Tiri.Tese Ltd has achieved Cyber Essentials certification under the UK National Cyber Security Centre's scheme. This article sets out what the certification covers, what it means in practice for the organisations we work with, and how to verify it — the point of a verifiable certificate is that you do not need to rely on what we say about it.

We build and operate software for compliance teams, property operators, road freight carriers, and public sector organisations. The data that flows through what we build includes financial records, tenant information, operator compliance documentation, and in some cases citizen-facing government data. The people and organisations whose information we handle have a reasonable expectation that the systems holding it are maintained to a documented, auditable standard. Cyber Essentials is that baseline.

What we had to demonstrate to achieve certification

Cyber Essentials is not a self-declaration. It requires a self-assessment questionnaire submitted to an accredited certifying body, which independently reviews and verifies the answers before issuing the certificate. The assessment covers five technical controls that the NCSC has identified as protection against the most common internet-borne attacks — the NCSC estimates these five controls protect against approximately 80% of them.

Control 01
Firewalls
All internet-facing systems protected by correctly configured boundary firewalls. Inbound and outbound traffic controlled. No unnecessary ports or services exposed.
Control 02
Secure configuration
Systems hardened from a documented security baseline. Default credentials removed. Unnecessary software, services, and accounts disabled before deployment.
Control 03
Access control
Standard and administrator accounts separated. Administrative access restricted to those who require it. Multi-factor authentication enforced on all accounts with privileged access.
Control 04
Malware protection
Active malware protection across all in-scope devices — development machines, operational infrastructure, and any device used to access production systems.
Control 05
Patch management
Operating systems and software kept current on a defined schedule. High and critical severity patches applied within 14 days of release. Unsupported software not in use on any in-scope system.

What this means for the organisations we work with

For a public sector buyer or a regulated industry client, Cyber Essentials certification answers a specific question in their supplier due diligence process: has this supplier demonstrated, through independent assessment, that they maintain the technical security baseline the government has defined as a minimum? The answer, verifiably, is yes.

In practical terms it means:

What Cyber Essentials does not cover

Cyber Essentials is specific about its scope. It does not assess physical security, staff awareness training, penetration testing, incident response procedures, or business continuity. It is a baseline, and we describe it as one.

Our security posture beyond the five controls includes SSH access restricted to key-based authentication with root login disabled; UFW default-deny firewall policy; TLS encryption in transit; data encrypted at rest on DigitalOcean infrastructure; separated standard and administrator macOS accounts for all development activity; and audit logs exportable in standard format for independent review.

Buyers with specific requirements beyond this — penetration testing evidence, ISO 27001, sector-specific frameworks — should ask directly. We will answer specifically, not with marketing language.

How to verify the certificate

Independent verification

Certificate URL: registry.blockmarktech.com/certificates/f8caf65d-0e89-47de-b55f-e199a70cf1ee

Registered company name: TIRI.TESE LTD

Companies House: 16602529

Issued: July 2026  ·  Valid until: July 2027

Certificate reference for procurement questionnaires: hello@tese.uk — we will respond within one working day

Under the Procurement Act 2023, Cyber Essentials is explicitly named in NCSC guidance as the baseline security standard for government contracts involving personal information or technical services. Our certification is annual, independently verified, and held under our registered company name. It is not a badge — it is a documented, renewable, auditable commitment.

What comes next

Cyber Essentials Plus — which replaces the self-assessment verification with an independent technical audit of the controls themselves — is on our roadmap. We will publish that certification here when it is achieved, in the same format: verifiable reference, direct certificate link, plain explanation of what was assessed and what was not.

G-Cloud listing is in progress. Contracts Finder is active. Any organisation evaluating Tiri.Tese as a supplier can contact us at hello@tese.uk for our full due diligence pack — DPA, subprocessor list, certificate reference, and security documentation — without the usual preamble.