IASME Cyber Assurance
Offers a comprehensive, risk-based framework for organisations to demonstrate their cyber security and compete for business
Designed to be affordable and achievable for small organisations
An alternative to ISO 27001 for smaller organisations
What is IASME Cyber Assurance?
The IASME Cyber Assurance standard is a comprehensive, flexible, and affordable cyber security standard. It provides assurance that an organisation has put into place a range of important cyber security, privacy, and data protection measures.
Becoming certified allows small and medium-sized enterprises in a supply chain to demonstrate their level of cyber security for a realistic cost and indicates that they are taking good steps to properly protect their customers’ information. Today, the audited IASME Cyber Assurance certification is now accepted by a wide range of industry sectors as an alternative to ISO 27001 for small companies.
The IASME Cyber Assurance certification is available in two levels: Level One Verified Assessment and Level Two Audited.
The thirteen themes of IASME Cyber Assurance
IASME Cyber Assurance is a risk based cyber security standard comprising of controls which are divided into thirteen themes. Your organisation needs to meet the requirements of all the themes in order to achieve certification against the standard. You may wish to start with a couple of themes and build up your activities from there.
Once you have implemented each theme, it is important to maintain it on an ongoing basis.
Click each icon to learn more about each of the thirteen themes of IASME Cyber Assurance.
Identifying and protecting assets
Having a good understanding of your key information assets is essential in order to know what you need to protect.
Legal and regulatory landscape
Be aware of legal obligations, contractural requirements and agreements and ensure you are fulfilling your responsibilities.
Assessing and treating risks
In order to effectively apply the correct controls to protect your business assets, it is important to understand what the risks are to your business and to manage those risks to keep them at an acceptable level to you, your customers, and supply chain.
Organisation
A clear structure within your organisation is the foundation for effective and successful security. This should include who is responsible for making information safe and who is accountable when incidents happen.
People
Thorough and consistent measures are required to screen and train all staff to enable them to understand and comply with the security responsibilities of their job.
Physical and environmental protection
Protect your information assets from physical threats such as theft or loss and environmental harm such as damage from temperature or humidity.
Planning information Security
It is important to include information security considerations within your planning. You must also consider security when planning projects, procurement, contracting, suppliers, and when dealing with partners, and other interested parties.
Policy realisation
Policies specify the rules, guidelines, and regulations that you require people to follow. They also reflect the values and ethics that are at the heart of your business.
Managing access
Best practice access control utilises the law of ‘least privilege’ which means giving users access to all the resources and data necessary for their roles, but no more.
Technical intrusion
It is important to develop capabilities to monitor and respond to unauthorised access and usage. This includes anti-malware solutions and measures to prevent insider threats.
Backup and restore
Regularly backing up information, and having the ability to restore the backup, may be one of the most effective methods of protecting your business from the effects of accidental or malicious tampering.
Secure business operations: monitoring, review, and change management
Creating processes to track and monitor information systems is important in order to detect threats and take steps to analyse and act on this information.
Resilience: Business continuity, incident management and disaster recovery
A resilient company is one that is able to respond to an incident, keep operating through it, and eventually recover.
Legal and Regulatory Compliance
With data protection and privacy regulations launching across the globe, IASME Cyber Assurance compliance ensures your organisation meets these requirements, avoiding costly penalties and legal ramifications.
Competitive Advantage
IASME Cyber Assurance certification sets you apart from competitors, demonstrating your commitment to data protection, privacy and cyber security, and elevating your brand's reputation.
Increased Customer Trust
Clients and partners feel confident in collaborating with organisations certified to IASME Cyber Assurance, knowing their valuable data will be handled with the utmost care and security, and all legal requirements met.
Enhanced Data Protection and Privacy
IASME Cyber Assurance helps you establish strict controls over sensitive information, both digital and physical, ensuring that only authorised personnel can access, modify, or process it.
The process of certifying
Important prerequisites to certification
Cyber security is a continuous journey of growth and education. IASME Cyber Assurance is not the beginning of that journey, nor is it the end. Before proceeding at this level, you will first need to demonstrate that your organisation has got the basics in place. The prerequisite for IASME Cyber Assurance certification is an up to date Cyber Essentials certification or IASME Cyber Baseline for organisations outside of the UK.
Please note:
- The scope of organisation that you are certifying to IASME Cyber Assurance must not be larger than the scope of your organisation that is covered in your Cyber Essentials or IASME Cyber Baseline certification
- In order to purchase your IASME Cyber Assurance assessment, you must have a valid Cyber Essentials or IASME Cyber Baseline certification in place
- In order to pass your IASME Cyber Assurance certification, you must have one month left in date for your Cyber Essentials or IASME Cyber Baseline certification
Two levels of assurance
It is also necessary to go through the Level One, verified assessment step before you apply for the Level Two audited step.Prepare Early
The full question set and standard are available for free download. This will let you see the full requirements for certification before starting an application.
Please note
The question set is for information only. If you would like to apply for certification, please apply online. All applications are completed via our secure online assessment platform. Completed question set documents will not be accepted by any other methods.Follow the step by step guide below to work out if you have the correct prerequisite certification and which level you intend to apply for.
If you would like to talk about the requirements for a prerequisite certification or have any other questions, please give us a call on 03300 882 752 or email us on [email protected] and one of our friendly staff will be happy to help you.
Follow our step-by-step guide to certification:
Step 1. Which prerequisite certification do I need ?
Are you inside or outside the UK?
Applicants for IASME Cyber Assurance must hold a prerequisite certification. Please follow the pathway to certification below to discover the right route for you.
Are you based inside the UK?
Cyber Essentials is a UK Government cyber security scheme for organisations of all sizes. It represents the government-approved minimum standard of cyber security for organisations of all sizes in the UK and Crown Dependencies. It consists of five technical controls that will reduce the impact of common cyber-attack approaches by up to 80%.
If your organisation is based in the UK, Cyber Essentials is your prerequisite.
Cyber Essentials can be achieved by any organisation in the world provided they have access to a Certification Body based in the UK. Upon application, overseas organisations will be automatically allocated a Certification Body in the UK.
Do you already hold IASME Cyber Essentials certification?
Are you based outside the UK?
IASME Cyber Baseline is an international cyber hygiene certification scheme that tackles the basic, but critical, cyber security protection measures across eight themes. The scheme offers global supply chains a standardised and respected certification demonstrating robust cyber hygiene.
If your organisation is based outside the UK, you can choose Cyber Essentials or IASME Cyber Baseline as your prerequisite certification.
IASME Cyber Baseline was designed as an international certification scheme. Certification Bodies that assess against this scheme can be based anywhere in the world.
Do you already hold IASME Cyber Baseline certification?
Step 2. Which certification level do I need ?
Verified or Audited Assurance Assessment?
IASME Cyber Assurance is available at two levels.
Level One Verified Assessment
Level One consists of a verified assessment reviewed by an independent Assessor.
After registering for certification, you are given access to the secure assessment platform where you will answer the verified self-assessment questions. A senior member of the board or equivalent from your organisation must e-sign a document to verify that all the answers are true and then a qualified external Assessor will mark your answers.
The pricing structure for Level One certification is based on the size of your organisation.
Benefits include:
- A recognised framework to demonstrate compliance to the growing data protection and privacy regulations across the world
- A risk-based standard that is specifically designed to be affordable and achievable for small organisations
Price. TBC..
Level Two Audit
Level Two involves an audit of your processes, procedures and controls required by the IASME Cyber Assurance standard.
The audit is independent and conducted by an IASME Assessor. The Assessor will look at documentation, interview key staff and observe activities. This can be done in person or sometimes remotely (such as via a video call).
You will need to have completed the IASME Cyber Assurance Level One certification before you can process to the Level Two audit.
Benefits include:
- A well established certification that is gaining recognition as an alternative to ISO 27001 to secure supply chains in the UK and abroad
- An independent audit to proactively verify that the security controls that you have implemented provide the intended level of security
Price on Application
Step 3. Please confirm your choices
Cyber Essentials and IASME Cyber Assurance - Level One
Cyber Essentials represents a minimum recommended certification for organisations of all sizes in the UK and consists of five technical controls that will reduce the impact of common cyber-attack approaches by up to 80%. It is a prerequisite for IASME Cyber Assurance for organisations based in the UK.
IASME Cyber Assurance is a comprehensive risk-based standard for organisations to demonstrate their cyber security, privacy, and data protection measures.
Level One consists of a verified assessment reviewed by an independent Assessor.
The pricing structure for Level One certification is based on the size of your organisation.
Payment and Login Information
When your payment is received, we will send you login details to access the on-line assessment platform to begin your certification. You have 6 months to complete your assessment before your account is archived. Unfortunately we cannot issue a refund so please do not apply until you are ready for the assessment.
If you get stuck or have any questions, please give us a call on 03300 882 752 or email us on [email protected]
Price: TBC
Step 3. Please confirm your choices
IASME Cyber Baseline and IASME Cyber Assurance - Level One
IASME Cyber Baseline is an international cyber hygiene certification scheme that tackles the basic, but critical, cyber security protection measures. It is a prerequisite for IASME Cyber Assurance for organisations outside the UK.
IASME Cyber Assurance is a comprehensive, risk-based standard for organisations to demonstrate their cyber security privacy, and data protection measures.
Level One consists of a verified assessment reviewed by an independent Assessor
The pricing structure for Level One certification is based on the size of your organisation.
Payment and Login Information
When your payment is received, we will send you login details to access the on-line assessment platform to begin your certification. You have 6 months to complete your assessment before your account is archived. Unfortunately we cannot issue a refund so please do not apply until you are ready for the assessment.
If you get stuck or have any questions, please give us a call on 03300 882 752 or email us on [email protected]
Price: TBC
Step 3. Please confirm your choices
IASME Cyber Assurance - Level One
A comprehensive, risk-based standard for organisations to demonstrate their cyber security privacy, and data protection measures.
Level One consists of a verified assessment reviewed by an independent Assessor.
The pricing structure for Level One certification is based on the size of your organisation.
Payment and Login Information
When your payment is received, we will send you login details to access the on-line assessment platform to begin your certification. You have 6 months to complete your assessment before your account is archived. Unfortunately we cannot issue a refund so please do not apply until you are ready for the assessment.
If you get stuck or have any questions, please give us a call on 03300 882 752 or email us on [email protected]
Price: TBC
Step 3. Please confirm your choices