1. Purpose of This Assurance Pack

This document is designed to support procurement, compliance, safeguarding, and assurance-led review processes. It provides a clear overview of Cyber Rebels Ltd, the services we deliver, the standards we work to, and the documentation available to support supplier validation.

Cyber Rebels approaches cybersecurity as a practical, human issue shaped by how people work, communicate, and make decisions in real environments. That view influences how we design training, how we handle information, and how we work with partner organisations across education, business, community, and regulated settings.

2. About Cyber Rebels Ltd

Cyber Rebels Ltd is a UK training provider delivering live, instructor-led cybersecurity and digital safety training for schools, businesses, youth organisations, community groups, SMEs, and regulated sectors. Our sessions are designed to be practical, clear, and relevant to the environments people actually work and learn in.

We operate as educators first. That means our delivery is structured around clarity, professionalism, safeguarding, and appropriate learner support rather than fear-based messaging or generic awareness content. Our work is designed to help people make safer, more confident decisions in digital environments without making cybersecurity feel abstract, technical, or inaccessible.

Our programmes are CPD-accredited and are adapted to organisational context, audience type, safeguarding requirements, and operational risk profile. We work with partner organisations to ensure delivery aligns with their internal policies, appropriate conduct expectations, safeguarding arrangements, and information security requirements.

3. Services and Delivery Overview

Cyber Rebels provides live, interactive cybersecurity and digital safety training across a range of settings. Delivery includes business training, education-focused sessions, youth digital safety sessions, awareness workshops, and behaviour-led cybersecurity training tailored to organisational context.

Sessions are designed around real-world situations, practical decision-making, and clear explanation. Depending on the audience, training may include guided discussion, structured demonstrations, reflective activities, scenario-based learning, and age-appropriate interactive exercises. Delivery is adapted to the needs of the organisation and the people taking part.

We work with children, young people, adults, remote teams, SMEs, frontline staff, and regulated sectors. Where delivery takes place in education or youth settings, it is adapted to suit age, environment, safeguarding requirements, and the operational expectations of the partner organisation.

4. Governance, Policies and Compliance

Cyber Rebels maintains a full suite of governance, policy, and compliance documentation to support safe, lawful, and transparent delivery. These policies are reviewed regularly and updated in line with changes in legislation, technology, operational practice, and safeguarding guidance.

Our documentation is written with reference to UK GDPR, the Data Protection Act 2018, the Data (Use and Access) Act 2025, Cyber Essentials principles, NCSC guidance, and relevant safeguarding and sector-specific requirements.

Current policies are available at:
https://cyberrebels.co.uk/our-policies-and-terms

Available policies include the Privacy Policy, Cookies and Tracking Policy, Information Security Policy, Data Retention Schedule, Youth DPIA and Safeguarding Policy, Cyber Hygiene Commitment, Complaints Policy, Health and Safety Policy, and Terms and Conditions.

5. Data Protection and Information Security

Data protection is built into how Cyber Rebels operates. We follow a data minimisation approach, collecting only what is necessary, limiting what is retained, and applying appropriate technical and organisational controls to protect the information we handle.

Our data protection arrangements include a Legitimate Interest Assessment and public summary where relevant, a full Data Protection Impact Assessment for youth and education services, encryption for locally stored files, access controls, secure communications, and a documented data retention schedule.

We do not sell personal data, share it without lawful basis, or retain it for longer than necessary. Where temporary data is used during delivery, such as for activities or demonstrations, it is managed carefully and deleted where appropriate shortly after use.

6. Safeguarding Children and Young People

Cyber Rebels works with schools, trusts, youth groups, clubs, and community organisations, and safeguarding is treated as a core operational responsibility. Our youth-focused work is shaped by Keeping Children Safe in Education, the Ofsted 4Cs framework, UK data protection requirements, youth-specific DPIAs, and the safeguarding expectations of the organisation we are supporting.

Our delivery model is designed to reduce unnecessary safeguarding risk. We do not require sensitive or unnecessary personal disclosures from young people. A responsible adult from the partner organisation is expected to be present throughout delivery. Content is age-appropriate, recording is not permitted for youth participants, and any safeguarding concerns are escalated through the organisation’s own safeguarding lead and procedures.

All Cyber Rebels personnel working in relevant settings hold Enhanced DBS certificates. We also follow the safeguarding policies, procedures, and practical guidance of each partner organisation when operating in their environment.

7. Professional Standards and Training Quality

All training delivered by Cyber Rebels is designed to be safe, engaging, relevant, and professionally structured. Sessions are fully instructor-led and adapted to the needs of the audience, whether that audience is made up of pupils, staff teams, youth groups, remote workers, operational teams, or senior leaders.

Training is delivered by qualified cybersecurity educators who hold recognised teaching and assessment credentials, including the Level 3 Award in Education and Training and the Level 3 Award in Assessing Competence in the Work Environment. These qualifications support effective learning design, inclusive delivery, learner engagement, and safe session management across youth and adult environments.

Alongside teaching qualifications, our trainers bring practical cybersecurity knowledge and professional recognition, including membership or affiliation with bodies such as BCS, CIISec, and ISACA. This combination of educational capability and industry understanding helps ensure that sessions are structured, clear, appropriate, and grounded in real-world relevance.

8. Training Methodology and Behavioural Framework

Cyber Rebels training is designed and quality-controlled using a defined behavioural competency structure known as the Five-Domain Model. This model provides a consistent foundation for planning, delivery, and review across different sectors, audiences, and formats.

The model covers contextual risk recognition, verification and control discipline, secure operational behaviour, incident judgement and escalation, and professional cyber judgement. These domains are used to shape session design and keep training focused on how people recognise, interpret, and respond to situations in practice.

Activities are mapped against these domains during planning and delivery so that training remains relevant to the client environment while still following a structured and repeatable quality framework.

9. Security Practices and Technical Measures

Cyber Rebels applies practical security measures across its operations and uses the same standards of sensible cyber hygiene that it promotes in training. Our operational measures include encrypted data storage, multi-factor authentication on systems, secure configuration, device hardening, appropriate network security, and regular review of security and policy controls.

Where relevant, we also avoid the use of removable media in youth settings, use secure communications, and apply a simple-by-design approach that reduces unnecessary access, unnecessary retention, and unnecessary risk.

10. Insurance

Cyber Rebels maintains appropriate business insurance cover to support delivery and supplier assurance requirements.

Current cover includes Public Liability insurance of £2,000,000, Professional Indemnity insurance of £1,000,000, and Cyber Insurance of £1,000,000.

Insurance certificates can be provided on request.

11. Sustainability and Ethical Practice

Cyber Rebels is committed to operating responsibly, transparently, and in a way that supports trust, fairness, and long-term accountability. We do not rely on fear-based messaging, exaggerated claims, or manipulative delivery practices. Our training is designed to empower people through clear explanation, practical relevance, and respectful communication.

We aim to work openly with partner organisations, disclose relevant information clearly, and maintain appropriate professional boundaries around data use, confidentiality, safeguarding, and conduct. We do not accept inducements that would compromise integrity, and we expect professional standards to be maintained across delivery, communication, and operational practice.

We also seek to reduce unnecessary environmental impact through digital-first delivery where appropriate. Cyber Rebels holds Green Small Business certification, and supporting evidence can be provided on request.

12. Working With Your Organisation

Cyber Rebels works collaboratively with each organisation before delivery begins. This allows us to understand the environment, the intended audience, relevant safeguarding or leadership contacts, any data requirements, and the practical considerations that need to be reflected in the session.

Where relevant, we confirm age group, safeguarding expectations, delivery format, session boundaries, and any reasonable adjustments required to support safe and effective participation. This helps ensure the session fits naturally within your existing processes rather than creating unnecessary friction.

Our approach is intended to be straightforward and professional. We adapt to the organisation we are supporting and aim to deliver in a way that is safe, efficient, and aligned with the standards already in place.

13. Documents Available on Request

The following supporting documents can be provided to partner organisations on request as part of supplier assurance, due diligence, or onboarding processes:

• Enhanced DBS certificates
• Professional qualifications
• CPD accreditation certificate
• Insurance certificates
• ICO registration details
• Data protection documentation, including LIA, DPIA, and retention schedules
• Safeguarding and online safety policies
• Accessibility information and reasonable adjustments details
• UKPRN registration details

14. Operational and Contact Details

General enquiries: [email protected]
Safeguarding lead: Andy Longhurst
Data protection contact: [email protected]

ICO Registration: ZB892477
UKPRN: 10098239

15. Statement of Assurance

Cyber Rebels confirms that the policies and controls referenced in this document are maintained and reviewed regularly. We operate in alignment with UK GDPR, the Data Protection Act 2018, the Data (Use and Access) Act 2025, and relevant safeguarding and security frameworks applicable to the environments in which we work.

We are committed to delivering training that is safe, inclusive, compliant, and professionally managed. Where work involves children and young people, safeguarding requirements are treated as an operational priority and delivery is structured accordingly.

Our aim is to provide partner organisations with clear assurance that Cyber Rebels is a safe, credible, and professionally managed training provider that can support delivery without creating unnecessary procurement or compliance friction.