# Approved Wording Annex — CyberSight Forensics website (D-1 → D-9)

**Privileged & confidential** · BTC-CS2026-OW-LG-WD-0001-ApprovedWordingAnnex_A1-C01.md · **A1-C01 — PUBLISHED** 12 June 2026 · SEC3 SENSITIVE
Companion to **ON-0001 (A1-C02)** and **IN-0001 (build checklist)**. All text below is **drop-in copy** for the launch ("Tier-1") build. Square brackets `[ ]` mark facts the company must supply — every one is listed at the end. This annex is **immutable copy once adopted**: any wording change re-triggers Themis sign-off. Exact placement is in IN-0001. Nothing goes public-live until the IN-0001 Go-Live Gate is cleared.

**Operator-name rule (applies throughout).** Until the change of name is registered at Companies House, the **registered name is "Phishermans Ltd"**; after the certificate of incorporation on change of name issues, it is **"Managed Cybersecurity Services Ltd"**. Company number **15312330** is unchanged. Everywhere below shows `[Registered name]` — populate with the *currently-registered* name and swap on registration (single config value). "CyberSight Forensics" is the trading name throughout.

---

## D-1 · Footer legal block (every page, every error page)

> **CyberSight Forensics** is a trading name of **[Registered name]**, a company registered in England & Wales (company number **15312330**). Registered office: **[registered office address]**.
>
> CyberSight Forensics is not affiliated with, endorsed by, or connected to any UK government body, law-enforcement agency or regulator. Information on this site is general and does not constitute legal advice.
>
> ICO registration: **ZC098139**. [VAT registration: **[VAT number]** — *omit this line entirely if not VAT-registered*.]
>
> [Privacy Policy](/privacy) · [Cookie Policy](/cookies) · [Terms of Use](/terms) · [Accessibility](/accessibility) · [Modern Slavery Statement](/modern-slavery) *(optional — see D-9)*
>
> © 2026 [Registered name]. Website by Managed Services. *(amend or remove "Website by" line per Principal — IN-0001 item 05)*

## D-2 · Government / affiliation disclaimer (footer + Compliance section)

> **Independent provider.** CyberSight Forensics is a private, independent provider. We are not part of, accredited by, or acting on behalf of any government department, police force, the National Crime Agency, the NCSC or any regulator. Where we refer to standards, codes or training, we describe how we align our work — not an endorsement of us by any body.

## D-3 · Privacy Policy (`/privacy`) — must be live before any enquiry is collected

> **CyberSight Forensics — Privacy Policy**
>
> **Who we are.** This website and the CyberSight Forensics service are operated by **[Registered name]** ("we", "us"), a company registered in England & Wales (company number 15312330), registered office [registered office address]. We are the data controller for the personal data described here. You can contact us at **[contact email]**. Our ICO registration number is **ZC098139**.
>
> **What we collect, and why.** When you use our enquiry form we collect the **name, organisation, work email address and phone number** you provide, and the content of your enquiry.
> - *Purpose:* to receive and respond to your enquiry and to take any steps you ask for before entering into a possible engagement.
> - *Lawful basis:* our **legitimate interests** in responding to and managing business enquiries (UK GDPR Article 6(1)(f)); and, where your enquiry is a step towards a service agreement, **taking steps at your request before entering into a contract** (Article 6(1)(b)).
>
> **Please do not send sensitive case material through this form.** It is an initial enquiry channel only. Do not include details of live incidents, evidence, or other people's personal data; if a matter proceeds we will agree a secure channel with you. If sensitive information is sent to us unprompted, we will restrict access to it and delete it where it is not needed.
>
> **How long we keep it.** We keep enquiry data for **[12 months]** from your last contact where the enquiry does not become an engagement. Where it does, we keep it for the duration of the engagement and any period we are required to retain records afterwards.
>
> **Who else is involved.** Your enquiry is handled using **[form/email provider — confirm at build]**, which processes the data on our behalf under a written contract that meets UK GDPR requirements, and our hosting provider **[hosting provider — confirm at build]**. We do not sell your data, use it for advertising, or make automated decisions about you. Your data is stored in the **UK / EEA**; if any provider processes it outside the UK, we put approved safeguards (such as an International Data Transfer Agreement) in place.
>
> **Your rights.** You can ask for a copy of your data, ask us to correct or delete it, object to or restrict our processing, and ask us to transfer it. Email **[contact email]** — we respond within one calendar month. If you are unhappy with how we handle your data you can complain to the **Information Commissioner's Office** (ico.org.uk).
>
> *Last updated: [go-live date]. Version 1.0.*

## D-4 · Cookie Policy (`/cookies`)

> **CyberSight Forensics — Cookies and local storage**
>
> **We don't use cookies, and we don't track you.** This site sets no cookies and runs no analytics or advertising trackers.
>
> **Two preferences saved on your device.** So the site remembers how you like to view it, we save two small preference settings **in your browser's local storage, on your device**: your **theme** (light/dark) and your **language** choice. These are set only because you chose them, they stay on your device, they are not sent to us, and they are not used to identify you. Because they are strictly necessary to deliver the preference you asked for, no consent banner is required.
>
> | Item | Where | Purpose | Lasts |
> |---|---|---|---|
> | Theme preference | Your browser (local storage) | Remembers light/dark choice | Until you clear it |
> | Language preference | Your browser (local storage) | Remembers your language choice | Until you clear it |
>
> You can clear these at any time in your browser settings. If we ever add analytics or anything that stores data for other purposes, we will ask for your consent first.
>
> *Last updated: [go-live date].*

## D-5 · Website Terms of Use (`/terms`)

> **CyberSight Forensics — Terms of Use**
>
> These terms govern your use of this website. They are not a contract for our services — any engagement is covered by a separate written agreement.
>
> **1. Who we are.** This website is operated by [Registered name], registered in England & Wales (company number 15312330), registered office [registered office address]. By using the site you accept these terms.
>
> **2. Information only.** The content of this site is general information about our services. It is **not legal, forensic or other professional advice**, and nothing on it creates a client relationship or a contract for services. No figure, statement or response on this site is a guarantee of any outcome.
>
> **3. Acceptable use.** You may use the site for lawful purposes only. You must not misuse it, attempt to gain unauthorised access, disrupt it, scrape or bulk-extract its content, or use it to transmit anything unlawful or harmful.
>
> **4. Intellectual property.** The content, design, text, graphics and code of this site are owned by or licensed to us and are protected by law. You may view and print pages for your own reference; all other rights are reserved. "CyberSight Forensics" and our logos are our trade marks.
>
> **5. Links.** Links to other websites are provided for convenience; we are not responsible for their content.
>
> **6. Liability.** The site is provided "as is" and "as available". To the fullest extent the law allows, we exclude liability for any loss arising from use of, or reliance on, the site or its content, and for any unavailability. Nothing in these terms excludes or limits our liability for death or personal injury caused by our negligence, for fraud, or for anything else that cannot lawfully be excluded; and nothing affects your statutory rights as a consumer. Subject to that, our total liability to you in connection with the site is limited to **£100**.
>
> **7. Governing law.** These terms, and any dispute arising from them or from your use of the site (including non-contractual disputes), are governed by the law of **England and Wales**, and the courts of England and Wales have exclusive jurisdiction.
>
> *Version 1.0 · Last updated: [go-live date].*

## D-6 · Accessibility Statement (`/accessibility`) — publish only after the WCAG audit is confirmed

> **Accessibility at CyberSight Forensics**
>
> We want this site to be usable by everyone. It has been built to the **Web Content Accessibility Guidelines (WCAG) 2.2 at Level AA** and tested against that standard: it works with a keyboard and with screen readers, respects your text-size and motion preferences, and maintains strong colour contrast.
>
> If you have difficulty using any part of this site, or need information from it in a different format, please contact **[contact email]** — we aim to respond within **5 working days**.
>
> *This statement was prepared on **[date of WCAG audit]** following an accessibility audit of the site. We review it at every significant change.*

## D-7 · Tier-1 claim wording (launch build — pre-accreditation, pre-hire)

*These replace the current site claims. They are the Tier-1 rung of the claims ladder (ON-0001 C02 item 10): honest, process-based, no certifications, no "court-ready". Upgrade to Tier 2/3 only on the actual milestone, with a fresh Themis sign-off.*

**D-7.1 Certification strip (footer) — replace badge artwork with text only:**
> Working towards: ISO 27001 and Cyber Essentials Plus.

*(No certification logos or marks until the certificate is actually held; once held, show the official badge linked to the issuer's register. List any certificate held now: [certifications actually held, with numbers + dates].)*

**D-7.2 Service-level claims — approved wording:**
> - "Our **target** is to respond to emergency incidents within **4 working hours** for clients on a retainer."
> - "Pilot intake is typically **turned around in 24–48 hours**."
> - "We maintain a **documented chain of custody for every exhibit we handle**."
> - "**24/7 on-call incident line for retainer clients.**" *(use this only if literally operated; otherwise omit)*

*(The company must hold evidence supporting each target before launch — CAP Code 3.7.)*

**D-7.3 Emergency-response scope — the four public-facing locations:**
> - **Stats strip:** "4-working-hour emergency response **target** (retainer clients)."
> - **Process step 01:** "If you are a retainer client with a live incident, contact our incident line and we begin triage; otherwise, send an enquiry through the form and we will respond."
> - **Contact line:** "For urgent incidents, **retainer clients** can reach our incident line at any hour."
> - **FAQ answers 1 & 5:** make clear that round-the-clock emergency triage is a service for clients on a retainer; all other enquiries are handled through the enquiry form during business hours.

**D-7.4 Compliance section — Tier-1 wording:**
> **Our standards.** We are building CyberSight Forensics to operate to recognised forensic and information-security standards. We are **working towards ISO/IEC 17025 accreditation** for our forensic activities and **align our work with the Forensic Science Regulator's Code of Practice**. We also operate towards **ISO 27001** information-security controls and are **working towards Cyber Essentials Plus**. We produce reports and maintain a documented chain of custody **designed to support use in legal proceedings**.
>
> *(Do not state current ISO 17025 accreditation, CREST accreditation, "court-ready"/"prosecution-grade", or "expert witness testimony" as a present capability until the relevant milestone is actually met — see the claims ladder. "NCSC-recognised training" may be stated only if accurate and must not imply NCSC endorsement of the company.)*

## D-8 · Welsh "coming soon" state (if the picker ships without content)

> Mae fersiwn Gymraeg o'r wefan hon ar y ffordd. / A Welsh-language version of this site is coming soon.

## D-9 · Modern Slavery Statement (`/modern-slavery`) — optional, voluntary (keep or remove — IN-0001 item 04)

> **Modern Slavery — voluntary statement.** [Registered name] is not required to publish a statement under section 54 of the Modern Slavery Act 2015 (our turnover is below the threshold). We publish this voluntarily: we do not tolerate slavery or human trafficking in our business or supply chain, and we expect the same of those we work with. We will review this statement annually.

---

## Bracketed facts — needed before these go live

- `[Registered name]` — Phishermans Ltd now / Managed Cybersecurity Services Ltd once the rename is registered.
- `[registered office address]`.
- `[contact email]` for the site (privacy, accessibility, general).
- `[VAT number]` — or confirm not registered (then delete the VAT line in D-1).
- `[certifications actually held, with numbers + dates]` — for D-7.1.
- `[form/email provider]` and `[hosting provider]` — for D-3 / SP-0001.
- `[12 months]` retention — confirm or adjust (D-3).
- `[go-live date]` — D-3, D-4, D-5.
- `[date of WCAG audit]` — D-6 (and supply the audit so Themis can confirm the AA statement).
- Keep/remove **Modern Slavery** statement (D-9); keep/amend/remove **"Website by"** credit (D-1).

---

*Themis Legal · 12 June 2026 · WD-0001 · A1-C01 · SEC3 · Privileged & confidential. Check all wording against the built pages before launch (live-surface check). Tier-2/Tier-3 claim wording issued on the actual hiring/accreditation milestone.*