Frequently Asked Questions

IASME Cyber Baseline

If you have a question about Cyber Essentials that is not addressed below, please contact [email protected]

What is IASME Cyber Baseline?

IASME Cyber Baseline is an international cyber hygiene certification scheme that tackles the basic, but critical, cyber security protection measures for organisations outside of the UK. The scheme is an important first step for many organisations in proving that they are serious about cyber security. IASME Cyber Baseline is a prerequisite to the next step of certifying to the comprehensive risk based and policy driven standard, IASME Cyber Assurance. If you are based in the UK, Cyber Essentials is the recommended minimum certification.

How do I certify?

The IASME Cyber Baseline assessment consists of a verified self-assessment questionnaire which must be answered on the assessment platform after registering for certification. A senior member of the board or equivalent from your organisation must e-sign a document to verify that all the answers are true and then a qualified external Assessor will mark the answers. Organisations have 6 months from the date of application to pass the assessment and attain certification.

Prepare – Register- Pay

You can download the assessment questions free of charge before you certify. It is a good idea to prepare your answers in advance on a working document or spreadsheet which you can copy onto the assessment platform when you are ready. When you wish to apply, register for certification and make a payment.

Download the IASME Cyber Baseline assessment questions 

IASME Cyber Baseline online application form

Once your application and payment have been received, you will receive your online assessment portal log-in details so that you can enter your answers into the on-line assessment platform.

It is possible to cut and paste your answers from the preparation spreadsheet onto the assessment platform, but your completed answers on a spreadsheet will not be accepted for assessment. The questions address the scope of the assessment and the cyber security measures around 8 themes. These include organisation structure, asset management, secure architecture, people management, access control, technical intrusion, back up and restore and resilience. You do not have to complete all of your answers at once – you can save them as you go along.

Please note there is a time limit of 6 months from when you purchase your assessment account to completing the assessment. Once you have submitted your assessment for marking, your Assessor may send you feedback. You then have 2 working days to address any feedback.

Once you submit your answers, it will usually take two to three days to get the result back to you. If you have a tight deadline for certification, then please let us know and we will do our best to help you meet it.

How much does it cost?

The pricing of IASME Cyber Baseline has a tiered structure based on organisation size. Prices start from £300 + VAT for an assessment for micro-organisations. Small, medium and large organisations pay a little more, on a sliding scale up to a maximum of £500 + VAT which aims to reflect the complexity involved in assessing larger organisations.

A micro organisation has between 0-9 employees and IASME Cyber Baseline will cost £300 + VAT.

A small organisation has between 10-49 employees and IASME Cyber Baselinewill cost £400 + VAT.

A medium organisation has between 50-249 employees and IASME Cyber Baselinewill cost £450 + VAT.

A large organisation has 250 employees or more and IASME Cyber Baseline will cost £500 + VAT.

 

How do I pay?

The application form will allow you to pay via card or your PayPal account using the PayPal platform. Alternatively, to request an invoice be sent to you so you can pay via bank transfer.

How long will it take me?

It is a good idea to download the question set in advance (available for free from the website here) and prepare the answers before applying. By doing this, you can ensure that there are no unexpected aspects that may take a significant amount of time to comply with. As soon as you have paid, we will send you login details for your online assessment portal. You will have six months to complete your assessment before your account is deleted and unfortunately, we cannot issue a refund if this happens.

If you have prepared your answers in advance, filling out the self-assessment might only take about an hour. Once the questions have been submitted, most Assessors will aim to get the results back to you within three days. If you have not been successful, you will then have two working days to address the issues, update your answers and resubmit. The Assessor will then aim to take no more than three days to remark the assessment. If you have not included enough information for the Assessor to be able to mark a question, they will return it to you asking for more information. This step will also take a few days.

For how long does the certification last?

IASME Cyber Baseline is an annually renewable certification. It last for 12 months.

How do I prepare for my certification?

It is a good idea to prepare your assessment answers early using a working document or spreadsheet. The current assessment question set is available to download from the link below as either a pdf or an excel spreadsheet.

Who can help me?

IASME has a network of trained and licensed cyber security consultants which we call Certification Bodies or CBs. These experts, located all over the world can support your organisation in preparing and certifying against IASME Cyber Baseline.

If you have any questions, contact a member of the IASME team via email: [email protected]

Or phone: 03300 882 752

How will I get my assessment results and certificate?

IASME ensures that its certificates and badges are secure, transparent and verifiable by using BlockMark digital certificates. Your IASME Cyber Baseline certificate will be a digital BlockMark certificate.

You will first receive an email informing you of your assessment results, following that, you will receive a second email with a link to create an account on BlockMark that will allow you to access and download your digital badge and certificate. You will be able to embed your badge in your email and website footer as verifiable proof you hold certification. Your badge should only be used in accordance with the branding guidelines which you can see when you access your account to download your certificate.

For more information about BlockMark certificates and accounts, please read our user guide.

Can I certify to IASME Cyber Baseline at level Two?

The audited part of the scheme, or Level Two is not available yet . It will cover the same requirements as IASME Cyber Baseline verified assessment, but include a technical audit of your systems to offer a higher level of assurance.

What is IASME Cyber Assurance?

IASME Cyber Assurance is a comprehensive risk-based standard that covers 13 cyber security themes that include data privacy and policies and procedures. IASME Cyber Baseline allows organisations to start their cyber security journey focusing on eight of the 13 themes and is a prerequisite to certifying to IASME Cyber Assurance for organisations outside the UK.

Can I do IASME Cyber Baseline and IASME Cyber Assurance all in one go?

You can apply for IASME Cyber Baseline and IASME Cyber Assurance at the same time. However, you cannot start your IASME Cyber Assurance application until you have successfully achieved IASME Cyber Baseline.

Both standards have a tiered pricing structure and are chargeable separately.

Do you want to be an IASME Cyber Baseline Assessor or Certification Body?

To become an IASME Certification Body and Assessor, someone from your company will need to attend and pass the relevant Assessor courses. More details about requirements for Assessors can be gained by emailing our Training Team on [email protected]
We work with companies of all sizes; micro companies and one person organisations are welcome partners.

Get IASME Cyber Baseline today

If you have any other questions and would like to chat with a member of our customer services team, please contact us today on 03300 882 752 or email us on [email protected].