Is Hartz AI Cyber Essentials certified?

Yes. The Hartz Company Limited, trading as Hartz AI, holds a current Cyber Essentials certificate issued by BSC, an IASME-accredited Certification Body, on 28 May 2026. The certificate covers the whole organisation and is valid until 28 May 2027. The certificate number is 13c6b099-a04a-461e-a391-7126650de80b and can be verified on the IASME registry.

Which Cyber Essentials question set was Hartz AI assessed against?

Hartz AI was assessed against Danzell v3.3, the question set introduced by NCSC and IASME in April 2026. Danzell tightened the marking criteria for multi-factor authentication, patching cadence, and cloud service scope, with three new auto-fail conditions that did not exist under the previous Willow question set.

Who is responsible for data protection at Hartz AI?

Rivka Abecasis is the Head of AI Compliance at Hartz AI and a UK GDPR specialist. Rivka oversees all engagements involving personal data, reviews data flows for new client work, and advises on Data Protection Impact Assessments, lawful basis decisions, and supplier processing agreements. For data protection queries, email craig@hartzai.com and the request will be routed to Rivka.

Trust and Compliance

Hartz AI is Cyber Essentials certified by BSC under the IASME scheme, with a UK GDPR specialist as our named Head of AI Compliance. This page documents the standards we work to and how procurement teams can verify them independently.

Certified

Cyber Essentials

Cyber Essentials is the UK Government's baseline cyber security standard, administered by IASME and aligned with NCSC guidance. The Danzell v3.3 question set, introduced in April 2026, tightened marking on multi-factor authentication, patching cadence, and cloud service scope. The Hartz Company Limited was assessed against the Whole Organisation scope and certified on 28 May 2026 by BSC, an IASME-accredited Certification Body.

Certificate number: 13c6b099-a04a-461e-a391-7126650de80b
Issue date: 28 May 2026
Expiry date: 28 May 2027
Scope: Whole Organisation
Question set: 3.3 (Danzell)
Certifying body: BSC (British Standards Council)
Scheme administrator: IASME Consortium Ltd

Hartz AI is the trading name of The Hartz Company Limited, the legal entity to which this certification is issued. Certified by BSC (British Standards Council), an IASME-accredited Certification Body, against the Cyber Essentials scheme administered by IASME on behalf of the National Cyber Security Centre.

Verify this certificate on the official registry

How does Hartz AI handle UK GDPR compliance?

All Hartz AI engagements involving personal data are overseen by Rivka Abecasis, our Head of AI Compliance and a UK GDPR specialist. Rivka reviews data flows for new client work and advises on DPIAs, lawful basis decisions, and supplier processing agreements.

What technical controls does Hartz AI have in place?

Hartz AI maintains the controls required for Cyber Essentials Whole Organisation certification under the 2026 Danzell question set. These cover authentication, patching, malware protection, secure configuration, and access management across every endpoint and cloud service we use.

Multi-factor authentication on every cloud service that supports it, with single sign-on configured where MFA is upstream-enforced.
Security patches applied within 14 days of vendor release, verified weekly across the in-scope estate.
BitLocker device encryption on all in-scope endpoints, with Apple iOS application sandboxing on mobile.
Separate standard and administrator accounts on workstations, with administrator privileges used only for elevated tasks.
Annual access review with quarterly spot checks, and a formal leaver process for any account removal.
Unique long passwords stored in an enterprise password manager with breach detection alerting.

Where can I find a list of Hartz AI's sub-processors?

A current list of sub-processors and our data handling principles is available on request. Email craig@hartzai.com and we will respond within one working day with the current register, redacted where necessary for unrelated client confidentiality.

Frequently asked questions about Hartz AI's security posture

Is Hartz AI Cyber Essentials certified?: Yes. The Hartz Company Limited, trading as Hartz AI, holds a current Cyber Essentials certificate issued by BSC, an IASME-accredited Certification Body, on 28 May 2026. The certificate covers the whole organisation and is valid until 28 May 2027. The certificate number is 13c6b099-a04a-461e-a391-7126650de80b and can be verified on the IASME registry.
Which Cyber Essentials question set was Hartz AI assessed against?: Hartz AI was assessed against Danzell v3.3, the question set introduced by NCSC and IASME in April 2026. Danzell tightened the marking criteria for multi-factor authentication, patching cadence, and cloud service scope, with three new auto-fail conditions that did not exist under the previous Willow question set.
Who is responsible for data protection at Hartz AI?: Rivka Abecasis is the Head of AI Compliance at Hartz AI and a UK GDPR specialist. Rivka oversees all engagements involving personal data, reviews data flows for new client work, and advises on Data Protection Impact Assessments, lawful basis decisions, and supplier processing agreements. For data protection queries, email craig@hartzai.com and the request will be routed to Rivka.

Who do I contact with security or compliance questions?

Email craig@hartzai.com with any security or compliance question. Procurement teams requesting our supplier security questionnaire or our list of sub-processors will receive a response within one working day.

Last reviewed: 1 June 2026