250+ employees · Low Cyber Risk Profile. L1 is a consultant-led engagement with technology platform gap analysis. Every engagement is a self-assessment prepared by your organisation and independently reviewed by a Fig Group assessor, who checks the evidence and certifies whether you are compliant.
DCC is a self-assessment scheme. Your organisation prepares the evidence against the Cyber Security Model v4 requirements for your level. Fig Group, as an IASME-licensed Defence Cyber Certification Body, then independently reviews every piece of evidence you submit. Our assessor checks it against the CSM v4 controls and decides whether your submission meets the standard.
Your organisation answers the DCC L1 questionnaire and assembles the supporting evidence through the IASME portal. Your dedicated Fig consultant supports you through this phase and the technology platform surfaces technical gaps before submission.
A Fig Group assessor who is independent of your submission examines the evidence against CSM v4. They verify governance documentation, technical controls, supply chain assurance, and - at L1 - conduct interviews with key personnel. This is the independent certification that replaces the old self-declaration approach under DCPP.
If the assessor identifies gaps, you receive structured feedback in-platform. You can remediate and resubmit. Up to three rounds of feedback are included in the price - there are no per-round charges, no resubmission fees, and no hidden costs. Once your evidence meets the standard, the certificate is issued.
The price is fully inclusive. No add-ons, no separate quotes, no surprise charges during the engagement.
Three rounds of assessor feedback are part of the base fee, not a premium add-on. Most engagements conclude inside two rounds.
Some Certification Bodies quote L1 as an audit-only engagement and price the consultant and technology platform as separate add-ons. Fig bundles both into the base fee. Here is the breakdown.
Automated gap analysis runs across your in-scope systems - cloud, identity, endpoints, public-facing services - and surfaces issues that would otherwise become assessor findings. You remediate quietly before the formal review rather than under audit pressure. Platform access for the engagement is included in the L1 fee, not billed separately.
One point of contact through scoping, evidence preparation, platform findings, remediation and formal assessment. The consultant reviews every piece of evidence before submission so the assessor sees a clean pack. This is the engagement model - not a premium upsell.
An IASME-licensed Fig Group assessor independent of the consultant reviews the submission against CSM v4, runs interviews with your named roles, and issues the certificate on pass. Three rounds of assessor feedback are included in the fee.
Cyber Essentials is priced separately and is a prerequisite. We can bundle CE with your DCC engagement on request - talk to us for a combined quote.
6 – 10 weeks for prepared organisations.
Timelines are driven more by the preparation state of your organisation than by the Certification Body. Organisations with existing Cyber Essentials, established governance documentation, and a clear scope typically certify at the lower end of the range. Organisations starting from a low baseline - without an ISMS or existing incident response plan - should plan for the upper end.
No. All Fig pricing is stated exclusive of VAT. The £25,000 – £49,999 price shown is before VAT at the standard rate. Our invoices itemise VAT separately.
No, Cyber Essentials is a prerequisite and is priced separately from this L1 fee. We can bundle CE with your DCC engagement on request - contact us and we will provide a combined quote.
Yes. The Buy now button runs through Stripe for card payment. If you need to pay by BACS against a Purchase Order, contact us and we will raise an invoice. Net 30 payment terms are standard for UK-based organisations.
L1 is bundled: an IASME-licensed Fig Group assessor conducts the formal assessment, a dedicated Fig consultant supports scoping and evidence preparation end-to-end, and the Fig technology platform (normally £4,200 per annum) runs automated gap analysis across your in-scope systems. Three rounds of assessor feedback are included - no per-round charges.
DCC certificates are valid for three years, so there is no multi-year pricing in the traditional sense - the fee covers the three-year cycle. For organisations certifying multiple legal entities or sister companies under a single engagement, contact us for a group quote.
Up to three rounds of assessor feedback are included in the base fee. If the assessor identifies gaps, you receive structured feedback in-platform, can remediate, and resubmit - there are no per-round charges or resubmission fees. Most engagements conclude inside two rounds.
Refunds are available up to the point that assessment work has commenced. Once the assessor has started reviewing your evidence, work done cannot be refunded. See our Terms and Conditions for the full cancellation and refund position.
Tell us about your Cyber Essentials status, the MOD contract context, and your target certification date. We come back within one working day with an engagement plan and a firm quote.