Tier 1

Archvault Assessed

A structured, assessor-led evaluation against the full Archvault Standard, producing a scored report and a prioritised remediation roadmap.

What you receive

  • Assessment report
  • Control-by-control scoring
  • Remediation roadmap
  • Assessed status

"We know exactly where we stand, and we have a plan." Often sufficient to keep a client's due-diligence process moving while you work toward full certification.

Tier 2

Archvault Certified

Every control in the Standard evidenced and independently verified. Certified organisations receive the Archvault mark and a 12-month listing on the public register.

What you receive

  • Verified certification
  • Register entry
  • The Archvault Certified mark for your website and proposals
  • An evidence pack for client due diligence
  • Cyber Essentials (Basic) certification included

"An independent body has verified our security controls - here's the register entry to prove it."

Continuous assurance Tier 3

Archvault Certified+

Certification maintained all year, not renewed once a year: monthly control attestation and verification, patching and monitoring evidence, quarterly phishing resilience testing, and an evidence pack refreshed every month - ready to send to any client or insurer on demand.

What you receive

  • Everything in Archvault Certified
  • Monthly control attestation and verification
  • Quarterly phishing resilience testing
  • Evidence pack refreshed monthly
  • Annual recertification and Cyber Essentials (Basic) included

"We are demonstrably secure now - not just on the day we were audited." The strongest assurance available under the scheme, and a visible differentiator when bidding.

Compare the tiers


Included Assessed Certified Certified+
Independent assessment
Verified controls -
Public register listing -
Certification mark -
Evidence pack -
Monthly verification - -
Quarterly phishing testing - -
Cyber Essentials (Basic) included -

Not sure which tier fits? Tell us about your situation.

Start a conversation