The IASME Cyber Assurance standard, formerly known as IASME Governance, is a comprehensive, flexible and affordable cyber security standard. It provides assurance that an organisation has put into place a range of important cyber security, privacy and data protection measures.

About IASME Cyber Assurance

The IASME Cyber Assurance standard was developed over several years during a government funded project to create a cyber security standard which would be an affordable and achievable alternative to other international standards. It allows small and medium enterprises in a supply chain to demonstrate their level of cyber security for a realistic cost and indicates that they are taking good steps to properly protect their customers’ information.

A wide range of UK and International industry sectors now accept the Level 2 audited IASME Cyber Assurance certification as an alternative to other international standards. Examples are the UK Ministry of Justice and the Government of Jersey. This is a significant step towards reducing barriers to entry for smaller organisations in a supply chain as IASME Cyber Assurance gives SMEs a legitimate way to prove their compliance.

The IASME Cyber Assurance certification includes GDPR requirements and is available in two levels: Level 1 Verified Assessment and Level 2 Audited. There is a prerequisite to applying for IASME Cyber Assurance; you must hold a valid Cyber Essentials certificate throughout your IASME Cyber Assurance certification.

ASME Cyber Assurance Level 1

IASME Cyber Assurance is risk based and includes key aspects of security such as incident response, asset management, people management, physical controls and GDPR compliance.

Level 1 certification is the first step along the certification pathway for IASME Cyber Assurance.

For the Level 1 certification, organisations are given access to a secure portal to complete their application and provide details against the Question Set.

The pricing structure for Level 1 certification is based on the size of the organisation applying for certification.

IASME Cyber Assurance Level 2

IASME Cyber Assurance Level 2 involves an audit of your processes, procedures and controls required by the standard. The audit is independent and conducted by an IASME Certification Body and Assessor.

You will need to have completed the IASME Cyber Assurance Level 1 certification before you can progress to the Level 2 audit.

To get a quote for your Level 2 certification, please speak to your certification body.

The standard covers 13 themes across 5 areas of control.

IASME Cyber Assurance is risk based and includes key aspects of security such as incident response, asset management, people management, physical controls and GDPR compliance.

Level 1 certification is the first step along the certification pathway for IASME Cyber Assurance.

For the Level 1 certification, organisations are given access to a secure portal to complete their application and provide details against the Question Set.

The pricing structure for Level 1 certification is based on the size of the organisation applying for certification.

Pricing Structure

Micro Organisations

0-9 Employees

£300 + VAT

Small Organisations

10-49 Employees

£400 + VAT

Medium Organisations

50-249 Employees

£450 + VAT

Large Organisations

250+ Employees

£500 + VAT

IASME Cyber Assurance Level 2 involves an audit of your processes, procedures and controls required by the standard. The audit is independent and conducted by an IASME Certification Body and Assessor.

You will need to have completed the IASME Cyber Assurance Level 1 certification before you can progress to the Level 2 audit.

To get a quote for your Level 2 certification, please speak to your certification body.

The standard covers 13 themes across 5 areas of control.

cyber assurance themes and topics
IASME governance

On the 25th July 2022, IASME Governance was relaunched under IASME Cyber Assurance.
All certifications granted against the IASME Governance standard are still valid for the duration of the certificate, subject to continuous assessment and independent annual review.

From the 25th July 2022, you will be unable to start any new application against the IASME Governance standard.

If you have started your IASME Governance journey prior to the 25th July 2022, then you are still able to complete the process within a set timeline. Please so contact IASME or your Certification Body for details of this.

A wide range of UK and International industry sectors now accept the Level 2 audited IASME Cyber Assurance certification as an alternative to other international standards. Examples are the UK Ministry of Justice and the Government of Jersey.
This is a significant step towards reducing barriers to entry for smaller organisations in a supply chain as IASME Cyber Assurance gives SMEs a legitimate way to prove their compliance.

The IASME Cyber Assurance certification includes GDPR requirements and is available in two levels: Level 1 Verified Assessment and Level 2 Audited. There is a prerequisite to applying for IASME Cyber Assurance; you must hold a valid Cyber Essentials certificate throughout your IASME Cyber Assurance certification.

Find Out More

Have a look at our Frequently Asked Questions or speak to our team