Frequently Asked Questions

What is the difference between the Cyber Essentials Scheme and the IASME Cyber Assurance Scheme?

The Cyber Essentials Scheme is a Government scheme that helps organisations to guard against the most common cyber threats from the internet and demonstrate commitment to cyber security. It covers five main technical controls which will protect companies against an estimated 80% of common internet threats. The controls are:

  • Secure your Internet connection (Firewalls and routers)
  • Secure your devices and software (Secure configuration)
  • Control access to your data and services (Access control)
  • Protect from viruses and other malware (Malware protection)
  • Keep your devices and software up to date (Software updates)

 

IASME Cyber Assurance certification is aligned to the Government’s Ten Steps to Cyber Security and covers the General Data Protection Regulation (GDPR) and privacy requirements. IASME Cyber Assurance is aligned to a similar set of controls in other international security standards but is more affordable and achievable for small and medium sized organisations to implement.

Cyber Essentials certification is required before undertaking the IASME Cyber Assurance assessment.

Is IASME Cyber Assurance Audited the same as Cyber Essentials PLUS?

No – Cyber Essentials Plus is an audited level of the Cyber Essentials assessment, testing the 5 Cyber Essentials controls only. IASME Cyber Assurance Level 2 is an independent on-site audit of the level of information security provided by your organisation, against the IASME Cyber Assurance standard. It is aligned to a similar set of controls in other international security standards but is more affordable and achievable for small and medium sized organisations to implement. The standard includes GDPR and privacy requirements and adds additional topics that mostly relate to people and processes, for example:

  • Risk assessment and management
  • Training and managing people
  • Change management
  • Monitoring
  • Backup
  • Incident response and business continuity

Can I apply to do Cyber Essentials and IASME Cyber Assurance together?

You can apply for Cyber Essentials and IASME Cyber Assurance at the same time. However, you cannot start your IASME Cyber Assurance application until you have successfully achieved Cyber Essentials.

Both standards have a tiered pricing structure and are chargeable separately.

 

Pricing Structure

Micro Organisations

0-9 Employees

£300 + VAT

Small Organisations

10-49 Employees

£400 + VAT

Medium Organisations

50-249 Employees

£450 + VAT

Large Organisations

250+ Employees

£500 + VAT

 

Pricing Structure

Micro Organisations

0-9 Employees

£400 + VAT

Small Organisations

10-49 Employees

£500 + VAT

Medium Organisations

50-249 Employees

£550 + VAT

Large Organisations

250+ Employees

£600 + VAT

Does the price for IASME Cyber Assurance (from £300 +VAT) include the price of Cyber Essentials certification (from £300 +VAT)?

No.  Both Cyber Essentials and IASME Cyber Assurance Level 1 have a tiered pricing structure as per the tables below and they are charged separately.

Pricing Structure

Micro Organisations

0-9 Employees

£300 + VAT

Small Organisations

10-49 Employees

£400 + VAT

Medium Organisations

50-249 Employees

£450 + VAT

Large Organisations

250+ Employees

£500 + VAT

 

Pricing Structure

Micro Organisations

0-9 Employees

£300 + VAT

Small Organisations

10-49 Employees

£400 + VAT

Medium Organisations

50-249 Employees

£450 + VAT

Large Organisations

250+ Employees

£500 + VAT

How does IASME Cyber Assurance map to other standards including ISO 27001?

We have mapped IASME Cyber Assurance to a variety of standards including ISO 27001. For more information please click here.