Interested in Cyber Essentials? Visit our advert landing page (under Marketplace) and learn how to migrate to partial or full conformity with ISO/IEC 27001, and gain greater control and defensive strength against cybersecurity threats

IMS-Smart On-Line

Conditions of use for an evaluation licence


The customer: an organisation that uses IMS-Smart On-Line.

IMS-Smart: a methodology with associated technology and productised IP-led services, including training for creating integrated management systems, including information security management systems.

IMS-Smart On-Line: a website provided by IMS-Smart Limited, a company registered in England, number 6630803.

A Management System: a set of interrelated or interacting elements of an organisation to establish policies and objectives and processes to achieve those objectives.

An Information Security Management System (ISMS): a management system that conforms to ISO/IEC 27001.

IMSid: The identifier of the ISMS for which the customer has licensed the use of IMS-Smart On-Line.

Organisation: person or group of people that has its own functions with responsibilities, authorities and relationships to achieve its objectives.

Policy: intentions and direction of an organisation as formally expressed by its top management.

Top management: person or group of people who directs and controls an organisation at the highest level.

Process: set of interrelated or interacting activities which transforms inputs into outputs.

Documented information: information required to be controlled and maintained by an organisation and the medium on which it is contained.

Custom text: text generated by the customer which is stored in IMS-Smart On-Line.

ISMS administrator: a person with customer authority to generate and modify custom text.

Regular ISMS user: a person with customer authority to read custom text.

IMS-Smart text: text generated by IMS-Smart Limited which is stored in IMS-Smart On-Line.

Your obligations

The customer is responsible for the performance of all the steps necessary to develop and implement their ISMS. The use of IMS-Smart On-Line greatly facilitates those tasks but IMS-Smart Limited makes no claim as to the ability of the customer to properly accomplish their implementation through use of IMS-Smart On-Line alone. In particular:

  • IMS-Smart On-Line does not by itself create or maintain an ISMS or guarantee conformance with ISO/IEC 27001:2013.
  • The customer must provide custom text in accordance with the instructions provided by IMS-Smart On-Line.
  • The customer is responsible for ensuring the accuracy and truthfulness of custom text, including the results of calculations performed on such custom text by IMS-Smart On-Line.
  • Specifically, the customer is responsible for approving the results of risk assessment calculations.

The customer is responsible for breaches of copyright arising from actions of their employees, or persons under their control.

The customer is responsible for ensuring that any hyperlinks they place in custom text do not redirect their ISMS administrators or regular ISMS users to phishing or malware sites, or use forwards to access unauthorised pages.

The customer is responsible for assigning their users to the various ISMS administrator or regular ISMS user roles and for obligating users to look after their passwords so as to protect IMS-Smart On-Line from unauthorised access.

The customer must not provide custom text or upload files that contain:

  • Warez, illegal, immoral or copyright material. The onus is on you the customer to prove that you own the rights to publish material, not for IMS-Smart Limited to prove that you do not.
  • MP3 and other multimedia files.
  • Password protected archive (e.g. zip or rar) files, or data back ups.
  • Pornographic or other lewd material. Adult Material includes all pornography, erotic images, or otherwise lewd or obscene content. The designation of "adult material" is left entirely to the discretion of IMS-Smart Limited.
  • HTML forms or JavaScript or other executable code.

The customer must not attempt to:

  • Circumvent the user authentication and access control mechanisms.
  • Access the IMS-Smart On-Line databases directly.
  • Decipher IMS-Smart On-Line encrypted information.
  • Reverse engineer the IMS-Smart On-Line software.

The customer is responsible for backing up their uploaded files.

Limitation of Liability

In no event will IMS-Smart Limited be liable to the customer for any damages, claims or costs whatsoever or any consequential, indirect, incidental damages, or any lost profits or lost savings, even if IMS-Smart Limited’s representative has been advised of the possibility of such loss, damages, claims or costs or for any claim by any third party. The foregoing limitations and exclusions apply to the extent permitted by applicable law in customer’s jurisdiction. IMS-Smart Limited’s aggregate liability under or in connection with this agreement shall be limited to the amount paid for the use of IMS-Smart On-Line, if any.

Governing Law

The Law pertaining to these conditions of use and any correspondence or contracts related thereto shall be governed and construed by the Laws of England.


IMS-Smart Limited reserves the right to suspend or cancel a customer’s access to IMS-Smart On-Line, where IMS-Smart Limited decides that IMS-Smart On-Line has been inappropriately used, or that the customer has violated these conditions of use.

The evaluation licence expires 30 days after registration.

When the licence has expired, users and administrators will not be able to log on or access ISMS data.

Additional conditions of use for a full licence

With a full licence:

  1. under the heading of termination, the clause about the expiry of the evaluation licence is replaced with one of the form:
    The IMS-Smart licence expires on yyyy-mm-dd

  2. the following additional conditions will appear under the headings of definitions and your obligations. The ellipses (...) represent text in the above conditions to enable you to see where this additional text fits. The additions refer to BSI copyrighted material which is only accessible with a full licence. These additional conditions therefore do not apply in the case of an evaluation licence.

Note that the clause under the heading of your obligations lists the maximum number of administrators and regular users permitted by the licence that the customer has purchased from IMS-Smart Limited.


under the heading of Definitions

BSI and David Brewer copyrighted material: British Standards are reproduced within this IMS-Smart Limited product with the permission of the British Standards Institution (BSI) under licence number 2019JK0013. Copyright subsists in all BSI publications. Except as Permitted under the UK Copyright, Designs and Patents Act 1988, no British Standard either in part or whole, may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, without prior permission of BSI. British Standards may be obtained from BSI Customer Services, 389 Chiswick High Road, London, W4 4AL. (Tel +44 (0) 20 8996 9001). The BSI copyrighted material in this product consists of (a) ISO/IEC 27001:2013, Clauses 4 - 10 of which are reproduced on the conformance page and Annex A of which is reproduced on the SOA page; and (b) other standards offered by IMS-Smart On-Line that the customer chooses to licence. The David Brewer copyrighted material in this product is the book “An introduction to ISO/IEC 27001:2013” by Dr David Brewer, ISBN-10 1704570824 ISBN-13 978-1704570822, extracts of which are reproduced on the Help pages.

under the heading of Your obligations

Access to BSI copyrighted material is permitted under BSI licence 2019JK0013 only to ISMS administrators

name of organisation has licensed the IMSid ISMS for a maximum of maxAdmin ISMS administrators and maxRegularUsers regular ISMS users, giving a maximum organisation size for conformance assessment purposes of orgSize. The maximum database size is maxDb Mb.

The customer is responsible for procuring a licence of sufficient capacity in terms of the maximum number of ISMS administrators, regular ISMS users and database size for its needs, and renewing the licence in sufficient time ahead of the expiry date in order to ensure continuity of service. Changes in licence capacity are permitted at any time in return for payment of the appropriate fee as given on the website. Downsizing does not result in a refund and should therefore be made at the time of licence renewal.

There are restrictions on printing BSI copyrighted information. In particular, if a browser’s print facility is used to print the SOA, the ISO conformance page or the full text of “An introduction to ISO/IEC 27001:2013”, the BSI copyrighted material will not appear.

… The customer must not attempt to:

  • Circumvent the restrictions on printing pages containing BSI copyrighted material.