Tiri.Tese Ltd has achieved Cyber Essentials certification under the UK National Cyber Security Centre's scheme. This article sets out what the certification covers, what it means in practice for the organisations we work with, and how to verify it — the point of a verifiable certificate is that you do not need to rely on what we say about it.
We build and operate software for compliance teams, property operators, road freight carriers, and public sector organisations. The data that flows through what we build includes financial records, tenant information, operator compliance documentation, and in some cases citizen-facing government data. The people and organisations whose information we handle have a reasonable expectation that the systems holding it are maintained to a documented, auditable standard. Cyber Essentials is that baseline.
What we had to demonstrate to achieve certification
Cyber Essentials is not a self-declaration. It requires a self-assessment questionnaire submitted to an accredited certifying body, which independently reviews and verifies the answers before issuing the certificate. The assessment covers five technical controls that the NCSC has identified as protection against the most common internet-borne attacks — the NCSC estimates these five controls protect against approximately 80% of them.
What this means for the organisations we work with
For a public sector buyer or a regulated industry client, Cyber Essentials certification answers a specific question in their supplier due diligence process: has this supplier demonstrated, through independent assessment, that they maintain the technical security baseline the government has defined as a minimum? The answer, verifiably, is yes.
In practical terms it means:
- The infrastructure running our products is not exposed by unnecessary open ports, default credentials, or unpatched known vulnerabilities.
- Access to systems handling your data is controlled and logged. Administrative access requires explicit elevation and is restricted to those who need it.
- The devices used to build, maintain, and support our products are protected and kept current.
- We go through this assessment every year, not once. The certificate expires in twelve months and must be renewed. That is not a formality — it is an annual audit of whether the controls are still in place.
What Cyber Essentials does not cover
Cyber Essentials is specific about its scope. It does not assess physical security, staff awareness training, penetration testing, incident response procedures, or business continuity. It is a baseline, and we describe it as one.
Our security posture beyond the five controls includes SSH access restricted to key-based authentication with root login disabled; UFW default-deny firewall policy; TLS encryption in transit; data encrypted at rest on DigitalOcean infrastructure; separated standard and administrator macOS accounts for all development activity; and audit logs exportable in standard format for independent review.
Buyers with specific requirements beyond this — penetration testing evidence, ISO 27001, sector-specific frameworks — should ask directly. We will answer specifically, not with marketing language.
How to verify the certificate
Independent verification
Certificate URL: registry.blockmarktech.com/certificates/f8caf65d-0e89-47de-b55f-e199a70cf1ee
Registered company name: TIRI.TESE LTD
Companies House: 16602529
Issued: July 2026 · Valid until: July 2027
Certificate reference for procurement questionnaires: hello@tese.uk — we will respond within one working day
Under the Procurement Act 2023, Cyber Essentials is explicitly named in NCSC guidance as the baseline security standard for government contracts involving personal information or technical services. Our certification is annual, independently verified, and held under our registered company name. It is not a badge — it is a documented, renewable, auditable commitment.
What comes next
Cyber Essentials Plus — which replaces the self-assessment verification with an independent technical audit of the controls themselves — is on our roadmap. We will publish that certification here when it is achieved, in the same format: verifiable reference, direct certificate link, plain explanation of what was assessed and what was not.
G-Cloud listing is in progress. Contracts Finder is active. Any organisation evaluating Tiri.Tese as a supplier can contact us at hello@tese.uk for our full due diligence pack — DPA, subprocessor list, certificate reference, and security documentation — without the usual preamble.