Frequently Asked Questions

What is the difference between the Cyber Essentials Scheme and the IASME Cyber Assurance Scheme?

The Cyber Essentials Scheme is a Government scheme that helps organisations to guard against the most common cyber threats from the internet and demonstrate commitment to cyber security. It covers five main technical controls which will protect companies against an estimated 80% of common internet threats. The controls are:

Secure your Internet connection (Firewalls and routers)
Secure your devices and software (Secure configuration)
Control access to your data and services (Access control)
Protect from viruses and other malware (Malware protection)
Keep your devices and software up to date (Software updates)

IASME Cyber Assurance certification is aligned to the Government’s Ten Steps to Cyber Security and covers the General Data Protection Regulation (GDPR) and privacy requirements. IASME Cyber Assurance is aligned to a similar set of controls in other international security standards but is more affordable and achievable for small and medium sized organisations to implement.

Cyber Essentials certification is required before undertaking the IASME Cyber Assurance assessment.

Is IASME Cyber Assurance Audited the same as Cyber Essentials PLUS?

No – Cyber Essentials Plus is an audited level of the Cyber Essentials assessment, testing the 5 Cyber Essentials controls only. IASME Cyber Assurance Level Two is an independent on-site audit of the level of information security provided by your organisation, against the IASME Cyber Assurance standard. It is aligned to a similar set of controls in other international security standards but is more affordable and achievable for small and medium sized organisations to implement. The standard includes GDPR and privacy requirements and adds additional topics that mostly relate to people and processes, for example:

Risk assessment and management
Training and managing people
Change management
Monitoring
Backup
Incident response and business continuity

Can I apply to do Cyber Essentials and IASME Cyber Assurance together?

You can apply for Cyber Essentials and IASME Cyber Assurance at the same time. However, you cannot start your IASME Cyber Assurance application until you have successfully achieved Cyber Essentials.

Both standards have a tiered pricing structure and are chargeable separately.

Pricing Structure

Micro Organisations	0-9 Employees	£300
Small Organisations	10-49 Employees	£400
Medium Organisations	50-249 Employees	£450
Large Organisations	250+ Employees	£500

Pricing Structure

Micro Organisations	0-9 Employees	£300
Small Organisations	10-49 Employees	£400
Medium Organisations	50-249 Employees	£450
Large Organisations	250+ Employees	£500

Does the price for IASME Cyber Assurance (from £300 +VAT) include the price of Cyber Essentials certification (from £300 +VAT)?

No. Both Cyber Essentials and IASME Cyber Assurance Level 1 have a tiered pricing structure as per the tables below and they are charged separately.

Pricing Structure

Micro Organisations	0-9 Employees	£300
Small Organisations	10-49 Employees	£400
Medium Organisations	50-249 Employees	£450
Large Organisations	250+ Employees	£500

Pricing Structure

Micro Organisations	0-9 Employees	£300
Small Organisations	10-49 Employees	£400
Medium Organisations	50-249 Employees	£450
Large Organisations	250+ Employees	£500

How does IASME Cyber Assurance map to other standards including ISO 27001?

We have mapped IASME Cyber Assurance to a variety of standards including ISO 27001. For more information please click here.

Cookie	Type	Duration	Description
cookielawinfo-checkbox-analytics		1 year	This cookies is set by GDPR Cookie Consent WordPress Plugin. The cookie is used to remember the user consent for the cookies under the category "Analytics".
cookielawinfo-checkbox-analytics	persistent	1 year	This cookies is set by GDPR Cookie Consent WordPress Plugin. The cookie is used to remember the user consent for the cookies under the category "Analytics".
cookielawinfo-checkbox-necessary		1 year	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-necessary	persistent	1 year	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-non-necessary		1 year	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Non-necessary".
cookielawinfo-checkbox-non-necessary	persistent	1 year	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Non-necessary".
CookieLawInfoConsent		1 year	CookieYes sets this cookie to record the default button state of the corresponding category and the status of CCPA. It works only in coordination with the primary cookie.
geot_country		1 year 1 month 4 days	Used to define what country is attributed to you to aid showing the correct content.
PHPSESSID		session	This cookie is native to PHP applications. The cookie stores and identifies a user's unique session ID to manage user sessions on the website. The cookie is a session cookie and will be deleted when all the browser windows are closed.
viewed_cookie_policy		1 year	The GDPR Cookie Consent plugin sets the cookie to store whether or not the user has consented to use cookies. It does not store any personal data.

Cookie	Type	Duration	Description
__cfduid		1 month	The cookie is used by cdn services like CloudFare to identify individual clients behind a shared IP address and apply security settings on a per-client basis. It does not correspond to any user ID in the web application and does not store any personally identifiable information.
__cfduid	persistent	1 month	The cookie is used by cdn services like CloudFare to identify individual clients behind a shared IP address and apply security settings on a per-client basis. It does not correspond to any user ID in the web application and does not store any personally identifiable information.
_ga		2 years	This cookie is installed by Google Analytics. The cookie is used to calculate visitor, session, campaign data and keep track of site usage for the site's analytics report. The cookies store information anonymously and assign a randomly generated number to identify unique visitors.
_ga	persistent	2 years	This cookie is installed by Google Analytics. The cookie is used to calculate visitor, session, campaign data and keep track of site usage for the site's analytics report. The cookies store information anonymously and assign a randomly generated number to identify unique visitors.
_gat_gtag		1 minute	Used to throttle too many requests from being issued within a short time. This is part of the Google Analytics suite of services.
_gat_gtag	persistent	1 minute	Used to throttle too many requests from being issued within a short time. This is part of the Google Analytics suite of services.
_gid		1 day	This cookie is installed by Google Analytics. The cookie is used to store information of how visitors use a website and helps in creating an analytics report of how the website is doing. The data collected including the number visitors, the source where they have come from, and the pages visited in an anonymous form.
_gid	persistent	1 day	This cookie is installed by Google Analytics. The cookie is used to store information of how visitors use a website and helps in creating an analytics report of how the website is doing. The data collected including the number visitors, the source where they have come from, and the pages visited in an anonymous form.
_hjAbsoluteSessionInProgress	persistent	30 minutes	This cookie is used to detect the first pageview session of a user. This is a True/False flag set by the cookie.
_hjFirstSeen	Session	1 year	This is set to identify a new user’s first session. It stores a true/false value, indicating whether this was the first time Hotjar saw this user. It is used by Recording filters to identify new user sessions.
_hjid	persistent	365 days	Hotjar cookie that is set when the customer first lands on a page with the Hotjar script. It is used to persist the Hotjar User ID, unique to that site on the browser. This ensures that behavior in subsequent visits to the same site will be attributed to the same user ID.
ajs_anonymous_id	persistent	365 days	This cookie is set by Segment as a randomly generated ID for anonymous users.

Cookie	Duration	Description
_ga_*	1 year 1 month 4 days	Google Analytics sets this cookie to store and count page views.
_gat_gtag_UA_*	1 minute	Google Analytics sets this cookie to store a unique user ID.
_hjSession_*	30 minutes	Hotjar sets this cookie to ensure data from subsequent visits to the same site is attributed to the same user ID, which persists in the Hotjar User ID, which is unique to that site.
_hjSessionUser_*	1 year	Hotjar sets this cookie to ensure data from subsequent visits to the same site is attributed to the same user ID, which persists in the Hotjar User ID, which is unique to that site.

Frequently Asked Questions

What is the difference between the Cyber Essentials Scheme and the IASME Cyber Assurance Scheme?

Is IASME Cyber Assurance Audited the same as Cyber Essentials PLUS?

Can I apply to do Cyber Essentials and IASME Cyber Assurance together?

Pricing Structure

Pricing Structure

Does the price for IASME Cyber Assurance (from £300 +VAT) include the price of Cyber Essentials certification (from £300 +VAT)?

Pricing Structure

Pricing Structure

How does IASME Cyber Assurance map to other standards including ISO 27001?

Cyber First

Living Wage

Cyber Scheme

National Cyber Awards 2022

Armed Forces Covenant

BSI