Terms & Conditions

Effective date: 1st June 2026

These Terms & Conditions explain the terms on which FaultLine-CS Cyber & Security Ltd provides information through this website and delivers services to business customers.

By using this website or engaging with our services, you agree to these Terms unless separate written terms are agreed.

FaultLine Cyber & Security Ltd (“FaultLine-CS”, “we”, “us”, “our”) is a company registered in Northern Ireland.

These Terms apply to business customers only and are not intended for consumer services.

Use of this website does not create a client relationship, consultancy relationship, advisory relationship, or contract for services unless expressly agreed in writing by FaultLine-CS.

FaultLine-CS provides advisory, assessment, and consultancy services, including:

  • Exposure Assessments, including external exposure, credential risk, supplier risk insight, and business exposure analysis; 
  • cyber security advisory and consultancy; 
  • ISO/IEC 27001 support and readiness; 
  • Cyber Essentials and Cyber Essentials Plus readiness; 
  • Governance, Risk and Compliance services; 
  • board-level risk reporting and advisory support; 
  • coordination of specialist cyber security services through trusted third-party providers where required. 

FaultLine-CS may coordinate and manage delivery of specialist services through third-party partners, subcontractors, or technical specialists where appropriate.

The content on this website is provided for general information only.

Website content does not constitute legal, technical, regulatory, insurance, certification, or professional advice specific to any organisation.

FaultLine-CS makes reasonable efforts to keep website content accurate and up to date but does not guarantee that website content is complete, current, accurate, or suitable for any specific purpose.

You should obtain specific advice before acting on website content.

FaultLine-CS provides services on a consultancy, advisory, and assessment basis.

Unless explicitly agreed in writing:

  • FaultLine-CS does not perform penetration testing directly; 
  • FaultLine-CS does not conduct intrusive technical testing, exploitation, or unauthorised access activity; 
  • FaultLine-CS does not provide formal certification, audit approval, legal advice, insurance advice, or regulatory sign-off; 
  • FaultLine-CS does not guarantee that all vulnerabilities, risks, exposures, weaknesses, or threats will be identified; 
  • services are based on available information, agreed scope, client-provided information, reasonable professional judgement, and information available at the time of review. 

FaultLine-CS’s Exposure Assessment is not a penetration test, vulnerability scan, certification audit, or guarantee of security. It is designed to help identify credible areas of business exposure, supplier-related risk, external visibility, and practical routes through which an organisation may be exposed.

Any descriptions on the website, in marketing materials, or in general service summaries are illustrative only and do not form part of a binding contract unless expressly included in an agreed Scope of Work, proposal, quotation, or written agreement.

A binding agreement for services is formed only when:

  • FaultLine-CS issues a Scope of Work, proposal, quotation, statement of work, or written agreement; and 
  • the customer accepts it in writing, by email, signature, purchase order, or other written confirmation accepted by FaultLine-CS. 

Website enquiries, discovery calls, informal discussions, pricing conversations, or general correspondence do not create a contractual agreement unless confirmed in writing by FaultLine-CS.

Where there is any conflict between these Terms and a signed agreement, proposal, quotation, or agreed Scope of Work, the signed agreement, proposal, quotation, or Scope of Work shall take priority.

The scope of services, deliverables, exclusions, timescales, fees, and assumptions will be set out in the agreed Scope of Work, proposal, quotation, or written agreement.

Any work outside the agreed scope must be agreed separately in writing and may be subject to additional fees.

FaultLine-CS shall not be responsible for delays, incomplete work, or reduced accuracy where such issues arise from:

  • incomplete, inaccurate, or late customer information; 
  • lack of customer cooperation; 
  • unavailable systems, staff, documents, or evidence; 
  • changes to scope; 
  • third-party delays; 
  • matters outside FaultLine-CS’s reasonable control. 

The customer agrees to:

  • provide accurate, complete, and timely information; 
  • cooperate with FaultLine Cyber & Security in all matters relating to the services; 
  • ensure all necessary permissions, consents, authorisations, and internal approvals are in place; 
  • provide access to relevant systems, personnel, documentation, suppliers, or evidence where required; 
  • ensure that any information supplied to FaultLine Cyber & Security may lawfully be used for the agreed services; 
  • promptly review and respond to queries, drafts, findings, and recommendations where required. 

The customer remains responsible for deciding whether to implement any recommendations made by FaultLine Cyber & Security.

FaultLine Cyber & Security shall not carry out, instruct, or coordinate penetration testing, vulnerability scanning, intrusive testing, exploitation, social engineering, intrusive supplier testing, direct supplier engagement, or technical access activity unless this is expressly agreed in writing.

Where testing or technical work is agreed, the customer must ensure that all required permissions, authorisations, system owner approvals, third-party approvals, and legal consents are in place before work begins.

FaultLine Cyber & Security shall not be responsible for unauthorised testing, access, scanning, assessment, or technical activity requested or approved by the customer without appropriate authority.

FaultLine Cyber & Security may engage subcontractors, partners, or specialist third-party providers to support delivery of services.

FaultLine Cyber & Security remains responsible for overall coordination and client engagement unless otherwise agreed in writing. However, FaultLine Cyber & Security does not warrant that all services will be delivered directly by FaultLine Cyber & Security personnel.

Where third-party providers are used:

  • their own terms, limitations, or requirements may apply; 
  • the customer may be required to approve their involvement; 
  • the customer may be required to provide additional information or authorisations; 
  • any third-party costs shall be agreed before being incurred where reasonably practicable. 

FaultLine Cyber & Security shall not be responsible for acts, omissions, availability, quality, security, or performance of third-party providers unless expressly agreed in writing.

FaultLine Cyber & Security is not responsible for failures, delays, or issues caused by third-party systems, platforms, providers, or customer-appointed suppliers outside FaultLine Cyber & Security’s reasonable control.

Fees for services will be set out in the agreed Scope of Work, proposal, quotation, or written agreement.

Unless otherwise agreed in writing:

  • invoices are payable within 30 days from the invoice date; 
  • all fees are exclusive of VAT where applicable; 
  • third-party costs, disbursements, or additional expenses may be charged where agreed; 
  • late payment may result in suspension of services. 

FaultLine Cyber & Security reserves the right to charge reasonable costs incurred in the delivery of services, including approved third-party costs, where applicable.

FaultLine Cyber & Security reserves the right to charge interest and recovery costs on late payments where permitted by law.

The customer shall pay all properly issued invoices without deduction, set-off, or withholding except where required by law.

All intellectual property rights in materials, reports, documents, templates, methodologies, frameworks, analysis, recommendations, and deliverables produced by FaultLine Cyber & Security remain the property of FaultLine Cyber & Security unless otherwise agreed in writing.

Upon payment of all applicable fees, the customer is granted a non-exclusive, non-transferable licence to use final deliverables for internal business purposes only.

The customer shall not, without FaultLine Cyber & Security’s prior written consent:

  • copy, modify, resell, publish, distribute, or commercially exploit FaultLine Cyber & Security materials; 
  • share deliverables with third parties except for internal governance, board reporting, insurance, audit, legal, regulatory, certification, procurement, or professional adviser purposes; 
  • remove FaultLine Cyber & Security branding, notices, caveats, or limitations from deliverables; 
  • use FaultLine Cyber & Security materials to create competing services. 

The customer retains ownership of its own pre-existing materials, data, records, systems, and confidential information.

Each party agrees to keep confidential any confidential information received from the other party in connection with the services.

Confidential information includes business information, technical information, security information, client data, supplier information, reports, pricing, commercial information, credentials-related findings, risk findings, and any information that would reasonably be understood to be confidential.

Confidential information shall not be disclosed to third parties unless:

  • required by law; 
  • required by a regulator, insurer, auditor, legal adviser, or professional adviser; 
  • necessary for the agreed services; 
  • already lawfully in the public domain; 
  • or agreed in writing by the disclosing party. 

This confidentiality obligation continues after the relevant engagement ends.

Both parties agree to comply with applicable data protection legislation, including the UK General Data Protection Regulation and the Data Protection Act 2018.

FaultLine Cyber & Security will process personal data only as necessary to deliver the agreed services, manage the customer relationship, comply with legal obligations, and operate its business.

Depending on the nature of the engagement, FaultLine Cyber & Security may act as an independent controller, joint controller, or processor. Where required, the parties shall enter into a separate data processing agreement or include appropriate data processing terms in the relevant Scope of Work or contract.

Where FaultLine Cyber & Security acts as a processor on behalf of the customer, the parties shall ensure appropriate written data processing terms are in place as required by data protection law.

The customer is responsible for ensuring that any personal data, employee data, supplier data, client data, or third-party information provided to FaultLine Cyber & Security is shared lawfully and with appropriate authority.

FaultLine Cyber & Security shall apply appropriate technical and organisational measures to protect personal data and confidential information handled as part of the services.

Reports, findings, and recommendations provided by FaultLine Cyber & Security are based on the agreed scope, available information, evidence reviewed, and circumstances at the time the work is performed.

Findings are provided for business decision-making, governance, risk management, and improvement purposes.

The customer remains responsible for:

  • deciding whether to implement recommendations; 
  • prioritising remediation; 
  • maintaining its own security, governance, compliance, and risk management arrangements; 
  • obtaining legal, regulatory, insurance, or certification advice where required. 

FaultLine Cyber & Security does not guarantee that implementation of recommendations will achieve certification, regulatory compliance, cyber insurance approval, or complete protection from cyber incidents, fraud, supplier compromise, operational disruption, or security breaches.

FaultLine Cyber & Security shall perform services with reasonable care and skill.

To the maximum extent permitted by law, and unless a different liability cap is agreed in the relevant Scope of Work or contract, FaultLine Cyber & Security’s total liability arising out of or in connection with the relevant services shall not exceed the fees paid by the customer for those services.

FaultLine Cyber & Security shall not be liable for:

  • loss of profit; 
  • loss of revenue; 
  • loss of business; 
  • loss of opportunity; 
  • loss of goodwill; 
  • reputational damage; 
  • loss or corruption of data, except where caused by FaultLine Cyber & Security’s breach of data protection obligations, breach of confidentiality, or wilful misconduct; 
  • indirect or consequential loss. 

Nothing in these Terms shall limit or exclude liability for:

  • death or personal injury caused by negligence; 
  • fraud; 
  • fraudulent misrepresentation; 
  • wilful misconduct; 
  • breach of confidentiality where liability cannot legally be excluded; 
  • breach of data protection obligations where liability cannot legally be excluded; 
  • or any liability which cannot legally be limited or excluded. 

Either party may terminate an engagement in accordance with the agreed contractual terms.

FaultLine Cyber & Security may suspend or terminate services immediately where:

  • the customer fails to pay an invoice when due; 
  • the customer requests unauthorised, unlawful, or unsafe activity; 
  • continuing the engagement may create legal, regulatory, ethical, security, or reputational risk. 

Either party may terminate an engagement immediately where the other party commits a material breach that cannot be remedied.

Where a material breach can be remedied, either party may terminate if the breach is not remedied within 14 days of written notice.

On termination, all fees for work completed, committed third-party costs, and approved expenses shall become payable.

Termination shall not affect rights or obligations that have already arisen.

The customer shall not, during an engagement and for 6 months after completion or termination, directly solicit for employment or engagement any FaultLine Cyber & Security employee, subcontractor, consultant, partner, or third-party specialist introduced to the customer through FaultLine Cyber & Security without FaultLine Cyber & Security’s prior written consent.

This shall not prevent the customer from responding to general recruitment approaches not specifically targeted at such individuals.

FaultLine Cyber & Security shall not be liable for any delay or failure to perform services caused by events outside its reasonable control, including failures of third-party systems, internet outages, cyber incidents affecting third parties, illness, acts of government, legal restrictions, supply chain disruption, or other events beyond reasonable control.

Formal notices under these Terms must be sent by email to the contact email stated in the relevant proposal, Scope of Work, or contract, or to such other email address notified in writing by the receiving party.

A notice sent by email shall be treated as received on the next working day unless the sender receives an automated delivery failure notice.

FaultLine Cyber & Security may update these Terms from time to time. The version applicable to an engagement will be the version in force at the date the relevant Scope of Work, proposal, quotation, or written agreement is accepted, unless otherwise agreed.

If any provision is found to be invalid, unlawful, or unenforceable, the remaining provisions shall remain in effect.

No delay or failure by FaultLine Cyber & Security to enforce any right shall prevent FaultLine Cyber & Security from enforcing that right later.

No person other than the parties to the relevant engagement shall have any right to enforce these Terms.

These Terms, together with the agreed Scope of Work, proposal, quotation, or written agreement, represent the entire agreement between the parties in relation to the relevant services unless superseded by a formal contract.

These Terms, and any dispute or claim arising out of or in connection with them, the website, or the services, shall be governed by and construed in accordance with the laws of Northern Ireland.

The parties agree that the courts of Northern Ireland shall have exclusive jurisdiction in relation to any dispute or claim arising out of or in connection with these Terms, the website, or the services.