Become an Assessor

We license the delivery of Cyber Essentials (basic and Plus) assessments and IASME Cyber Assurance assessments (including GDPR readiness) to a number of highly professional companies. These companies are known as Certification Bodies. Each assessor within those Certification Bodies must go through training and pass the relevant assessments and exams.

IASME ASSESSOR ROLES

All assessors need to be part of a Certification Body to be able to carry out assessments. Please see the Certification Body requirements toward the end of this page.

The following assessor roles are recognised by IASME but one person can take on as many of these roles as they want. One person can assess against all of these roles or just one. Please note that you need to be a Cyber Essentials basic assessor if you want to be an IASME Cyber Assurance assessor or a Cyber Essentials Plus assessor.

Cyber Essentials (basic) assessor
Cyber Essentials Plus assessor
IASME Cyber Assurance assessor

Each of these roles require a one day training course. All the training is currently delivered remotely.

The costs are as follows:

Cyber Essentials (basic) training – £550
IASME Cyber Assurance training – £550
Cyber Essentials Plus training – £550

Your company will also need to gain the certification of the scheme they are assessing to (e.g. Cyber Essentials, Cyber Essentials Plus, IASME Cyber Assurance). The cost of this depends on the size of your company.

CYBER ESSENTIALS

ASSESSOR COURSE

To become a basic level Cyber Essentials Assessor, you will first need to have 3 years’ experience of working in IT or Cyber Security (this does not include periods of study) and be based in the UK or Crown Dependancies. You will also need to pass the free Assessor Skills exam unless you already hold one of these qualifications:

CISSP
CISM
Certified Professional (CCP) SIRA, IA Auditor or IA Architect roles at Practitioner-equivalent level or above
ISO27001 Lead Auditor

Following completion of this course, your company will complete the Cyber Essentials verified self-assessment (if you already have an up-to-date certificate, you will not need todo this again). The cost of this depends on the size of your company.

After passing this course, you will be qualified to assess against Cyber Essentials (basic), once you are working for a licensed Certification Body.

If you need to pass the Assessor Skills exam then please contact us and we will send you the details.

IASME cyber assurance ASSESSOR COURSE

To become an IASME Cyber Assurance Assessor, you will need to do the following:

Meet the qualification/experience requirements for becoming a basic-level Cyber Essentials Assessor.
Complete the one-day Cyber Essentials assessor course and then the one-day IASME Cyber Assurance assessor course. Following completion of the IASME Cyber Assurance course, and once you have passed the Cyber Essentials verified self-assessment, your company will complete the IASME Cyber Assurance (Level One) certification.
Once the IASME Cyber Assurance (Level One) certification is achieved, you may then need to achieve IASME Quality Principles certification. The Become a Certification Body section below will detail whether this is necessary.
After gaining all of the certifications mentioned above, you will be paired up with another trainee Certification Body and will conduct a mutual on-site IASME Cyber Assurance (Level Two) audit of each other’s organisation.
You will need to successfully complete an IASME Cyber Assurance (Level Two) audit on your partner company, and also be certified by your partner trainee.

Once you have completed all these steps you will be qualified to assess against Cyber Essentials (basic) and the IASME Cyber Assurance standard (Level One and Level Two), once you are working for a licensed Certification Body.

CYBER ESSENTIALS PLUS

ASSESSOR COURSE

If you want to assess against Cyber Essentials Plus you need have already attended and passed the Cyber Essentials Assessor course detailed above, and be based in the UK or Crown Dependancies. In order to deliver Cyber Essentials Plus assessments, every Certification Body will need at least one ‘Lead Assessor’. A Lead Assessor must hold one of the qualifications listed below:

CREST Registered Penetration Tester
CREST Certified Infrastructure Tester
Cyber Scheme Team Member (CSTM)
Cyber Scheme Team Leader (CSTL)
EC-Council Certified Security Analyst (ECSA):
Penetration Testing practical
EC-Council Certified Penetration Testing Professional (CPENT)
Offensive Security Certified Professional (OSCP)
TigerScheme Team Member (CTM/QSTM)**
TigerScheme Team Leader (CTL/SST)**

**These qualifications will be accepted if they have not expired. Upon expiry you will be required to hold an alternative qualification on List A to continue as Lead Assessor.

All other CE+ assessors within the same Certification Body will be required to have at least 3 years experience of working in IT or Cyber Security and pass our Vulnerability Assessment Plus exam.

All Cyber Essentials Plus assessors will then need to take part in and pass the online Cyber Essentials Plus training course.

You will also need to attain Cyber Essentials Plus certification for your company. We encourage the attendees on the course who pass to pair up and assess each other against Cyber Essentials Plus once they have become Certification Bodies.

BECOME A CERTIFICATION BODY

Once the Assessor has successfully completed the training, gained the relevant certification and passed the exams / assessments the company they work for can become a Certification Body. All Certification Bodies need to sign and return the associated contract.

All Certification Bodies have to show they meet both security and quality requirements.  They can do this by holding one of these security certifications

Achieving UKAS-accredited ISO 27001 certification
Achieving audited IASME Cyber Assurance (Level Two) certification

They also need to hold one of these quality requirements:

Achieving UKAS-accredited ISO 9001 certification
Achieving the IASME Quality Principles alongside an IASME Cyber Assurance (Level Two) certification
Achieving the QG Quality Fundamentals+ certification

Please note: It is a contractual requirement for IASME Cyber Assurance Certification Bodies to hold IASME Cyber Assurance (Level Two) certification.

If your company is interested in becoming a Certification Body please contact us. Your professionalism, expertise and attitude is more important to us than size and we are happy to licence to companies of all sizes.

Find out about Training

Please contact us to find out the next training dates available.

Find Out More

Have a look at our Frequently Asked Questions or speak to our team

FAQs

Cookie	Type	Duration	Description
cookielawinfo-checkbox-analytics		1 year	This cookies is set by GDPR Cookie Consent WordPress Plugin. The cookie is used to remember the user consent for the cookies under the category "Analytics".
cookielawinfo-checkbox-analytics	persistent	1 year	This cookies is set by GDPR Cookie Consent WordPress Plugin. The cookie is used to remember the user consent for the cookies under the category "Analytics".
cookielawinfo-checkbox-necessary		1 year	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-necessary	persistent	1 year	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-non-necessary		1 year	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Non-necessary".
cookielawinfo-checkbox-non-necessary	persistent	1 year	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Non-necessary".
CookieLawInfoConsent		1 year	CookieYes sets this cookie to record the default button state of the corresponding category and the status of CCPA. It works only in coordination with the primary cookie.
geot_country		1 year 1 month 4 days	Used to define what country is attributed to you to aid showing the correct content.
PHPSESSID		session	This cookie is native to PHP applications. The cookie stores and identifies a user's unique session ID to manage user sessions on the website. The cookie is a session cookie and will be deleted when all the browser windows are closed.
viewed_cookie_policy		1 year	The GDPR Cookie Consent plugin sets the cookie to store whether or not the user has consented to use cookies. It does not store any personal data.

Cookie	Type	Duration	Description
__cfduid		1 month	The cookie is used by cdn services like CloudFare to identify individual clients behind a shared IP address and apply security settings on a per-client basis. It does not correspond to any user ID in the web application and does not store any personally identifiable information.
__cfduid	persistent	1 month	The cookie is used by cdn services like CloudFare to identify individual clients behind a shared IP address and apply security settings on a per-client basis. It does not correspond to any user ID in the web application and does not store any personally identifiable information.
_ga		2 years	This cookie is installed by Google Analytics. The cookie is used to calculate visitor, session, campaign data and keep track of site usage for the site's analytics report. The cookies store information anonymously and assign a randomly generated number to identify unique visitors.
_ga	persistent	2 years	This cookie is installed by Google Analytics. The cookie is used to calculate visitor, session, campaign data and keep track of site usage for the site's analytics report. The cookies store information anonymously and assign a randomly generated number to identify unique visitors.
_gat_gtag		1 minute	Used to throttle too many requests from being issued within a short time. This is part of the Google Analytics suite of services.
_gat_gtag	persistent	1 minute	Used to throttle too many requests from being issued within a short time. This is part of the Google Analytics suite of services.
_gid		1 day	This cookie is installed by Google Analytics. The cookie is used to store information of how visitors use a website and helps in creating an analytics report of how the website is doing. The data collected including the number visitors, the source where they have come from, and the pages visited in an anonymous form.
_gid	persistent	1 day	This cookie is installed by Google Analytics. The cookie is used to store information of how visitors use a website and helps in creating an analytics report of how the website is doing. The data collected including the number visitors, the source where they have come from, and the pages visited in an anonymous form.
_hjAbsoluteSessionInProgress	persistent	30 minutes	This cookie is used to detect the first pageview session of a user. This is a True/False flag set by the cookie.
_hjFirstSeen	Session	1 year	This is set to identify a new user’s first session. It stores a true/false value, indicating whether this was the first time Hotjar saw this user. It is used by Recording filters to identify new user sessions.
_hjid	persistent	365 days	Hotjar cookie that is set when the customer first lands on a page with the Hotjar script. It is used to persist the Hotjar User ID, unique to that site on the browser. This ensures that behavior in subsequent visits to the same site will be attributed to the same user ID.
ajs_anonymous_id	persistent	365 days	This cookie is set by Segment as a randomly generated ID for anonymous users.

Cookie	Duration	Description
_ga_*	1 year 1 month 4 days	Google Analytics sets this cookie to store and count page views.
_gat_gtag_UA_*	1 minute	Google Analytics sets this cookie to store a unique user ID.
_hjSession_*	30 minutes	Hotjar sets this cookie to ensure data from subsequent visits to the same site is attributed to the same user ID, which persists in the Hotjar User ID, which is unique to that site.
_hjSessionUser_*	1 year	Hotjar sets this cookie to ensure data from subsequent visits to the same site is attributed to the same user ID, which persists in the Hotjar User ID, which is unique to that site.

Become an Assessor

IASME ASSESSOR ROLES

CYBER ESSENTIALS

ASSESSOR COURSE

IASME cyber assurance ASSESSOR COURSE

CYBER ESSENTIALS PLUS

ASSESSOR COURSE

BECOME A CERTIFICATION BODY

Find out about Training

Find Out More

Cyber First

Living Wage

Cyber Scheme

National Cyber Awards 2022

Armed Forces Covenant

BSI