IASME Cyber Assurance

Offers a comprehensive, risk-based framework for organisations to demonstrate their cyber security and compete for business

Designed to be affordable and achievable for small organisations

An alternative to ISO 27001 for smaller organisations

IASME Cyber Assurance

What is IASME Cyber Assurance?

The IASME Cyber Assurance standard is a comprehensive, flexible, and affordable cyber security standard. It provides assurance that an organisation has put into place a range of important cyber security, privacy, and data protection measures.

Becoming certified allows small and medium-sized enterprises in a supply chain to demonstrate their level of cyber security for a realistic cost and indicates that they are taking good steps to properly protect their customers’ information. Today, the audited IASME Cyber Assurance certification is now accepted by a wide range of industry sectors as an alternative to ISO 27001 for small companies.

The IASME Cyber Assurance certification is available in two levels: Level One Verified Assessment and Level Two Audited.

Identify and Classify

The thirteen themes of IASME Cyber Assurance

IASME Cyber Assurance is a risk based cyber security standard comprising of controls which are divided into thirteen themes. Your organisation needs to meet the requirements of all the themes in order to achieve certification against the standard. You may wish to start with a couple of themes and build up your activities from there.

Once you have implemented each theme, it is important to maintain it on an ongoing basis.

Click each icon to learn more about each of the thirteen themes of IASME Cyber Assurance.

Detect and Deter

Protect

Respond and Recover

Identifying and protecting assets

Having a good understanding of your key information assets is essential in order to know what you need to protect.

Assessing and treating risks

In order to effectively apply the correct controls to protect your business assets, it is important to understand what the risks are to your business and to manage those risks to keep them at an acceptable level to you, your customers, and supply chain.

Organisation

A clear structure within your organisation is the foundation for effective and successful security. This should include who is responsible for making information safe and who is accountable when incidents happen.

People

Thorough and consistent measures are required to screen and train all staff to enable them to understand and comply with the security responsibilities of their job.

Physical and environmental protection

Protect your information assets from physical threats such as theft or loss and environmental harm such as damage from temperature or humidity.

Planning information Security

It is important to include information security considerations within your planning. You must also consider security when planning projects, procurement, contracting, suppliers, and when dealing with partners, and other interested parties.

Policy realisation

Policies specify the rules, guidelines, and regulations that you require people to follow. They also reflect the values and ethics that are at the heart of your business.

Managing access

Best practice access control utilises the law of ‘least privilege’ which means giving users access to all the resources and data necessary for their roles, but no more.

Technical intrusion

It is important to develop capabilities to monitor and respond to unauthorised access and usage. This includes anti-malware solutions and measures to prevent insider threats.

Backup and restore

Regularly backing up information, and having the ability to restore the backup, may be one of the most effective methods of protecting your business from the effects of accidental or malicious tampering.

Secure business operations: monitoring, review, and change management

Creating processes to track and monitor information systems is important in order to detect threats and take steps to analyse and act on this information.

Resilience: Business continuity, incident management and disaster recovery

A resilient company is one that is able to respond to an incident, keep operating through it, and eventually recover.

Legal and Regulatory Compliance

Legal and Regulatory Compliance

With data protection and privacy regulations launching across the globe, IASME Cyber Assurance compliance ensures your organisation meets these requirements, avoiding costly penalties and legal ramifications.

Competitive Advantage

Competitive Advantage

IASME Cyber Assurance certification sets you apart from competitors, demonstrating your commitment to data protection, privacy and cyber security, and elevating your brand's reputation.

Customer Trust

Increased Customer Trust

Clients and partners feel confident in collaborating with organisations certified to IASME Cyber Assurance, knowing their valuable data will be handled with the utmost care and security, and all legal requirements met.

Data Protection And Privacy

Enhanced Data Protection and Privacy

IASME Cyber Assurance helps you establish strict controls over sensitive information, both digital and physical, ensuring that only authorised personnel can access, modify, or process it.

The process of certifying

Important prerequisites to certification

Cyber security is a continuous journey of growth and education. IASME Cyber Assurance is not the beginning of that journey, nor is it the end. Before proceeding at this level, you will first need to demonstrate that your organisation has got the basics in place. The prerequisite for IASME Cyber Assurance certification is an up to date Cyber Essentials certification or IASME Cyber Baseline for organisations outside of the UK.

Please note:

  • The scope of organisation that you are certifying to IASME Cyber Assurance must not be larger than the scope of your organisation that is covered in your Cyber Essentials or IASME Cyber Baseline certification
  • In order to purchase your IASME Cyber Assurance assessment, you must have a valid Cyber Essentials or IASME Cyber Baseline certification in place
  • In order to pass your IASME Cyber Assurance certification, you must have one month left in date for your Cyber Essentials or IASME Cyber Baseline certification

Two levels of assurance

It is also necessary to go through the Level One, verified assessment step before you apply for the Level Two audited step.

Prepare Early

The full question set and standard are available for free download. This will let you see the full requirements for certification before starting an application.

Please note

The question set is for information only. If you would like to apply for certification, please apply online. All applications are completed via our secure online assessment platform. Completed question set documents will not be accepted by any other methods.

Follow the step by step guide below to work out if you have the correct prerequisite certification and which level you intend to apply for.

If you would like to talk about the requirements for a prerequisite certification or have any other questions, please give us a call on 03300 882 752 or email us on [email protected] and one of our friendly staff will be happy to help you.

Follow our step-by-step guide to certification:

Step 1. Which prerequisite certification do I need ?

Are you inside or outside the UK?

Applicants for IASME Cyber Assurance must hold a prerequisite certification. Please follow the pathway to certification below to discover the right route for you.

  • Prerequisite Certification
  • Certification Level
  • Confirm your choice
NCSC Cyber Essentials Verified Self-Assessment

Are you based inside the UK?

Cyber Essentials is a UK Government cyber security scheme for organisations of all sizes. It represents the government-approved minimum standard of cyber security for organisations of all sizes in the UK and Crown Dependencies. It consists of five technical controls that will reduce the impact of common cyber-attack approaches by up to 80%.

If your organisation is based in the UK, Cyber Essentials is your prerequisite.

Cyber Essentials can be achieved by any organisation in the world provided they have access to a Certification Body based in the UK. Upon application, overseas organisations will be automatically allocated a Certification Body in the UK.

Do you already hold IASME Cyber Essentials certification?

IASME Cyber Baseline Level One (Verified Assessment)

Are you based outside the UK?

IASME Cyber Baseline is an international cyber hygiene certification scheme that tackles the basic, but critical, cyber security protection measures across eight themes. The scheme offers global supply chains a standardised and respected certification demonstrating robust cyber hygiene.

If your organisation is based outside the UK, you can choose Cyber Essentials or IASME Cyber Baseline as your prerequisite certification.

IASME Cyber Baseline was designed as an international certification scheme. Certification Bodies that assess against this scheme can be based anywhere in the world.

Do you already hold IASME Cyber Baseline certification?

Step 2. Which certification level do I need ?

Verified or Audited Assurance Assessment?

IASME Cyber Assurance is available at two levels.

  • Prerequisite Certification
  • Certification Level
  • Confirm your choice

Level One Verified Assessment

Level One consists of a verified assessment reviewed by an independent Assessor.

After registering for certification, you are given access to the secure assessment platform where you will answer the verified self-assessment questions. A senior member of the board or equivalent from your organisation must e-sign a document to verify that all the answers are true and then a qualified external Assessor will mark your answers.

The pricing structure for Level One certification is based on the size of your organisation.

Benefits include:

  •  A recognised framework to demonstrate compliance to the growing data protection and privacy regulations across the world
  • A risk-based standard that is specifically designed to be affordable and achievable for small organisations 

Price. TBC..

Level Two Audit

Level Two involves an audit of your processes, procedures and controls required by the IASME Cyber Assurance standard.

The audit is independent and conducted by an IASME Assessor. The Assessor will look at documentation, interview key staff and observe activities. This can be done in person or sometimes remotely (such as via a video call).

You will need to have completed the IASME Cyber Assurance Level One certification before you can process to the Level Two audit.

Benefits include:

  •  A well established certification that is gaining recognition as an alternative to ISO 27001 to secure supply chains in the UK and abroad
  • An independent audit to proactively verify that the security controls that you have implemented provide the intended level of security

Price on Application

Step 3. Please confirm your choices

  • Prerequisite Certification
  • Certification Level
  • Confirm your choice
NCSC Cyber Essentials Verified Self-Assessment

Cyber Essentials and IASME Cyber Assurance - Level One

Cyber Essentials represents a minimum recommended certification for organisations of all sizes in the UK and consists of five technical controls that will reduce the impact of common cyber-attack approaches by up to 80%. It is a prerequisite for IASME Cyber Assurance for organisations based in the UK.

IASME Cyber Assurance is a comprehensive risk-based standard for organisations to demonstrate their cyber security, privacy, and data protection measures.

Level One consists of a verified assessment reviewed by an independent Assessor.

The pricing structure for Level One certification is based on the size of your organisation.

IASME Cyber Assurance Level One (Verified Assessment)
Credit Card Logo

When your payment is received, we will send you login details to access the on-line assessment platform to begin your certification. You have 6 months to complete your assessment before your account is archived. Unfortunately we cannot issue a refund so please do not apply until you are ready for the assessment.

If you get stuck or have any questions, please give us a call on 03300 882 752 or email us on [email protected]

Price: TBC

Step 3. Please confirm your choices

  • Prerequisite Certification
  • Certification Level
  • Confirm your choice
IASME Cyber Baseline Level One (Verified Assessment)

IASME Cyber Baseline and IASME Cyber Assurance - Level One

IASME Cyber Baseline is an international cyber hygiene certification scheme that tackles the basic, but critical, cyber security protection measures. It is a prerequisite for IASME Cyber Assurance for organisations outside the UK.

IASME Cyber Assurance is a comprehensive, risk-based standard for organisations to demonstrate their cyber security privacy, and data protection measures.

Level One consists of a verified assessment reviewed by an independent Assessor

The pricing structure for Level One certification is based on the size of your organisation.

IASME Cyber Assurance Level One (Verified Assessment)
Credit Card Logo

When your payment is received, we will send you login details to access the on-line assessment platform to begin your certification. You have 6 months to complete your assessment before your account is archived. Unfortunately we cannot issue a refund so please do not apply until you are ready for the assessment.

If you get stuck or have any questions, please give us a call on 03300 882 752 or email us on [email protected]

Price: TBC

Step 3. Please confirm your choices

  • Prerequisite Certification
  • Certification Level
  • Confirm your choice
IASME Cyber Assurance Level One (Verified Assessment)

IASME Cyber Assurance - Level One

A comprehensive, risk-based standard for organisations to demonstrate their cyber security privacy, and data protection measures.

Level One consists of a verified assessment reviewed by an independent Assessor.

The pricing structure for Level One certification is based on the size of your organisation.

Credit Card Logo

When your payment is received, we will send you login details to access the on-line assessment platform to begin your certification. You have 6 months to complete your assessment before your account is archived. Unfortunately we cannot issue a refund so please do not apply until you are ready for the assessment.

If you get stuck or have any questions, please give us a call on 03300 882 752 or email us on [email protected]

Price: TBC

Step 3. Please confirm your choices

  • Prerequisite Certification
  • Certification Level
  • Confirm your choice

Get a IASME Cyber Assurance Level 2 Quote

After filling out and submitting the form, you will be contacted by up to three different Certification Bodies. Alternatively you can find a Certification Body and contact them directly.

About your organisation

Please fill in the details below, about your organisation.
Company Address(Required)
Organisation Size(Required)

Text....

BSI Logo UK Cyber Security Council We are a Living Wage Employer National Cyber Awards 2022 Winner Armed Forces Covenant Cyber First Support