IASME Cyber Assurance – Updated and improved

Jul 8, 2025 | IASME Cyber Assurance

A roadmap to cyber resilience for all organisations

Digital technologies, platforms, and strategies have become the backbone of modern communication and operations, making cyber resilience not just important but essential. Organisations of all sizes must navigate the landscape of cyber security to defend against attacks. However, true cyber resilience goes beyond mere prevention. In the face of relentless and ever-evolving threats, resilience enables organisations to withstand attacks, maintain business operations, and recover swiftly. This is where the newly updated IASME Cyber Assurance (ICA) standard plays a vital role. Redesigned using customer feedback, the updated standard and assessment are now more accessible and scalable, than before, offering a clear roadmap to achieving cyber resilience.

What is IASME Cyber Assurance?

The IASME Cyber Assurance standard offers a flexible and cost-effective framework to help organisations establish strong cyber security and data protection measures. By providing a structured approach, it simplifies what might otherwise feel like an overwhelming set of requirements. Additionally, it supports compliance with legal and regulatory obligations, demonstrating your organisation’s commitment to achieving cyber resilience.

Once an organisation has Cyber Essentials certification which is a prerequisite, IASME Cyber Assurance (ICA) is available in two levels, Level One Verified Assessment and Level Two Audited. Whether you’re a sole trader or a large enterprise, the standard is designed to be understandable and accessible.

Why Choose IASME Cyber Assurance?

Designed to be accessible for organisations of all sizes

The updated IASME Cyber Assurance standard is designed with flexibility in mind, featuring tiered requirements that align with an organisation’s size and risk profile while maintaining a robust approach. For example, sole traders and two-person partnerships need to meet just 20 requirements, whereas larger organisations must address a more comprehensive set of 65. This doesn’t mean smaller organisations are “let off” certain aspects of the standard. Instead, the standard acknowledges that, due to their size, many elements of resilience are not applicable to them.

This tailored approach ensures that even the smallest organisations can achieve cyber resilience without being overwhelmed by unnecessary complexity.

The standard and assessment questions are all available to download from the IASME website free of charge and without the need to register. The IASME team are happy to answer your questions about the standard and 230 Certification Bodies across the UK are ready to assist and certify organisations of all sizes.

Aligned with government and industry standards

The full IASME Cyber Assurance standard provides an organisation with the practical steps and key controls that are needed to become cyber resilient as highlighted within the DSIT Cyber Governance Code of Practice. The standard can also help an organisation work towards the NCSC Cyber Assessment Framework (CAF) objectives.  

This alignment makes ICA a thorough standard that helps organisations demonstrate their cyber security maturity to supply chains, particularly in regulated sectors.

A logical next step after Cyber Essentials

The prerequisite for IASME Cyber Assurance certification is an up-to-date Cyber Essentials certification. Cyber Essentials (CE) represents the UK Government’s minimum baseline standard in cyber security for organisations of all sizes in the UK. It is based on five technical controls designed to protect against common internet-based cyber threats. These are defensive controls, designed to avoid successful cyber breaches. The step beyond Cyber Essentials focuses on the governance which will help an organisation prepare, withstand and recover from successful attacks. It will also address other potential disruptions to an organisation’s digital systems, such as systems failure and insider threat, ensuring that critical operations and services can continue with minimal impact. IASME Cyber Assurance is the natural progression from Cyber Essentials, providing a comprehensive framework to build and sustain resilience and maintain trust with supply chains and customers.

A cost-effective solution

Cyber security doesn’t have to break the bank. IASME Cyber Assurance offers a realistic, affordable way for organisations to achieve cyber resilience. Ranging from £320 +vat for a micro organisation up to £600+vat for a large organisation, ICA provides a practical alternative to the high costs and complexity of other standards without compromising on quality.

The fourteen themes of IASME Cyber Assurance

The standard is built around 14 key themes, covering everything from planning information security and managing access to incident management and disaster recovery. These themes provide a framework for organisations to identify, manage, and mitigate cyber risks effectively. By addressing these areas, businesses can build a strong foundation for long-term resilience.

Why now? – the growing importance of cyber resilience

With over 5.5 million SMEs in the UK and increasing pressure from government and large organisations to secure supply chains, the demand for evidence of robust cyber security in partners and suppliers is higher than ever. IASME Cyber Assurance builds on Cyber Essentials to offer a practical, scalable, and trusted framework for organisations looking to show that they protect their reputation and business.

Consider improving you cyber resilience

Whether you’re a sole trader, a growing SME, or a larger organisation, the updated IASME Cyber Assurance standard offers a practical, and affordable pathway to achieving cyber resilience. By tailoring requirements to your organisation’s size and risk profile, simplifying the certification process, and aligning with trusted government frameworks, ICA ensures that cyber security is accessible to all.

Find out more or apply for certification here

Find a Certification Body near you here

Contact IASME [email protected]

Cyber Essentials is a UK government-backed certification scheme operated under the oversight of the National Cyber Security Centre (NCSC).

The IASME Cyber Assurance (ICA) scheme is independently owned and is not affiliated with the NCSC.