Trust &
Compliance.
Independently verifiable credentials. Public policy statements. Real corporate governance. This page exists so that procurement teams, clients, and partners can check who we are and what we stand behind, without having to ask.
Accredited · Certified · Independently Verifiable
Cyber Essentials
Certification Body
Cyber Essentials Plus
Certification Body
IASME Cyber Assurance
Level Two, Audited
Quality Principles
Certified
Net Sec Group Limited
Companies House: 12960489
85 Great Portland Street
London, W1W 7LT
Bletchley Business Campus
Barton Road, Bletchley, MK2 3HU
Certifications held by Net Sec Group Limited.
These are the formal, audited credentials held by the business. Each can be independently verified via the Blockmark digital credential registry.
IASME Cyber Assurance Level 2with Quality Principles
IASME's audit-based cybersecurity and governance standard. Widely recognised as the SME-focused equivalent of ISO 27001 and explicitly referenced by NCSC and UK public sector frameworks. Quality Principles adds a data-protection and organisational-governance overlay.
- Issuer
- The IASME Consortium Limited
- Scope
- Whole Organisation
- Issued
- 2026-01-06
- Expires
- 2029-01-06
- Standard
- IASME Cyber Assurance Standard v7 (May 2025)
- Certificate Number
- b597252e-5f60-4768-b069-505b995b60f4
Cyber Essentials
The UK Government's Cyber Essentials standard, held by NetSecGroup every year since incorporation. Independently assessed, renewed annually.
- Issuer
- IASME (on behalf of NCSC)
- Scope
- Whole Organisation
Cyber Essentials Plus
The hands-on technical tier of Cyber Essentials. Held by NetSecGroup every year since incorporation, assessed by an independent IASME-authorised assessor.
- Issuer
- IASME (on behalf of NCSC)
- Scope
- Whole Organisation
Professional Indemnity Insurance
Professional Indemnity cover is held in force for the scope of services delivered. A summary letter and cover confirmation are available to procurement teams on request via [email protected].
- Issuer
- Underwritten by a specialist UK insurer
Authorised to assess and issue.
These two IASME authorisations mean NetSecGroup doesn't just use the Cyber Essentials scheme. We operate it. We run the assessment, issue the certificate, and answer to IASME for the quality of our work. No middleman.
Cyber EssentialsCertification Body
NetSecGroup is an IASME-authorised Cyber Essentials Certification Body. We assess applicants against the Cyber Essentials standard and issue certificates directly. We are not a reseller or broker.
- Issuer
- The IASME Consortium Limited (on behalf of NCSC)
Cyber Essentials PlusCertification Body
NetSecGroup is an IASME-authorised Cyber Essentials Plus Certification Body. We carry out the hands-on technical assessment ourselves and issue the certificate. The complete Plus engagement is delivered end-to-end in-house.
- Issuer
- The IASME Consortium Limited (on behalf of NCSC)
Professional credentials held by the Director.
These are personal professional credentials. They are presented here for transparency. They do not constitute corporate membership of the awarding bodies, and we are careful to distinguish the two.
CREST-Registered Tester
Held by the Director. Penetration testing engagements at NetSecGroup are led by a CREST-Registered Tester, with additional vetted CREST-certified specialists brought in as engagement scope requires.
- Issuer
- CREST (Council of Registered Ethical Security Testers)
Cyber Essentials Assessor
IASME-authorised Cyber Essentials Assessor status, held by the Director. This is the credential that authorises the issuing of Cyber Essentials certificates on behalf of IASME.
- Issuer
- The IASME Consortium Limited
Associate Cyber Security Professional (ACSP)application in progress
Application submitted to the UK Cyber Security Council in April 2026 via the Cyber Essentials Assessor fast-track route. The ACSP title is a Government-backed professional standing on the UK Cyber Security Professional Register. This entry will be updated to a full registered status once the Council confirms approval.
- Issuer
- UK Cyber Security Council
The policies we publish.
Each of these is a standalone public statement covering a specific area of governance, compliance, or supply chain responsibility. They are written to be referenced directly in procurement questionnaires and supplier due-diligence packs.
Information Security Statement
How we protect client data, our systems, and the services we deliver.
Modern Slavery and Human Trafficking Statement
Our position under the Modern Slavery Act 2015 and how we assess our supply chain.
Environmental Policy
Our approach to environmental responsibility and reducing the impact of our operations.
Carbon Reduction Plan
Our baseline emissions measurement and targets for reduction.
Health and Safety Statement
Our obligations and commitments under UK Health and Safety legislation.
Supply Chain and Subcontractor Policy
How we vet, manage, and flow down obligations to subcontractors and suppliers.
UK Sanctions Compliance Statement
Our compliance with the UK Sanctions List and related regimes.
Common questions, upfront.
- How do I independently verify these certificates?
- Every live certificate held by Net Sec Group Limited is issued as a cryptographically-verifiable digital credential via the Blockmark registry. Open our public registry entry at registry.blockmarktech.com/organisations/GBLTD12960489 to check validity and expiry in real time. No login required.
- What cybersecurity standard does NetSecGroup hold?
- NetSecGroup is certified to IASME Cyber Assurance Level 2 with Quality Principles, IASME's audit-based standard explicitly recognised by NCSC and the Crown Commercial Service as the SME-focused equivalent of ISO 27001. The scope is whole-organisation, the certification is independently assessed, and it is subject to continuous assessment with annual review (current certificate valid to 2029-01-06). We also deliver ISO 27001 implementation consulting as a client-facing service.
- Do you subcontract any part of the service?
- Cyber Essentials and Cyber Essentials Plus assessments are delivered in-house by the IASME-authorised Assessor. Penetration testing engagements may be supported by vetted CREST-certified subcontractors, all of whom are bound by the terms of our Supply Chain & Subcontractor Policy. We notify clients in writing before any subcontractor is introduced to an engagement.
- What governance does the business operate under?
- The business operates under direct Director-led governance, with formal Information Security, Modern Slavery, Environmental, H&S, Supply Chain, and Sanctions policies published on this Trust Centre and reviewed annually. Risk registers, assessment records, and control evidence were independently audited as part of the IASME CAL2 + Quality Principles certification (expires 2029-01-06).
Questionnaire, RFP, or due-diligence pack?
Email procurement teams get a same-day response with the specific certificates, policies, or cover letters they need, usually without needing a form.