ACE Practitioners

We have access to over 100 independent ACE Practitioners throughout the UK whom we have trained and who have been accredited by QG Management Standards to help implement the requirements of the Scheme.

This means that, though we as a Certification Body do not directly help companies install technical controls for the companies that we assess (we see this as “marking our own homework”), we can put you in touch with a suitable practitioner.

For more information on using (or becoming) an ACE Practitioner, please visit the QG Management Standards website

Indelible Data Limited also trains practitioners to prepare clients for Cyber Essentials Plus assessment – more information about this can be found on our Certified Training page

About the company

A Cyber Essentials Certification Body that is authorised to assess to both Basic and Plus levels of the Scheme.

We are an established information security and technology consultancy: enterprise security architecture, lead security project management, training and auditing with extensive experience of commissioning projects containing sensitive data where information confidentiality, integrity and availability of service are of major importance.

Since its launch in 2009, the company has built up a strong reputation for reliability and client satisfaction when helping them become secure and comply with contractual obligations.

About the founder

Tony is the founder and Managing Director of Indelible Data Limited, a Certification Body that has issued over 2,500 Certificates under the Cyber Essentials Scheme.

He also delivers Accredited Cyber Essentials (ACE) Practitioner training at both foundation and advanced level on behalf of the Accreditation Body, QG Management Standards.

He is a Member of the Institute of Information Security Professionals, a Senior CESG Certified Professional, Certified Ethical Hacker, EC-Council Security Analyst (Practical), Certified GDPR Practitioner and Certified Information Systems Security Professional.

Anna Wilson

Anna Wilson is the Financial and Operations Director. She is an Accredited Cyber Essentials Practitioner and is certified under the Open University’s Online Learning Scheme for Cyber Security.
While this experience is crucial, her extensive communications background on radio and in newspapers, helps give Indelible Data the edge in its efforts to get the Cyber Security message out to SMEs and multi-nationals alike.

Industry Certifications

  • Certified CESG Professional (Senior Level)
  • Certified Information Systems Security Professional. (CISSP)
  • Certified Ethical Hacking
  • Certified ISMS Lead Auditor (ISO 27001)
  • EC-Council Security Analyst (ECSA – Practical)


  • Cyber Essentials Assessment (Basic and Plus)
  • Cyber Security Training
  • ISO 27001 Audit and ISMS Implementation requirements
  • Risk Assessment and Triage
  • Vulnerability Analysis / Management
  • Business Continuity and Disaster Recovery Planning / Implementation
  • Telecommunications and Network Security
  • Legal and Regulatory Compliance

Cyber Essentials Assessments.

We have assessed more than 2500 companies to the Cyber Essentials Scheme – we believe that, to date, this puts us ahead of any other Certification Body since the scheme began.
Our clients range from small businesses through to major International Banks, Global Technology Corporations.


Subject Matter Expertise analysing and assessing network and application vulnerabilities in order to maintain best practice procedures for patching the required systems in the correct order and in a timely manner (triage).

This was a huge project that involved taking data from several thousand servers internationally (using McAfee Vulnerability Manager), liaising with all the different platform and remediation teams, setting targets, baselines and compiling reports for Senior Management.

The office automation processes we developed to help the teams assemble data became vital to the success of the project – vastly improving the ability monitor and report vulnerabilities and action the required remedial work. This contract required Scotland Disclosure clearance and strict adherence to PCI, Sarbanes Oxley and ITIL

Nuclear Supply Chain.

In line with ISO 27001, we have conducted a complete risk analysis programme and formulated policies and procedures to demonstrate that Information Security is of paramount importance when handling and sanitising commercial hardware that has originated from companies holding Sensitive Nuclear Information.
All business processes, software applications and telecommunications were audited and recommendations / implementation plans drawn up to commission a secure disaster recovery site to maintain availability of data processing functions.

Software Houses.These have clients who are large multinationals. We have been asked to oversee the implementation of ISO 27001 to allow them demonstrate their commitment to information security to help win and maintain contracts.

Market Research Companies.

Developing strategies and solutions to secure the sensitive commercial information of high profile clients and personal details of participants. This involves developing training plans, writing policies and procedures, assessing Data Leakage, Firewall, malware and infrastructure solutions and making recommendations.

Publishing Houses.

We have coordinated the PCI (Payment Card Industry) compliance programme to ensure sensitive data is handled and transmitted appropriately at the Head Office and remote sites. Conducting full gap analysis, risk assessment of business processes and forming implementation plans to instil a culture of security in the company and identify requirements to aid the selection of new software applications, physical access controls and network hardware.

Online and mail order companies

Both local and national, have benefited from our ability to devise solutions to pressing IT security problems – many requiring a complete redesign of workflow and some benefiting from targeted adjustments to existing systems in order to meet PCI requirements.