Frequently Asked Questions

The NCSC aims to extend its reach to offer a trusted source of cyber security advice to a wider range of organisations.
Despite a growing emphasis on cyber security, many organisations often find it hard to choose the right help to meet current guidance – they don’t know who to trust, or fear they will overpay or be sold more than they need. The Cyber Advisor scheme aims to ensure the understanding and application of trusted cyber security advice at a proportionate price.

There is evidence that the technical controls of Cyber Essentials mitigate the majority of high volume, low-skill attacks perpetrated through the internet. Therefore, one of the easiest ways to make the UK more secure is to help organisations to implement the technical controls at scale across the country. 

Organisations looking for advice do not need to be aiming for Cyber Essentials certification. The advice offered by Cyber Advisors will prepare you for certification, however, Cyber Advisors cannot issue Cyber Essentials certification (unless they are also a Cyber Essentials Assessor), so organisations will still need to apply for Cyber Essentials certification separately.

A Cyber Essentials Certification Body can assess if an organisation meets the criteria required for Cyber Essentials certification and issue that certification – something a Cyber Advisor cannot do unless they are also a Cyber Essentials Assessor and the organisation they work for is a Certification Body.

A list of Cyber Advisors is available (Find a Cyber Advisor); organisations looking for Cyber Advice will be able to approach these organisations directly.

To become a Cyber Advisor, you will need to:

• Pass the assessment and be issued with the Certificate of Competence in Cyber Essentials Implementation
• Sit an online induction training course with IASME, followed by a simple test of understanding
• Be based in the UK or Crown Dependencies

Once a candidate has successfully completed these steps, the company they work for can become an NCSC Assured Service Provider (ASP). 

An organisation wishing to become an Assured Service Provider will need to:

• Employ at least one individual who has passed the Cyber Advisor assessment
• Have independently verified evidence that they have achieved and maintain Cyber Essentials certification
• Have good cyber security and can keep client data secure
• Be committed to achieving an excellent and consistent client experience by using a quality management system
• Pay an annual subscription fee

Full details of the requirements to be an Assured Service Provider can be seen here.

Demonstrate your expertise and credibility with the National Cyber Security Centre’s Cyber Advisor badge.

• Show you are a government Assured Service Provider and can be trusted to give best practice cyber advice
• Demonstrate that you can understand and communicate with small organisations and offer proportionate solutions
• Boost opportunities to work, present and lead as a respected professional
• Be listed on the NCSC website as a Cyber Advisor

Join a nationwide network of validated and respected Cyber Advisors. Be part of the movement to help make the UK the safest place to do business online.

• Receive regular briefings from NCSC and IASME on changes to the scheme and new initiatives
• Access the opportunity to feedback your views and experiences to shape future policy and scheme development

There is no recommended fixed cost for Assured Service Providers to charge clients for Cyber Advisor services. Each job is likely to vary considerably according to the client’s existing security posture and size and complexity of their IT estate. 

There is an annual fee of £600 +VAT per organisation, and £250 +VAT per Advisor. There will also be a one-off onboarding charge of £250 +VAT.

The cost to take the Cyber Advisor assessment can be found on the Cyber Scheme webpage. The assessment will remain valid for three years. After three years a resit will be required.

For more information, please contact IASME at [email protected]