Who is eligible for fully funded services?
Cyber PATH services may be delivered to private, public and charitable sector organisations.
Services will only be delivered where an organisation meets the following criteria:
- The organisation must be a sole trader, micro, small or medium as defined by GOV.UK – Small and Medium-sized Enterprises definition.
- UK-domiciled
- Turnover under £20m (based on IASME Cyber Essentials free insurance requirements)
- The organisation is not part of a larger trust or network with a single IT infrastructure whose size would mean they collectively fall outside of policy e.g. multi-school trust.
Exceptional Circumstances
In certain circumstances we can consider requests of services that fall outside of policy, a discussion must be had with the Head of Cyber PATH who has the final approval and will document their
decision and rationale, and share with the relevant regional CRC.
Where appropriate for wider learning, decisions and rationale may be more widely shared with the network. Regional CRCs will not agree to any delivery on behalf of NCRCG.
Where services are sought by public sector organisations, consideration must be given to whether cyber security measures can and should be delivered by the responsible Government department
rather than Cyber PATH. This may be a decision to be escalated to the Home Office by the Head of Cyber PATH.
