The IASME Cyber Assurance, once known as IASME Governance, is a comprehensive standard curated by the Information Assurance for Small and Medium Enterprises (IASME) and the National Cyber Security Centre. It’s designed to provide a cost-effective and suitable alternative to the international standard ISO/IEC 27001 for small to medium-sized enterprises.
IASME Cyber Assurance adopts a risk-based approach for security governance and compliance, offering a highly credible and more fitting security management standard for SMEs. It harmonises comprehensive company security research with best practice information security standards, covering 13 themes across five control areas.
Taking it a notch higher than the Cyber Essentials Scheme (CES), IASME Cyber Assurance incorporates the provisions of the Data Protection Act 2018.
Cyber Essentials is a prerequisite to attaining IASME Cyber Assurance.
IASME Cyber Assurance offers robust advantages for businesses, particularly those within the government supply chain, helping them stand out from competitors through their demonstrated commitment to cyber security.
IASME Cyber Assurance bolsters trust with stakeholders by demonstrating your commitment to robust cyber security practices. It provides a competitive edge, especially for suppliers within government supply chains. Beyond enhancing security protocols, it offers a cost-effective solution to improving cyber security among small and medium enterprises. Its adherence also aids in compliance with data protection laws, instilling confidence in clients and partners about their data safety.
For organisations operating outside the government supply chain, it’s a cost-effective way to ensure data security, acting as a practical alternative to international standards like ISO/IEC 27001.
IASME Cyber Assurance not only boosts current business relationships but also supports commercial growth and provides access to new business opportunities.
The Cyber Assurance standard offers two tiers of certification
This level grants access to a secure portal where you can complete your application and submit your responses for evaluation by an assessor.
| Organisation type | Employees | Unsupported | Supported |
|---|---|---|---|
| Micro | 1 to 9 | £320 | £1,550 |
| Small | 10 to 49 | £440 | £1,650 |
| Medium | 50 to 249 | £500 | £1,750 |
| Large | 250+ | £600 | £1,850 |
This stage involves an audit of your processes, controls, and procedures as dictated by the standard. An assessor from an IASME Certification Body independently performs this audit. Note that you must complete Cyber Assured Level 1 before attempting the Audited Assessment.
| Options | Unsupported | Supported |
| Prices from* | £2,150 | £4,300 |
* Prices vary based on number of devices, servers, and cloud services in scope
Ascentor was the first licensed external assessor for the Cyber Assurance standard, and our dedicated team is at your service throughout your certification journey, providing answers to any questions or queries you might have.
Our assessors are armed with vast knowledge and extensive experience in information security, and they are kept abreast of all updates to the scheme to provide you with the best advice for attaining certification.
We provide two types of packages for your Cyber Assurance certifications:
Supported Package – This option includes specialist advice and guidance on Cyber Assurance requirements and implementing necessary controls for standard compliance. If you’re new to the certification process or less confident about the assessment, this package is ideal as support is available throughout your assessment.
Unsupported Package – This option is best suited for organisations renewing a previous certification or those already well-versed with the Cyber Assurance requirements. Ascentor will provide a login for the Cyber Assurance questionnaire, which you can submit for marking after completion.
If you are compliant and meet all the Cyber Assurance standard requirements, Ascentor will issue your certificate.
We leverage years of experience in cyber security to deliver comprehensive solutions tailored to your needs.
We're certified in ISO 9001:2015, Cyber Essentials Plus, IASME Gold and are a Crown Commercial Service Supplier.
NCSC (CESG) Certified Professionals CCP and Certified Information System Security Professional CISSP certified.
We're Certified Information Security Managers (CISM).
We're members of the Chartered Institute of Information Security (CIISec). CREST and Cyber Scheme Registered Pentesters.
We stay ahead of the curve, consistently updating our services to handle the rapidly evolving landscape of cyber threats.
We work closely with clients, fostering partnerships to better understand and address your cyber security needs.
We offer pragmatic, accessible solutions that balance security needs with the realities of your operational requirements.
