Why this term matters for certification
Scheme terms define what a buyer, applicant, assessor, or procurement team should expect from Cyber Essentials. They help separate official certification requirements from supplier marketing claims, which is essential when a certificate is being used for a tender, insurance condition, or supplier-risk review.
A buyer should be able to connect this term to a real certification decision: which legal entity is certified, which scope is covered, whether the certificate is current, and whether the level requested is Cyber Essentials, Cyber Essentials Plus, or a different assurance scheme.
How Fig uses this term
Fig Group uses Sub-Set Exclusion as part of a practical Cyber Essentials and compliance vocabulary. The purpose is to make assessment decisions easier to verify: what the term means, where it appears in evidence, which control it supports, and which buyer or assessor question it helps answer.
If this term affects your Cyber Essentials submission, treat it as an evidence question rather than a definition question. Document the relevant owner, system, configuration, policy, or workflow so an assessor can see how the control works in your environment.
Official sources and related guidance
For scheme interpretation, verify against official NCSC and IASME material. Fig's glossary is designed to translate those concepts into implementation language for UK organisations, MSPs, and procurement teams.