1. Acceptance of Terms

2. About GRC Index and Our Services

GRC Index provides the following services to UK organisations and professionals:

• GRC Maturity Assessment — an independent structured assessment of an organisation's governance, risk, and compliance practices, producing a GRC Index Score benchmarked against recognised international standards including COSO, ISO 27001, SOC 2, and ISAE frameworks.
• GRC Training and Education — CPD-certified online training courses in GRC frameworks including GRC Essentials, ISAE 3402, SOC 1 (SSAE 18), SOC 2, ISAE 3000, ISO 27001, and GRC Advanced (DORA and NIS2). Delivered under the Securance Assurance brand.
• GRC Index Platform — an online platform through which organisations access assessment tools, submit evidence, view their GRC Index Score, access training materials, and manage their GRC certification.

GRC Index operates as an independent assessment and benchmarking body. Our assessments are conducted objectively against internationally recognised standards. GRC Index does not provide implementation consultancy or advisory services as part of the assessment process, maintaining our independence from assessed organisations.

3. Account Registration and Access

1. To access certain features of our platform, you must create an account and provide accurate, complete, and current information. You are responsible for maintaining the confidentiality of your account credentials and for all activities that occur under your account.
2. You must notify us immediately at info@grci.net if you suspect any unauthorised use of your account or any other security breach.
3. We reserve the right to suspend or terminate your account where we reasonably believe your account has been compromised, where you have materially breached these Terms, or where continued access poses a risk to our platform or other users.
4. You must not use automated tools, scripts, or bots to access our platform or extract data from our Services without our prior written consent.

4. Assessment Services — Specific Terms

1. The GRC Assessment is a structured evaluation of your organisation's governance, risk, and compliance practices. Assessment results (GRC Index Scores and reports) reflect an independent evaluation based on the information and evidence you provide at the time of assessment.
2. You are responsible for the accuracy and completeness of all information and evidence submitted as part of the assessment process. GRC Index relies on the information you provide and cannot be held responsible for inaccurate results arising from incomplete or misleading submissions.
3. Access controls and role-based permissions limiting staff access to personal data on a need-to-know basis
4. GRC Index Scores are specific to the assessment cycle in which they were generated. They reflect the state of your GRC practices at the time of assessment and may not reflect subsequent changes to your organisation's practices or to the regulatory environment.
5. You may share your GRC Index Score and certificate externally (e.g. with clients, supply chain partners, or regulatory bodies) provided you do not misrepresent the scope, date, or meaning of the assessment result.

5. Training Programmes — Specific Terms

1. Upon purchase and enrolment, GRC Index grants you a personal, non-transferable licence to access the training course materials for the duration specified at the time of purchase. Licences are for individual use only and may not be shared between users unless a multi-seat licence has been purchased.
2. Training materials, course content, videos, assessments, and CPD resources provided by GRC Index are protected by copyright and intellectual property rights. You may not reproduce, distribute, resell, or make available to third parties any training materials without our prior written consent.
3. CPD certificates are awarded upon successful completion of a course, subject to you meeting the assessment criteria specified within the course. Certificates confirm completion of the training programme and do not constitute professional qualification or regulatory certification.
4. GRC Index reserves the right to update, revise, or discontinue training courses. Where a course you have purchased is materially changed or discontinued, we will provide reasonable notice and, where appropriate, a refund or equivalent alternative course.

6. Payment and Refunds

1. All prices are stated in pounds sterling (GBP) and are exclusive of VAT unless stated otherwise. VAT will be charged at the applicable UK rate.
2. Payment is required in full at the time of purchase unless a credit account or invoicing arrangement has been agreed in writing. We accept payment by credit card, debit card, and bank transfer.
3. For training courses: you have a statutory right to cancel within 14 days of purchase under the Consumer Contracts Regulations 2013 (distance selling). If you request access to course materials before the end of the 14-day cancellation period, you acknowledge that you will lose your right to cancel once you have begun accessing the course content.
4. For assessment services: refunds are available at our discretion if you cancel before the assessment has commenced. Once an assessment is underway, refunds will not ordinarily be provided except where GRC Index is in material breach of these Terms.
5. In the event of a dispute about payment or a charge, please contact info@grci.net in the first instance. We will endeavour to resolve payment disputes within 10 working days.

7. Intellectual Property

1. All content on the GRC Index platform, including but not limited to the GRC assessment framework, scoring methodology, training course materials, text, graphics, logos, and software, is owned by or licensed to GRC Index and is protected by UK and international intellectual property laws.
2. GRC Index grants you a limited, non-exclusive, non-transferable licence to access and use the Services for your own internal business purposes in accordance with these Terms. This licence does not include the right to reproduce, modify, distribute, sublicense, or create derivative works from our content.
3. Your organisation retains ownership of any evidence, documentation, and data you submit as part of the assessment process. By submitting this material, you grant GRC Index a limited licence to process it for the purpose of conducting your assessment.
4. Where you contribute reviews, testimonials, or case studies to our platform, you grant GRC Index a royalty-free, perpetual licence to use this content for marketing and promotional purposes. We will obtain your explicit consent before using your organisation's name or logo.

8. Acceptable Use Policy

You agree not to use our Services:

• In any way that violates applicable UK or international laws or regulations
• To transmit any unsolicited or unauthorised advertising or promotional material
• To impersonate any person or entity or misrepresent your affiliation with any person or entity
• To engage in any conduct that restricts or inhibits anyone's use or enjoyment of our Services, or which we determine may harm us or our users
• To attempt to gain unauthorised access to any part of our platform, or to any systems or networks connected to our platform
• To upload or transmit viruses, malware, or any other malicious code
• To scrape, harvest, or otherwise extract data from our platform using automated tools without our written consent
• To submit false or misleading information as part of a GRC assessment

9. Disclaimer of Warranties

1. Our Services are provided "as is" and "as available" without warranty of any kind, express or implied, to the fullest extent permitted by applicable law.
2. GRC Index does not warrant that: (a) the Services will be uninterrupted or error-free; (b) any defects will be corrected; (c) our platform or servers are free of viruses or other harmful components; or (d) the results of using our Services will meet your requirements.
3. Nothing in these Terms excludes or limits our liability for death or personal injury caused by our negligence, fraud or fraudulent misrepresentation, or any other liability that cannot be excluded under English law.

10. Limitation of Liability

1. To the fullest extent permitted by applicable law, GRC Index shall not be liable for any indirect, incidental, special, consequential, or punitive damages arising out of or in connection with your use of our Services, even if we have been advised of the possibility of such damages.
2. Our total aggregate liability to you arising out of or in connection with these Terms or your use of our Services shall not exceed the amount paid by you to GRC Index in the twelve (12) months preceding the event giving rise to the claim.
3. GRC Index assessments and scores are benchmarking tools, not regulatory compliance confirmation. GRC Index is not liable for any regulatory action, penalty, or enforcement taken against your organisation in connection with compliance matters.

11. Indemnification

You agree to indemnify, defend, and hold harmless GRC Index, its officers, directors, employees, and agents from and against any claims, liabilities, damages, losses, and expenses (including reasonable legal fees) arising out of or in any way connected with: (a) your access to or use of our Services; (b) your breach of these Terms; (c) your violation of any third-party right; or (d) any inaccurate, misleading, or false information you submit to us.

12. Termination

1. Either party may terminate these Terms on written notice. Termination does not affect any rights or liabilities accrued before the date of termination.
2. GRC Index may suspend or terminate your access to our Services immediately and without notice if you materially breach these Terms, if we are required to do so by law, or if we reasonably believe your use of the Services poses a risk to our platform, other users, or third parties.
3. Upon termination, your licence to access the Services ceases immediately. Sections 7 (Intellectual Property), 9 (Disclaimer), 10 (Limitation of Liability), and 14 (Governing Law) survive termination.

13. Changes to These Terms

GRC Index reserves the right to modify these Terms at any time. We will provide reasonable notice of material changes by posting updated Terms on our website and, where appropriate, notifying registered users by email. Your continued use of our Services after the effective date of updated Terms constitutes your acceptance of those changes. If you do not agree to the updated Terms, you must stop using our Services.

14. Governing Law and Dispute Resolution

1. These Terms and any dispute or claim arising out of or in connection with them (including non-contractual disputes or claims) shall be governed by and construed in accordance with the laws of England and Wales.
2. The courts of England and Wales shall have exclusive jurisdiction to settle any dispute or claim arising out of or in connection with these Terms, except where you are a consumer habitually resident in a different jurisdiction and local mandatory consumer protection law provides otherwise.
3. Prior to commencing legal proceedings, we encourage you to contact us at info@grci.net to attempt to resolve any dispute informally. We will endeavour to respond to all complaints within 10 working days.

15. Miscellaneous

1. Entire Agreement: These Terms, together with our Privacy Policy and any applicable service-specific terms, constitute the entire agreement between you and GRC Index with respect to the Services and supersede all prior agreements.
2. Severability: If any provision of these Terms is found to be invalid or unenforceable, the remaining provisions shall continue in full force and effect.
3. Waiver: Our failure to enforce any right or provision of these Terms shall not constitute a waiver of that right or provision.
4. No Partnership: Nothing in these Terms creates a partnership, joint venture, agency, or employment relationship between you and GRC Index.
5. Third Party Rights: A person who is not a party to these Terms has no right under the Contracts (Rights of Third Parties) Act 1999 to enforce any term of these Terms.