Subscription period and scorecard validity: understanding the timeline

Your subscription starts on your registration date and runs for 12 months. It renews automatically each year, this is called tacit renewal, and an invoice is issued at the start of each new subscription period. Your subscription can be cancelled in accordance with the terms agreed at registration.

Your scorecard is valid for 12 months from its publication date, not from your registration date. Because the expert analysis process takes 3–6 weeks after you submit your questionnaire, your scorecard is always published after your subscription has already started. This creates a gap between the two timelines.

In this example, the scorecard remains valid until February 2026, two months after the subscription has ended. However, an active subscription is required to access and share your scorecard. If your subscription lapses in December 2025, you will lose access to your scorecard even though it is still technically within its validity period.

You must have an active subscription to view and share your scorecard on the platform. If your subscription expires before your scorecard validity ends, renew your subscription to restore access. Contact support@cybervadis.com if you have questions about your renewal.

The cybersecurity landscape changes constantly. An annual reassessment ensures your scorecard reflects your current security posture, not last year's. It also gives you the opportunity to show clients measurable progress on your improvement plan, and to stay aligned with evolving regulatory requirements like GDPR, NIS2, and DORA.