Diagnostic Contact an Auditor