About The Cyber Advisor Scheme

 The NCSC and IASME are preparing to launch a new assured Cyber Advisor scheme. This will extend assured cyber security consultancy services to a wider market of small and medium sized firms, helping to ensure a minimum standard of security. The NCSC is currently inviting organisations to help stand-up this new service and develop the scheme ready for an official launch. Initially 100 free Cyber Advisor assessments will be funded by the NCSC.   

These NCSC Assured Service Providers organisations will be able to provide customers with practical help to better understand and implement the cyber security advice and guidance issued by Government and the NCSC. Advice will initially be focused on Cyber Essentials’ five technical controls – firewalls, secure settings, access controls, malware and software updates – and qualified Cyber Advisors will help customers meet these controls and implement any recommendations.

Register Your Interest

To launch this service, the NCSC is now inviting both individuals and organisations offering cyber advice to register their interest in the scheme.

The NCSC will initially be fully funding 100 Cyber Advisor assessments. Individual applicants – with differing levels of experience and skills, and from diverse backgrounds across the UK – will be selected to test and ensure that Cyber Advisors can offer the required knowledge and skillset.

To apply to be one of the first 100 people to go through the assessment, please contact us at [email protected] or complete the form below. Everyone who successfully completes the assessment AND is employed by an NCSC Assured Service Provider registered with IASME, will then be eligible to offer Cyber Advisor services. Anyone who passes the assessment but who is not employed by an Assured Service Provider will not be eligible to offer Cyber Advisor services.

As a means of verifying the Proof of Concept (POC) to fully launch the scheme, those who complete a free assessment will be asked for feedback and to provide data to help the NCSC develop the Cyber Advisor scheme further.

COSTS

The Cyber Advisor Exam will usually cost £550 per person but NCSC are funding 100 of these exams to verify the Proof of Concept. To operate as a registered Cyber Advisor there will be an annual charge per individual Advisor (£250) and per NCSC Assured Service Provider (£600). In addition, there is an onboarding fee of £250 for each new Advisor.

Please complete the form below to register your interest.

Requirements to become a Cyber Advisor

All advisors need to be part of an Assured Service Provider organisation to be able to carry out advisor services. Please see the Assured Service Provider requirements below.

To become a Cyber Advisor (Cyber Essentials) you will need to provide IASME with evidence that you have successfully passed the Advisor Exam.  You will then be required to sit our online Induction training course.  This course will walk you through some essential elements of the scheme and be followed by a simple test of understanding.

You can find more information on the Advisor Exam via Cyber Scheme webpage.

All Cyber Advisors (Cyber Essentials) must be based in the UK or Crown Dependencies.

Requirements to become an Assured Service Provider

Once the first Cyber Advisor (Cyber Essentials) in an organisation has successfully passed the exam, the company they work for can become an Assured Service Provider.

All Assured Service Providers have to show they meet both security and quality requirements.  They can do this by holding one of these security certifications.

  • Achieving UKAS-accredited ISO 27001 certification
  • Achieving audited IASME Cyber Assurance (Level 2) certification

They also need to hold one of these quality requirements:

  • Achieving UKAS-accredited ISO 9001 certification
  • Achieving the IASME Quality Principles alongside an IASME Cyber Assurance (Level 2) certification
  • Achieving the QG Quality Fundamentals+ certification

All Assured Service Providers need to sign and return the associated contract.

If your company is interested in becoming an NCSC Assured Service Provider please contact us at [email protected].  Your professionalism, expertise and attitude is more important to us than size and we are happy to licence to companies of all sizes.

 

More Information about the Cyber Advisor Scheme

The NCSC is getting ready to launch a new Cyber Advisor scheme that will help organisations which want to implement a minimum standard of cyber security, to identify the skills and advice they need. 

Organisations starting out on their cyber security journey will soon be able to benefit from expert skills and advice offered by qualified individuals – Cyber Advisors – working within companies assured by the NCSC.  

By assessing the customer and its internet-facing IT, Cyber Advisors will identify where the organisation meets (or doesn’t meet) the Cyber Essentials controls. The advisor then produces a detailed report explaining why the controls are met or not, highlighting any risks the organisation is exposed to, before providing recommended solutions that are right for the size and needs of the customer. 

Those employing the service of Cyber Advisors don’t need to be aiming for Cyber Essentials certification; advisors will offer customers hands-on, practical experience to implement the controls to help guard against the most common cyber attacks. 

Cyber Advisors will be expected to help organisations by: 

  • Conducting Cyber Essentials gap analysis to assess the organisations internet-facing IT identifying where it fails to meet the Cyber Essentials controls 
  • Developing reports on the status of the organisation’s Cyber Essentials controls for senior leadership, detailing the requirements that are met and those that are not, describing the why controls are not met and the risks the organisation is exposed to, as well as the recommended actions to take. 
  • Working with the business to agree remediation activities. 
  • Planning remediation activities that align to the risk and business priorities. 
  • Implementing remediation activities – or guide technical teams to do so – sympathetically to operational activities. 
  • Developing and presenting post-engagement reports summarising the engagement and detailing any remediation work completed, pointing out any residual risk with recommendations for reducing those risks. 

How to become a Cyber Advisor 

One of the key requirements of becoming an Assured Service Provider under the Cyber Advisor scheme is the employment of at least one individual who has passed the cyber advisor assessment. An NCSC Assured Service Provider will also be expected to meet requirements demonstrating good cyber security and a commitment to achieving an excellent and consistent customer experience through a quality management system. An annual subscription fee will also be levied.   

For consumers keen to utilise the services of a Cyber Advisor, please contact IASME at [email protected]  and we will keep you up-to-date with the development of the scheme. 

Frequently Asked Questions

Why are we launching the Cyber Advisor scheme?

The NCSC aims to extend its reach to offer a trusted source of cyber security advice to a wider range of organisations. The NCSC’s existing consultancy assurance only covers specialisms for complex cyber security issues. This service is largely utilised by large organisations with complex cyber security requirements, often with potential impact of critical national significance.

The aim of the Cyber Advisor scheme is to offer cyber consultancy assurance for small businesses to help them achieve the minimum baseline of cyber security. This is particularly important following the widespread change in working practices fuelled by the Covid-19 Pandemic.

Despite a growing emphasis on cyber security, many organisations often find it hard to choose the right help to meet current guidance – they don’t know who to trust, or fear they will over-pay or be sold more than they need. The Cyber Advisor scheme aims to ensure the understanding and application of trusted cyber security advice.

Why does Cyber Advisor centre around the 5 Cyber Essentials Controls?

The Cyber Essentials standard has been adopted because the NCSC recognises this as good baseline standard that defends against a range of common and likely cyber threats. The NCSC has confidence that it will improve the security for those that properly implement it.

The Cyber Advisor scheme may expand beyond Cyber Essentials to incorporate other cyber security requirements in the future. This will be driven by customer requirements and demand.

Does Cyber Advisor lead to Cyber Essentials certification?

Organisations looking for advice do not need to be aiming for Cyber Essentials certification. The advice offered by Cyber Advisors will prepare you for certification. However, Cyber Advisors cannot issue Cyber Essentials certification (unless they are also a Cyber Essentials Certification Body assessor), so organisations will still need to apply for Cyber Essentials certification separately.  

What is the difference between a Cyber Essentials Certification Body and a Cyber Advisor?

A Cyber Essentials Certification Body (CB) can assess if an organisation meets the criteria required for Cyber Essentials Certification and issue the certification. However, not all CBs have the ability to implement the technical controls – something that Cyber Advisors will be able to do. Likewise, Cyber Advisors won’t be able to issue Cyber Essentials certification – unless they are also recognised as a Cyber Essentials Certification Body.  

How do I get help from a Cyber Advisor?

When the scheme launches a list of Cyber Advisors will be made available; organisations looking for Cyber Advice will be able to approach these organisations directly – or through the scheme’s delivery partner IASME.

What are the requirements to become an NCSC Assured Service Provider?

The NCSC will assure Cyber Advisor organisations to offer this service. One of the key requirements of becoming an NCSC Assured Service Provider is the employment of at least one individual who has passed the cyber advisor assessment. NCSC Assured Service Providers will also be expected to:   

  • Have independently verified evidence that they have achieved and maintain Cyber Essentials certification 
  • Have good cyber security and can keep client data secure 
  • Be committed to achieving an excellent and consistent client experience by using a quality management system. 

An annual subscription fee will also be charged.  

Full details of the requirements – and how to become a Cyber Advisor – can be found on the IASME website. 

What are the benefits of being a Cyber Advisor? Why become one?

The Cyber Advisor scheme allows the NCSC to recommend independently assured organisations that can help their customers implement a baseline level of cyber security. By creating a trusted ecosystem, consumers will know better who to engage and what to expect. Furthermore, for those already doing this work, the Cyber Advisor scheme aims to recognise their competence. 

When will we know the results of the POC?

The NCSC is launching Cyber Advisor as a 6-month long POC, which will end in Feb ‘23. If the POC is successful, the new scheme will formally be launched in the first quarter of 2023.  

How do I take part in the POC?

Please submit your application to become a Cyber Advisor using the form on this page. All applications will be received by the Cyber Advisor delivery partner IASME. There are 100 funded places which will be allocated in line with the requirements to adequately test and build the scheme. 

When do we expect a service to launch for consumers?

Individual assessments will be completed before the first Cyber Advisor organisations can come through the onboarding process, around the end of September 2022.  

How much will Cyber Advisors charge?

There is no recommended fixed cost for assured Cyber Advisor firms to charge clients. Each job is likely to vary considerably according to the client’s existing security posture and size and complexity of their IT estate. 

What is the cost for firms to become a Cyber Advisor?

£600 per organisation, and £250 per advisor. There will also be a one-off onboarding charge of £250. 

What is the cost to take the Cyber Advisor assessment?

The assessment for Cyber Advisors will cost £550 (although this is to be finalised). The assessment will remain valid for three years. After 3 years a resit will be required. The NCSC is funding 100 assessments to launch the scheme. To register your interest complete the short application form on this page.

Where can I get more information?

For more information contact IASME at [email protected]

Find Out More

Have a look at our Frequently Asked Questions or speak to our team