50 – 249 employees · Very Low Cyber Risk Profile. L0 is a documentation-led self-assessment prepared by your organisation and independently reviewed by a Fig Group assessor, who checks the evidence and certifies whether you are compliant with the CSM v4 Level 0 requirements.
DCC is a self-assessment scheme. Your organisation prepares the evidence against the Cyber Security Model v4 requirements for your level. Fig Group, as an IASME-licensed Defence Cyber Certification Body, then independently reviews every piece of evidence you submit. Our assessor checks it against the CSM v4 controls and decides whether your submission meets the standard.
Your organisation answers the DCC L0 questionnaire and assembles the supporting evidence through the IASME portal. Fig provides guidance and templated governance documents so you can complete the submission without paid consultancy.
A Fig Group assessor who is independent of your submission examines the evidence against CSM v4. They verify governance documentation, technical controls, supply chain assurance, and - at L1 - conduct interviews with key personnel. This is the independent certification that replaces the old self-declaration approach under DCPP.
If the assessor identifies gaps, you receive structured feedback in-platform. You can remediate and resubmit. Up to three rounds of feedback are included in the price - there are no per-round charges, no resubmission fees, and no hidden costs. Once your evidence meets the standard, the certificate is issued.
The price is fully inclusive. No add-ons, no separate quotes, no surprise charges during the engagement.
Three rounds of assessor feedback are part of the base fee, not a premium add-on. Most engagements conclude inside two rounds.
2 – 3 weeks for prepared organisations.
Timelines are driven more by the preparation state of your organisation than by the Certification Body. Organisations with existing Cyber Essentials, established governance documentation, and a clear scope typically certify at the lower end of the range. Organisations starting from a low baseline - without an ISMS or existing incident response plan - should plan for the upper end.
No. All Fig pricing is stated exclusive of VAT. The £2,499.99 price shown is before VAT at the standard rate. Our invoices itemise VAT separately.
No, Cyber Essentials is a prerequisite and is priced separately from this L0 fee. We can bundle CE with your DCC engagement on request - contact us and we will provide a combined quote.
Yes. The Buy now button runs through Stripe for card payment. If you need to pay by BACS against a Purchase Order, contact us and we will raise an invoice. Net 30 payment terms are standard for UK-based organisations.
L0 is a flat-priced self-assessment independently reviewed by a Fig Group assessor. Includes CSM v4 Level 0 assessment, governance and supply chain evidence review, up to three rounds of assessor feedback, certificate issuance, three-year validity with annual attestation, and IASME DCC register listing.
DCC certificates are valid for three years, so there is no multi-year pricing in the traditional sense - the fee covers the three-year cycle. For organisations certifying multiple legal entities or sister companies under a single engagement, contact us for a group quote.
Up to three rounds of assessor feedback are included in the base fee. If the assessor identifies gaps, you receive structured feedback in-platform, can remediate, and resubmit - there are no per-round charges or resubmission fees. Most engagements conclude inside two rounds.
Refunds are available up to the point that assessment work has commenced. Once the assessor has started reviewing your evidence, work done cannot be refunded. See our Terms and Conditions for the full cancellation and refund position.
Tell us about your Cyber Essentials status, the MOD contract context, and your target certification date. We come back within one working day with an engagement plan and a firm quote.