Select regional store:

Terms and Conditions for buying goods and services on our website 

Version: 2.2. Issue date: 03/10/2022.

If you are a consumer

  • These terms, together with our Privacy Policy, provide you with information about us. These terms will apply to any contract between us. Please read these terms carefully and make sure you understand them before ordering anything from our website. We will notify you of any other terms and conditions that apply to any contract made between us.
  • If you are a consumer, you have a legal right to cancel a contract during the period set out below. This means that, during the relevant period, if you change your mind or decide for any other reason that you do not want to receive or keep a product, you can notify us of your decision to cancel the contract and receive a refund.
  • This cancellation right does not apply in the case of:
    • sealed audio or sealed video recordings, or sealed computer software, once these products are unsealed after you receive them.
    • software or electronic subscription products or downloadable templates, documents, books, or reports in PDF or other electronic format (digital content, the value of which is inherent in the information and/or analysis that has been delivered and which, by its nature, cannot be returned) in respect of which consumers waive, on receipt of the digital content, any right of contract cancellation.
    • any products that become mixed inseparably with other items after their delivery.
    • any products that are made to your specifications or are clearly personalized.
    • any services where you have specifically requested a visit for the purpose of carrying out urgent repairs or maintenance.
    • where the first day for delivery of any service, whether training or consultancy, falls within a period of 14 days from the day on which the service was purchased, then your right of cancellation does not apply on or after the last business day preceding the first day for delivery of that service. There are further terms, set out below, that apply specifically to the purchase of training courses through our sites.
  • Your legal right to cancel a contract starts from the date we confirm our acceptance of your order, which is when the contract between us is formed. Your deadline for canceling the contract then depends on what you have ordered and how it is delivered, as set out in the table below:
Your contract End of cancellation period
Your contract is for a single product (which is not delivered in Installments on separate days).
The end date is the end of 14 days after the day on which you receive the product. Example: if we provide you with an order confirmation on January 1 and you receive the product on January 10, you may cancel at any time between January 1 and the end of the day on January 24.

Your contract is for either of the following:

  • one product delivered in Installments on separate days.
  • multiple products delivered on separate days.
The end date is 14 days after the day on which you receive the last Installment of the product or the last of the separate products ordered. Example: if we provide you with an order confirmation on January 1 and you receive the first installment of your product or the first of your separate products on January 10 and the last Installment or last separate product on 15 January, you may cancel in respect of all Installments and any or all of the separate products at any time between January 1 and the end of the day on January 29.
Your contract is for the regular delivery of a product over a set period.
The end date is 14 days after the day on which you receive the first delivery of the products. Example: if we provide you with an order confirmation on January 1 in respect of products to be delivered at regular intervals over a year and you receive the first delivery of your product on January 10, you may cancel at any time between January 1 and the end of the day on January 24. January 24 is the last day of the cancellation period in respect of all products to arrive during the year.

If any of these terms is at any time held in any jurisdiction to be void, invalid, or unenforceable, then it shall be treated as changed or reduced only to the extent minimally necessary to bring it within the laws of that jurisdiction and to prevent it from being void, and it shall be binding in that changed or reduced form. Subject to that, each provision shall be interpreted as severable and shall not in any way affect any other of these terms.

No waiver by the Company, in exercising any right, power, or provision hereunder shall operate as a waiver of any other right or of that same right at a future time—nor shall any delay in exercise of any power or right be interpreted as a waiver.

These terms and any dispute or claim arising (whether directly or indirectly) out of, or in connection with the use of [this website and any purchases made through this website] shall be governed by and construed in accordance with English law without giving effect to any choice or conflict of law provision or rule (whether English or any other jurisdiction.)

  • To cancel a contract, you need to let us know that you have decided to cancel. The easiest way to do this is to complete the form attached to these terms. Please notify us of your decision to cancel by emailing, quoting the electronic purchase sale number, the date of the transaction, and the items purchased. This letter must contain a categorical statement that goods that have been delivered have not been copied, duplicated, or used in any way. Please also obtain a Returns Number at the time of notifying us of your decision to cancel, and we will at that time also notify you of our returns address.

  • If you cancel your contract, we will:
    • refund you the price you paid for the products. However, please note that we are permitted by law to reduce your refund to reflect any reduction in the value of the goods if this has been caused by your handling them in a way that would not be permitted in a store. If we refund you the price paid before we are able to inspect the goods and later discover you have handled them in an unacceptable way, you must pay us an appropriate amount.

    • refund any shipping costs you have paid, although, as permitted by law, the maximum refund will be the costs of delivery by the least expensive delivery method we offer (provided that this is a common and generally acceptable method). For example, if we offer delivery of a product within 3—5 days at one cost but you choose to have the product delivered within 24 hours at a higher cost, then we will only refund what you would have paid for the cheaper delivery option.

    • make any refunds due to you as soon as possible and in any event within the deadlines indicated below:
      • if you have received the product and we have not offered to collect it from you: 14 days after the day on which we receive the product back from you or, if earlier, the day on which you provide us with evidence that you have sent the product back to us.

      • if you have not received the product or you have received it and we have offered to collect it from you: 14 days after you inform us of your decision to cancel the contract.

    • If you have returned the product to us because it is faulty or not as described, we will refund the price of the product in full, together with any applicable delivery charges, and any reasonable costs you incur in returning the item to us.

    • We will refund you on the credit or debit card you used to pay. If you used vouchers to pay for the product, we may refund you in vouchers. If you paid via PayPal or some similar payment processor, or via bank transfer, we will make the refund by the same route.

    • If a product has been delivered to you before you decide to cancel the contract:
      • you must return it to us without undue delay and in any event not later than 14 days after the day on which you let us know that you wish to cancel the contract. You should send the product back to the address stated on our website.

      • unless the product is faulty or not as described, you will be responsible for the cost of returning the product to us. If the product is one that cannot be returned by post, we estimate that if you use the carrier that delivered the product to you, these costs should not exceed the sums we charged you for delivery.

    • Because you are a consumer, we are under a legal duty to supply products that are in conformity with the contract entered into between us. As a consumer, you have legal rights in relation to products that are faulty or not as described. These legal rights are not affected by your right of return and refund outlined above or anything else in these terms. Advice about your legal rights is available from your local Citizens’ Advice Bureau or Trading Standards office.

  • Severability
  • No waiver
  • Governing law

Online purchasing agreements

Only those organizations that have approved credit accounts are authorized to place orders through our websites using a purchase order, as documented in an Online Purchasing Agreement. All purchases made by means of a purchase order are subject to specific terms as set out in that organization’s Online Purchasing Agreement.

Cyber Essentials and Cyber Essentials Plus

The following terms apply to all purchases of Cyber Essentials and Cyber Essentials Plus (both of which are annual subscription products and so auto-renew) (the “Cyber Services”):

  • You must complete the Cyber Services in full within six months of purchase. Any applications not completed within that period will be marked as void and your account will automatically be archived; in these circumstances, we cannot issue a refund and you agree that you will not be entitled to any refund of or reduction in the fee.
  • Our certification guarantee is based on your organization implementing all the required controls and providing us with your application to check before your first submission. If you submit your application without a pre-check before your first submission, our certification guarantee is invalidated. This guarantee does not apply if the correct changes are not made, or the application is not resubmitted within the two-day window.
  • All our Cyber Essentials packages include a pre-check of your self-assessment answers by one of our security experts before your first submission, to determine whether you are likely to pass on that basis.
  • If you are not successful on your first submission for Cyber Essentials, you have two working days to submit a further attempt for certification. If you are not successful on your second submission, you will be required to wait one month before reattempting at the cost of a new application.
  • Before applying for Cyber Essentials Plus certification, you must confirm that you hold Cyber Essentials certification achieved through an IASME Consortium Ltd (IASME) licensed certification body within three months of applying.
  • You will need to complete the Cyber Essentials Plus audit within three months of achieving your last basic-level Cyber Essentials certification. If your Cyber Essentials Plus application is unsuccessful, your Cyber Essentials certification may be revoked.
  • For Cyber Essentials Plus applications, all scans including the internal and external vulnerability scans must be completed and passing within one month of the workstation assessment/technical audit, including time to allow review by us (in our capacity as the certification body).
  • If FOR ANY REASON you do not meet the deadlines outlined in the Terms and Conditions, then we will be under no obligation to provide the Cyber Services nor to refund any part of the fee. Conversely, if we are required to do any additional work to help you complete your application, we may charge you separately for that work.
  • We will provide these services in accordance with the requirements of IASME, which is the National Cyber Security Centre’s (NCSC) Cyber Essentials Partner for the delivery of the Cyber Essentials scheme and we will have no liability to you outside the scope of those requirements. From time to time, due to the ever-evolving nature of the cyber security sector, changes may be implemented by IASME or the NCSC. Such changes may cause price increases, which will be passed on to you.
  • For Cyber Essentials Plus applications, your explicit authorization is required, as well as that from any additional parties involved in hosting any infrastructure or application that is in scope, before the start of any tests; this should be submitted in writing alongside the list of scan targets/IPs.
  • Any limitations on the testing, such as a requirement for out-of-hours testing or weekend testing, or restrictions such as testing only during office hours, should be stipulated at the time of submitting the testing request. Any surcharges incurred for any out-of-hours testing will be agreed in advance and billed separately in advance.
  • Unless otherwise agreed, we reserve the right to list your name and/or logo on our website as evidence that certification has been achieved.
  • If you fail your initial submission of a Cyber Essentials application, we will provide you with details of required action. The delay between the “fail” notification and a resubmission should not exceed two working days.
  • If you fail any of the Cyber Essentials Plus testing performed as part of the overall engagement, we will provide you with details of further tests required. Any retesting that is required can be included as part of the initial engagement or scoped separately. The delay between the original assessment and retest should not exceed one month including completion of the application and including time to allow review by us (in our capacity as the certification body). These tests will be billed separately.
  • Where we are required to provide on-site consultancy or testing at a customer site within or outside of the mainland United Kingdom, travel time and costs, accommodation and subsistence expenses may be chargeable. These expenses will be billed separately.
  • Cancellations – We reserve the right to charge in full for booked days where you cancel with less than five business days’ notice, and to charge 50% of the contracted rate where the day is cancelled between five and ten days in advance. In each case, we may waive the right to charge for a specific cancellation if we are able to deploy the consultant’s time with an alternative client. We also reserve the right to charge (at cost) for any non-refundable expenses incurred in respect of travel and accommodation arrangements made in line with this agreement.
  • Your subscription product cannot be downgraded to an alternative package and, should you decide not to complete your application, you will not be entitled to a refund.
  • When a UK-domiciled organization with a turnover under £20 million achieves self-assessed certification covering their whole organisation to the basic level of Cyber Essentials, they are entitled to Cyber Liability Insurance; terms apply. The cover is underwritten by AXA XL, a division of AXA, and administered via Sutcliffe & Co Insurance Brokers. This Cyber Liability Insurance does not form part of our own Terms and Conditions. Please visit

Training course terms and conditions

  • All IT Governance Ltd public training courses, including all those for which we act as booking agents for third-party training providers, are subject to the terms and conditions set out below and, by booking a training course or a third-party training course through us, our customers ("you") accept these terms and conditions. All in-house training courses are subject to our General Terms and Conditions, which are available separately at the time of booking.

  • Booking

  • Prices for individual courses are as advertised on our website and are exclusive of VAT. Where required, VAT will be added to the advertised price to arrive at the final total cost. The course price includes trainers’ time, provision of training rooms and necessary facilities, all necessary training materials, and morning and/or afternoon refreshments. It does not include travelling or other subsistence costs.

  • Bookings can be made by credit card online via our website (, by telephone (1 877 317 3454), by sending a booking form to fax + 44 1353 662667 or by emailing it to our sales office:

  • Bookings, which are in all cases subject to the availability of places on courses and, for third-party courses, on confirmation to us by the training provider that the course will actually run, will be accepted by us and the rights and responsibilities in respect of cancellation will apply from the date at which the booking is made. We reserve the right to refuse admittance to any public course unless:

    • the full purchase price has been paid through the booking page for your chosen course through our website, or
    • a valid purchase order has been received by us from a local authority, other public sector organization, or a company that has an approved credit account with us, and/or
    • the full purchase price has been received by bank transfer to IT Governance in advance
  • Delegates will not be permitted to enter the classroom if payment has not been made as set out above. The cancellation terms above shall apply in any case.

  • Once a booking has been accepted, cancellation terms (below) apply.

  • Delegate cancellation charges
    You may cancel your booking without penalty providing we receive written notice more than 28 working days prior to the start of the relevant training course. Written cancellations received between 28 and 21 working days prior to the start of the training course will be subject to a 25% cancellation fee, and, if between 20 and 11 working days, a 50% cancellation fee. No refunds will be given for written cancellations received 10 working days or less before the start of the training course. No refunds will be given if you fail to attend a course for which you have made a booking.

  • Substitutions
    Delegates can be transferred from one course to another, or alternative delegates can be substituted for those already booked on a course. For this to happen, the following fees apply: Written notification more than 28 working days prior to the start of the relevant training course without penalty; between 28 and 21 working days prior to the start of the training course a 25% transfer fee; 20 to 11 working days a 50% transfer fee. Transfers 10 working days or less in advance of a course will be treated as a cancellation and will be charged a 100% cancellation fee. (N.B. Unless we know the names of delegates five working days in advance, it may not be possible to provide attendance certificates at the end of the training course.)

  • Course cancellations
    The Company (and its selected training partners) reserves the right to cancel training courses but will endeavor not to do so within ten working days of the start of the course. If a training course is cancelled, the Company’s only obligation to you will be, at our discretion, either to reschedule the canceled course within four months or to refund in full the fees paid by you for the training course. To the fullest extent permitted by law, the Company will not be liable to you in contract, tort, negligence, or otherwise for any loss, damage, costs, or expenses of any nature whatsoever incurred or suffered by you as a direct, indirect, special, or consequential nature arising from such a cancellation.

  • VISAs for delegates
    Delegates from outside the US may have to obtain visas in order to attend a public training course in the US. We will endeavor to provide you with reasonable support in order for you to obtain a visa, but the actual issue of a visa is beyond our control and we have no liability to you in respect of the issue of such a visa. We will only issue appropriate invitation letters once you have booked and paid for the course(s) you wish to attend, and our visa invitation letters will only be in respect of such course(s). If your visa is not issued in time for you to travel to the US to attend your chosen course, we will, at your discretion, arrange for you to attend an alternative course at a later date or we will, without deduction, refund any course fees paid. We will not under any circumstances be responsible for travel costs you may have incurred. If your visa is issued in sufficient time for you to attend your course but you do not attend, then our standard cancellation clauses will apply, including your liability to make payment in full.

  • Delegate background
    You are responsible for ensuring that the backgrounds of your delegates are suitable for the training course(s) that they are attending. The Company will not be liable for any refund if delegates decide that the course material is inappropriate for them or where they are unable to participate fully for any reason. In no circumstances will the Company be liable to refund any amount in excess of the agreed and paid price for any training course. This applies in particular (but is not limited) to any traveling, subsistence, or consequential expenses of any sort incurred by your delegates.

  • Copyright and intellectual property
    All copyright and other intellectual property rights in or relating to any course materials provided or made available in connection with the course are and remain the sole property of the Company and/or its third-party providers. Course materials may not be used, copied, reproduced, stored in a retrieval system, distributed, or transmitted in whole or in part, or in any form or by any means, whether electronically, mechanically, or otherwise, or translated into any language, without the prior written permission of the Company and/or its third-party providers.

CISSP Blended Online Training Course

Further to taking this course, we are confident you will pass the CISSP exam on your first attempt. If you don’t, we will train you again for free and pay for the full cost of retaking the exam.

To qualify, you must have completed the following:

  • All assessments required of you;
  • Attendance at all four one-on-one and group sessions over the 13-week course duration;
  • Your end of course assessment, with a recommendation from your instructor of when might be best to take the exam (please be aware we may recommend further study and exam preparation); and
  • Your first exam within three months of completing the course.

This offer only applies to the cost of a single CISSP examination that is retaken after you have failed your first exam.

Staff awareness e-learning

  • We license you and, as set out in your sales receipt, the maximum number of your users to access on our e-learning portal, the specific e-learning course(s) you have selected for the length of time you have purchased.
  • If we have agreed to it, we will provide a single session of training for one or more administrators nominated by you to enable you to administer the e-learning portal for your users.
  • Where you have purchased a corporate e-learning licence, your identified administrator may personalize your e-learning portal with your corporate branding (including colors and logos) as well as relevant corporate content such as procedure and contact information.
  • Our e-learning courses have been designed to work on the following browsers and mobile apps:
    • Windows: Microsoft Edge, Google Chrome and Firefox.
    • Mac: Safari, Google Chrome and Firefox.
    • Mobile: Safari in Apple iOS 12 or later, Google Chrome in Apple iOS 12 or later and Google Chrome in Android OS 6 or later.
    Please ensure that JavaScript is enabled in your browser, and that font downloads is enabled to see the correct fonts and characters in the course.
    Note that older browsers may encounter playback issues related to browser feature releases, so we strongly recommend using the latest browser version for the best experience.
  • You agree to:
    • Ensure that each of your users accesses the e-learning portal using one of the following:
      • Microsoft Internet Explorer versions 9 or later.
      • Apple Safari v6 or later.
      • Mozilla Firefox v25 or later.
      • Google Chrome v30 or later.
    • Permit us to place cookies on your users’ computers to facilitate provision of our e-learning staff awareness training courses;
    • Establish connectivity to the e-learning portal; and
    • Ensure that your users are instructed in the proper use of our e-learning portal and any e-learning staff awareness courses.
  • In relation to the e-learning portal, we agree that:
    • With the exception of Internet outages and scheduled downtime, the e-learning portal will be available for 99.5% of each calendar month;
    • We will provide you with at least 72 hours’ email notification of scheduled downtime (that is, any planned or scheduled interruption of services from the e-learning portal, for the purposes of e-learning portal or infrastructure upgrades, software patching, software improvement, or for the replacement of any hardware or software); and
    • We will make regular backups of all data on the e-learning portal and will retain them for 60 days.
  • We reserve the right to deny access to the e-learning portal by any of your users who are, or we reasonably suspect may be, engaged in any illegal activity or which may in any way affect the performance of the e-learning portal or its continued use by any of our users.
  • You also agree that we own the copyright in all the content material (whether text, graphics, designs, guidance notes, or information of any kind) (‘Courseware’), as well as in any upgrades or updates of any sort that may, from time to time, be made available to you on our e-learning portal.

Emergency Cyber Incident Response and Digital Forensic Services: specific terms

  • The Terms in this section apply only to Agreements that cover the provision of emergency cyber incident response and digital forensic services.
  • The Client acknowledges and agrees that in providing these Services, the Company may modify its approach as appropriate to assist the Client in investigating a cyber security incident.
  • The Company will work with the Client at the outset to identify appropriate incident response aims and objectives that are realistic and achievable by the cyber incident response team.
  • Throughout the engagement, logs are kept of the actions taken by the cyber incident response team, and in line with the Company’s data retention procedure, these are retained, along with all other Client files, for six years and are then destroyed.
  • Client files will be encrypted and classified as appropriate.
  • Access to Client artefacts and documentation is restricted to the cyber incident response consultants and senior management of the Company.
  • Should the delivery of these Services require specific hardware, software or specialised products, the Client may be provided with a quotation for the equipment and any additional services.
  • The Client authorises the Company to perform any off-site analysis of Client data necessary for the delivery of this Service.
  • The Client acknowledges and agrees that the Company may be required to connect its computers or equipment directly into the Client’s computer network or assets. The Client assumes all risk and liability in this regard and the Company shall have no liability in this regard whatsoever.
  • The Company will carry out all emergency cyber incident response and digital forensic services using reasonable care and skill and in a professional manner.
  • The Client acknowledges and agrees that while delivering this Service, the Company may find evidence of issues such as a data breach, malware infection, network intrusion, etc., and that may require regulatory reporting for one or more territories in which the Client operates. The Client remains solely responsible for all such reporting requirements and the Company shall have no liability in this regard whatsoever.
  • While delivering this Service, the Company reserves the right to assign any suitably skilled resource(s) available to provide this Service. The Company is not obligated to provide a specific resource or third party.
  • The emergency cyber incident response triage will not exceed the length of time as set out in the Letter of Engagement. Where the triage will require more time than as set out in the Letter of Engagement, the Company reserves the right to charge additional fees. The Company will not exceed the agreed time without the Client’s consent.
  • The Company will require explicit authorisation to proceed from the Client and from any additional parties that are in scope before the start of any emergency cyber incident response or digital forensic activities.
  • Following purchase of the Cyber Incident Response Annual Retainer – Gold or Platinum service, the client acknowledges that they will not be able to call upon the emergency cyber incident response service for at least 48 hours.

The Company will not:

  • disclose information regarding ongoing or closed cyber security incidents to third parties without the Client’s prior permission, unless otherwise required by law;
  • allow anyone, other than those with a need to know, access to information regarding the Client’s cyber security incident; or
  • exchange information in relation to a cyber security incident over an unencrypted or unsecure medium.

Client responsibilities

  • The Client will provide appropriate personnel who have the necessary technical, operational and business knowledge and authority to make decisions concerning the emergency cyber incident response service.
  • The Client will provide the Company with all necessary cooperation, information and support that may reasonably be required by the Company to deliver this Service.
  • The Client will provide the Company with escalation/contact details that can be used as required.
  • The Client will make any decisions required promptly and without delay, and the Company shall be entitled to rely on such decisions and approvals.
  • The Client will identify and disclose to the Company any third parties that may conceivably be affected by the Company’s cyber incident response or digital forensic services in relation to the investigation, and damage and/or loss of service/delays caused by the Client’s failure to identify and/or disclose such third parties shall remain the sole responsibility of the Client and the Client therefore indemnifies the Company against all and any costs or damages howsoever arising from such activities. The Client’s authorisation to commence cyber incident response or digital forensic activities is deemed to include confirmation that any relevant Client-internal or external parties have been appropriately notified and that all necessary permissions from such parties for the Company to commence work have been provided to the Company in writing.
  • The Client is responsible for notifying the Company of any applicable legal, regulatory or export control requirements related to the Client’s assets. If necessary, the Client will obtain any necessary licences with respect to the Service.
  • If emergency cyber incident response services are to be conducted on the Client’s premises, the Client agrees to provide the cyber incident response team with a suitable working space.
This website uses cookies. View our cookie policy