IASME Cyber Assurance Standard
The IASME Cyber Assurance Standard was developed over several years during a government-funded project to create a cyber security standard which would be an affordable and achievable alternative to the international standard, ISO 27001.
The IASME Cyber Assurance Standard allows the small companies in a supply chain to demonstrate their level of cyber security for a realistic cost, and indicates that they are taking good steps to properly protect their customers’ information.
The IASME Cyber Assurance assessment includes Cyber Essentials and GDPR requirements assessments and is available either as a self-assessment or on-site audit. The standard includes all of the 5 Cyber Essentials technical topics and adds additional topics that mostly relate to people and processes, including:
Risk assessment and management
Training and managing people
Change management
Monitoring
Backup
Incident response and business continuity
A copy of the standard is available here.
Who needs IASME Cyber Assurance?
If you are a small business for whom ISO 27001 or ISO 9001 may not be a good fit, but you want to validate your approach to information security, quality and compliance with data protection legislation (such as the Data Protection Act and GDPR) to clients and other third parties, certification to the IASME Cyber Assurance Standard may be a good option for you.
By gaining the audited IASME Cyber Assurance certificate, your organisation is achieving IASME’s highest level of certification and providing assurance to customers and suppliers that your organisation’s security has been audited by a skilled, independent third party.
What we do
We offer a number of different services for the IASME Cyber Assurance Standard.
If you want Level 1 of the IASME Cyber Assurance Standard, you can submit your own answers and use us as the certification body to review your answers and issue your certificate. If you need some support getting ready for the self-assessment, our flexible consultancy services can assist you with as much or as little help as needed.
If you are interested in Level 2 of the IASME Cyber Assurance Standard, please get in touch to discuss your requirements. For this Standard, you will first need to pass IASME Cyber Assurance Level 1, and we will then arrange to undertake an onsite audit. We will discuss with you the scope of the assessment and arrange a mutually convenient time to visit your organisation’s head office to carry out an audit of your policies and processes. This audit usually involves interviews with members of staff, and a review of documentation and system configuration. It does not involve a technical assessment unless you are being assessed to Cyber Essentials Plus at the same time, although it may be helpful to have technical staff available to provide evidence to the assessor of your system configuration. The assessor may also wish to visit branch offices or other locations in order to satisfy themselves that your good security practice is reflected across the organisation.
The standard covers 13 themes across 5 areas of control:
In all instances, Cyber Essentials, Cyber Essentials Plus, or IASME Cyber Baseline must be achieved before starting IASME Cyber Assurance; we can help you complete this too if you don’t already have it.
How much does it cost?
IASME Cyber Assurance Level 1
Please contact us to arrange a telephone or face to face appointment to discuss your IASME Cyber Assurance certification and compliance needs.
To get a quote for your Level 2 certification, please contact us.
Contact Us
Get in touch for a chat and we’ll be happy to answer any questions that you have.
+ What is IASME?
IASME (Information Assurance for Small and Medium Enterprises Consortium) is a not-for-profit organisation that aims to provide information assurance for SMEs. IASME work alongside a network of over 250 Certification Bodies across the UK and Crown Dependencies to help both certify these organisations in cyber security and counter fraud through their various schemes.
+ What certifications/schemes does IASME provide?
IASME provides certifications for: Cyber Essentials; Cyber Essentials Plus; IASME Cyber Assured; IASME IoT Security Assured; IASME Maritime Cyber Baseline; and the IASME Counter Fraud Fundamentals (CFF) Scheme.
+ What is IASME Cyber Assurance and why was it developed?
IASME Cyber Assurance is an information assurance standard that is particularly relevant SMEs who want to demonstrate their commitment to cyber security but without the expense and complexity of ISO/IEC 27001 certification. The standard also demonstrates achievement against the requirements of GDPR.
+ How do I take the assessment and how many questions are there?
The self-assessment is completed online using IASME’s secure portal where you are required to answer around 160 short questions about your security. You will get access to the portal immediately after paying for the assessment and will have up to six months to complete the answers.
+ What is the scope of IASME Cyber Assurance?
IASME Cyber Assurance covers everything included in the Cyber Essentials Certification, including secure configuration, firewalls and routers, access controls, software updates, and malware protection. IASME Cyber Assurance also includes questions aligned to the Government’s Ten Steps to Cyber Security, such as: GDPR requirements; Incident management; Company Polices; Risk assessments; and Backup.
+ How much does it cost to take the IASME Cyber Assurance assessment?
The cost of IASME Cyber Assurance certification depends on the size of your organisation: Micro Organisation (0-9 employees, £320 +VAT); Small Organisation (10-49 employees, £440 +VAT); Medium Organisation (50-249 employees, £500 +VAT); Large Organisation (250+ employees, £600 +VAT).
+ How long does the assessment take?
The actual time taken depends on various factors including the size of your business and the availability of key personnel, however it typically takes most companies up to 4-5 weeks to answer all these questions. You have up to six months to answer these questions. The answers are saved automatically by the portal.
+ How long does my IASME Cyber Assurance certification last?
IASME Cyber Assurance certification lasts for one year. IASME will remind you before your certification is due to expire.
+ What happens If I fail the IASME Cyber Assurance assessment?
Some Certification Bodies will offer a free retest should your organisation fail at the first attempt. Otherwise, you must pay the initial fee again.
+ What does the auditing involve?
The audit is an independent on-site audit of the level of information security provided by your organisation. This audit usually involves interviews with members of staff and a review of documentation and system configuration.