IASME Cyber Assurance Certification
IASME Cyber Assurance is a recognised UK cyber security certification designed for organisations that want to demonstrate stronger security controls beyond Cyber Essentials. It provides independent verification that your organisation has effective processes for managing cyber risk and protecting sensitive information.
Our Cyber Assurance Process
We begin with a short consultation to understand your organisation, the systems in scope, and your current cyber security practices. This allows us to determine your readiness for certification.
Initial Consultation
We review your existing policies, controls, and procedures against the requirements of the Cyber Assurance framework provided by the IASME Consortium.
Any gaps or areas requiring improvement are clearly identified.
Gap Assessment
Our team provides practical guidance on implementing the required security policies and controls. This may include assistance with risk assessments, documentation, and security procedures.
Preparation and Guidance
Once your organisation is ready, we conduct the formal Cyber Assurance assessment in accordance with the framework recognised by the National Cyber Security Centre.
Certification Assessment
Frequently asked questions
1. What is the difference between Cyber Essentials and Cyber Assurance?
Cyber Essentials and Cyber Assurance are both UK cyber security certification frameworks designed to help organisations protect their systems and data.
National Cyber Security Centre Cyber Essentials focuses on five key technical security controls that protect organisations from the most common cyber attacks, such as malware, phishing, and unauthorised access.
Cyber Assurance, developed by the IASME Consortium, goes further by assessing an organisation’s policies, procedures, governance, and risk management practices.
In simple terms:
-
Cyber Essentials verifies that your technical security controls are in place.
-
Cyber Assurance evaluates your organisation’s overall cyber security management and processes.
Many organisations start with Cyber Essentials and then progress to Cyber Assurance as their security maturity increases.
2. Who needs Cyber Assurance certification?
Cyber Assurance certification is suitable for organisations that want to demonstrate a higher level of cyber security governance and risk management.
It is particularly relevant for organisations that:
-
Work with government or public sector contracts
-
Handle sensitive or confidential customer data
-
Operate in regulated sectors such as finance, healthcare, or technology
-
Need to demonstrate strong cyber security to partners and clients
-
Want to strengthen internal cyber security policies and risk management
Cyber Assurance provides independent verification that your organisation has implemented effective processes for managing cyber risks.
3. How long does Cyber Assurance certification take?
The time required to achieve Cyber Assurance certification depends on the organisation’s current level of cyber security maturity.
Most organisations complete Cyber Assurance within 2–6 weeks depending on readiness and documentation.
4. Do we need Cyber Essentials first?
Yes. Cyber Essentials certification is typically required before an organisation can achieve Cyber Assurance.
Cyber Essentials ensures that essential technical security controls are in place, such as:
-
Firewalls
-
Secure configuration
-
User access control
-
Malware protection
-
Software updates
Once these technical controls are established through Cyber Essentials, Cyber Assurance builds on this foundation by assessing organisational policies, governance, and risk management practices.
5. What are Cyber Assurance standards?
Cyber Assurance standards are guidelines and best practices for managing cyber security risks and ensuring the protection of sensitive information. Achieving these standards demonstrates your commitment to cyber security.