top of page
IASME Consortium Logo.jpg

What is the IASME Cyber Assurance standard?

The IASME (Information Assurance for Small and Medium Enterprises) Cyber Assurance standard offers essential cybersecurity guidelines tailored to safeguard small and medium-sized enterprises (SMEs) and their customers from cyber threats.


This standard aligns with internationally recognised best practices, including the ISO 27001 standard for information security management systems.  Covering critical aspects such as risk management, asset management, access control, incident management, and business continuity, it aims to enhance SMEs' cybersecurity posture and resilience against cyber attacks.

The IASME Cyber Assurance certification, available in two levels – Level 1 Verified Assessment and Level 2 Audited, includes GDPR requirements.  To apply for IASME Cyber Assurance, possessing a valid Cyber Essentials certificate is a prerequisite.

As a licensed Certification Body for IASME Cyber Assurance certification, we offer expert services to guide you through achieving either Level 1 Verified Assessment or Level 2 Audited.  Our team is here to assist you in fortifying your cybersecurity measures and bolstering your defence against potential threats.

  • Why should my organisation consider getting certified under the Cyber Essentials scheme?
    Obtaining Cyber Essentials certification showcases your organisation's commitment to cybersecurity, signalling to customers, suppliers, and stakeholders that you take data protection seriously. Additionally, this certification opens doors to public sector contracts, lowers insurance premiums and aids in meeting compliance obligations.
  • How much does Cyber Essentials cost?
    There are two levels of Cyber Essentials certification. The cost of Cyber Essentials (verified self-assessment) depends on the size of the organisation. Pricing is below: 0-9 Employees (Micro): £320 Excl. VAT 10-49 Employees (Small): £440 Excl. VAT 50-249 Employees (Medium): £500 Excl. VAT 250+ Employees (Large): £600 Excl. VAT The cost of a Cyber Essentials Plus assessment will depend on both the size and complexity of your network(s) and organisational devices.
  • How much does Cyber Essentials Plus cost?
    Cyber Essentials Plus entails a comprehensive technical audit of the systems falling under Cyber Essentials certification, encompassing a representative set of user devices, all internet gateways, and servers with services accessible to unauthenticated internet users. The assessment's cost is contingent on your network(s)' size and complexity. To obtain an estimate or quote, kindly reach out to us through our Contact page.
  • What are the requirements of the Cyber Essentials scheme?
    Cyber Essentials centers around five key technical control themes to ensure robust cybersecurity: Firewalls Secure Configuration User Access Control Malware Protection Patch Management To access the Cyber Essentials requirements document and the Cyber Essentials Plus illustrative technical specification (for Cyber Essentials Plus), you can find them both at this location: here
  • Do Cyber Essentials certificates expire?
    Every new certificate issued will be valid for 12 months. As recommended by the UK government, it is advisable to renew your certification annually. To maintain your status as a certified organisation, it is essential to undergo recertification within the past 12 months. Rest assured, any company we assist in the certification process will receive a notification at least one month before their certificate's expiry date, ensuring timely renewal.
  • Do I need Cyber Essentials to bid for Government contracts?
    For Government contracts, Cyber Essentials certification or evidence of implemented technical controls is often a prerequisite. We strongly recommend confirming the specific expectations of each Government department regarding Cyber Essentials certification before pursuing any contracts. Requirements and exemptions can differ between departments, making it crucial to seek clarification for each contract individually.
  • Are personal or Bring Your Own Device (BYOD) included in the scope of Cyber Essentials?
    Every device utilised to connect to the business network or access any business applications or services falls within the scope for Cyber Essentials. For instance, if you use mobile phones to view work emails, these devices must also adhere to the scheme's requirements, including having a secure lock/pin, malware protection, being non-jailbroken/non-rooted, and promptly applying updates within 14 days of release.
  • Where can I find additional help and advice?
    Right here! Just get in Contact with us and we will be more than happy to assist you on your Cyber Essentials journey.
bottom of page