Instructions for legal review of the CyberSight Forensics website prior to public launch. Each item states what to review, where it appears, and — in the blue box — exactly what legal must return so engineering and design can finalise the build. Items are graded: BLOCKER launch cannot proceed without it · REQUIRED must be resolved at or before launch · ADVISED recommended good practice.
| Item | Review instruction | Priority |
|---|---|---|
| Trading disclosures | The footer legal block currently holds placeholders: Company No. [00000000] and Registered office: [address]. Confirm the registered company name "Managed Cybersecurity Services Ltd", trading name "CyberSight Forensics", company number, country of registration and registered office address. Confirm whether "CyberSight Forensics" requires registration as a business name anywhere, and that the trading-name/legal-name relationship is stated correctly ("CyberSight Forensics is a trading name of Managed Cybersecurity Services Ltd" wording recommended).
RETURNExact approved footer disclosure string: legal name, company number, place of registration, registered office address, and approved trading-name wording.
|
BLOCKER |
| VAT | If the company is VAT-registered, the Provision of Services Regulations 2009 and e-commerce disclosure norms expect the VAT number to be published.
RETURNVAT registration number (or confirmation not registered).
|
REQUIRED |
| Item | Review instruction | Priority |
|---|---|---|
| ICO registration | Footer carries placeholder ICO Registration No. [ZA000000]. Confirm the company's ICO registration (data protection fee) is current and covers the intended processing.
RETURNICO registration number and renewal date.
|
BLOCKER |
| Privacy Policy | The contact form collects name, organisation, work email and phone. A privacy notice must exist and be linked before any real enquiry is collected. It should cover: controller identity, lawful basis for enquiry handling, retention period for enquiries, recipients/processors (e.g. the form backend or email provider engineering selects), data subject rights, and complaint route to the ICO. Note the form instructs users not to submit case-sensitive data — confirm this warning wording is sufficient.
RETURNApproved Privacy Policy text (we can supply a working draft for mark-up), plus the confirmed retention period and lawful basis for enquiry data.
|
BLOCKER |
| Form handling | The design ships with a mock form; engineering will wire a backend. Legal to set the requirements the backend must meet: UK/EEA data residency (or approved IDTA/addendum if not), processor contract with the form/email vendor, encryption at rest if enquiries are retained.
RETURNData-handling requirements memo for the form backend (residency, processor terms, retention, access control).
|
REQUIRED |
| Cookies / PECR | The site sets no cookies and runs no analytics. It stores two preference strings in localStorage (theme, language) at the user's request — this sits in the strictly-necessary/preference category, so no consent banner is required as built. Confirm this analysis, and note that adding analytics later triggers a consent requirement.
RETURNApproved Cookie Policy text documenting the two localStorage preferences; confirmation that no consent banner is required for the launch build.
|
REQUIRED |
| Item | Review instruction | Priority |
|---|---|---|
| Certification badges | Highest-risk item. The footer displays ISO 9001, ISO 27001 and Cyber Essentials Plus chips, while the Compliance section states accreditations are "in progress". Displaying certifications not held is a misleading-claims risk (CAP Code 3.1; CPRs), and the Cyber Essentials badge is licence-restricted to certified organisations (IASME terms). Rule on: (a) remove badges until certified, (b) relabel the strip "Working towards", or (c) show only certifications actually held at launch.
RETURNDecision (a/b/c) + the exact approved label wording for the footer strip, and a list of certifications actually held with certificate numbers/dates.
|
BLOCKER |
| Service-level claims | Verify each quantified claim is substantiable with evidence held before publication: "4 hrs emergency response target", "24–48 h pilot intake turnaround", "100% documented chain of custody", "24/7 rapid-response availability", "We'll respond within 4 working hours". Confirm whether "target" qualifiers are sufficient or contractual SLA language is needed.
RETURNPer-claim verdict: approved as-is / approved with revised wording (provide wording) / remove.
|
BLOCKER |
| Emergency-response scope | Emergency triage is restricted to registered clients on retainer, but four places read as a public offer: the stats strip, Process step 01, the contact line ("For urgent incidents, call us directly — any hour") and FAQ answers 1 & 5. Decide whether the public-facing wording must be qualified.
RETURNApproved wording for each of the four locations (or confirmation current wording is acceptable).
|
BLOCKER |
| Forensic standards claims | The Compliance section claims operation "to ISO 27001 and ISO 17025 standards, with CREST accreditation and NCSC-recognised training in progress" and offers "expert witness testimony" and "court-ready" / "prosecution-grade" reporting. Review against the Forensic Science Regulator Act 2021 and the FSR Code of Practice: confirm whether the intended activities require FSR Code compliance declarations, and that "court-ready" claims are defensible given current accreditation status.
RETURNApproved wording for the Compliance section + position note on FSR Code applicability.
|
BLOCKER |
| Government affiliation | A non-affiliation disclaimer is in the footer; no crowns, crests or "gov" styling are used. Confirm the disclaimer wording is sufficient given the public-sector audience and check the name/branding against the Companies House sensitive-words guidance position previously researched.
RETURNConfirmation or revised disclaimer wording.
|
REQUIRED |
| Page | Review instruction | Priority |
|---|---|---|
| Privacy Policy | See section 02. Linked in footer; page does not yet exist. | BLOCKER |
| Cookie Policy | See section 02. Must document the two localStorage preferences. | REQUIRED |
| Terms & Conditions | Website terms of use (not service contracts): liability, acceptable use, IP in site content, governing law (England & Wales).
RETURNApproved Terms text, or instruction to draft for mark-up. | REQUIRED |
| Accessibility Statement | The site meets WCAG 2.2 AA (audit supplied in the handoff package). Not statutorily mandated for a private company, but expected by public-sector buyers and referenced in the footer.
RETURNApproval of a WCAG 2.2 AA conformance statement based on the supplied audit. | ADVISED |
| Modern Slavery Statement | Mandatory only above £36M turnover (Modern Slavery Act 2015 s.54); kept voluntarily for procurement credibility. Confirm whether to retain the link and approve a voluntary statement, or remove it until required.
RETURNKeep/remove decision; approved statement text if kept. | ADVISED |
| Item | Review instruction | Priority |
|---|---|---|
| Trade mark | Confirm clearance/registration status of "CyberSight Forensics" name and the logo marks (UK IPO search was part of naming research; confirm filing intent before significant marketing spend).
RETURNClearance confirmation; filing recommendation (classes 9, 42, 45 suggested for discussion).
|
ADVISED |
| Font licences | Site uses Space Grotesk, Source Sans 3 and IBM Plex Mono — all under the SIL Open Font Licence, permitting self-hosting and commercial use. Confirm no objection.
RETURNConfirmation.
|
ADVISED |
| "Website by" credit | Footer carries "Website by Managed Services". Confirm this credit is wanted and correctly named.
RETURNKeep/amend/remove.
|
ADVISED |
| Item | Review instruction | Priority |
|---|---|---|
| EN/CY provision | The site includes an English/Welsh language picker; Welsh content does not yet exist. Welsh Language Standards bind public bodies, not private suppliers — but contracts with Welsh public bodies can pass obligations through. Advise whether Welsh provision is contractually expected for target customers, and approve the interim approach (picker present, content "to follow").
RETURNPosition note; if Welsh is required at launch, confirm so translation can be commissioned and served at
/cy/. |
ADVISED |
Launch is gated on all BLOCKER items being returned and incorporated. Please return items to the design team in writing (tracked document or email), quoting the section numbers above. Where wording changes are required, provide the exact replacement text — the site copy is otherwise final and approved.
Prepared from: "CyberSight Website.html" (design reference), "CyberSight Site Audit.html" (security/SEO/legal flags) and "CyberSight WCAG Audit.html" (accessibility). This brief is a review checklist prepared by the design team, not legal advice; graded priorities are recommendations for counsel to confirm. Companion package: design_handoff_cybersight_website/.