What is the IASME Cyber Assurance standard?
The IASME (Information Assurance for Small and Medium Enterprises) Cyber Assurance standard is a comprehensive, flexible, and affordable cyber security standard. It provides assurance that an organisation has put into place a range of important cyber security, privacy, and data protection measures.
Becoming certified allows small and medium-sized enterprises in a supply chain to demonstrate their level of cyber security for a realistic cost and indicates that they are taking good steps to properly protect their customers’ information. Today, the audited IASME Cyber Assurance certification is now accepted by a wide range of industry sectors as an alternative to ISO 27001 for small companies.
The IASME Cyber Assurance certification is available in two levels: Level One Verified Assessment and Level Two Audited.
As a licensed Certification Body for IASME Cyber Assurance certification, we offer expert services to guide you through achieving either the Level 1 Verified Assessment or Level 2 Audited assessment. Our team is here to assist you in fortifying your cybersecurity measures and bolstering your defence against potential threats.
-
Why should my organisation consider getting certified under the Cyber Essentials scheme?Obtaining Cyber Essentials certification showcases your organisation's commitment to cybersecurity, signalling to customers, suppliers, and stakeholders that you take data protection seriously. Additionally, this certification opens doors to public sector contracts, lowers insurance premiums and aids in meeting compliance obligations.
-
How much does Cyber Essentials cost?There are two levels of Cyber Essentials certification. The cost of Cyber Essentials (verified self-assessment) depends on the size of the organisation. Pricing is below: 0-9 Employees (Micro): £320 Excl. VAT 10-49 Employees (Small): £440 Excl. VAT 50-249 Employees (Medium): £500 Excl. VAT 250+ Employees (Large): £600 Excl. VAT The cost of a Cyber Essentials Plus assessment will depend on both the size and complexity of your network(s) and organisational devices.
-
How much does Cyber Essentials Plus cost?Cyber Essentials Plus entails a comprehensive technical audit of the systems falling under Cyber Essentials certification, encompassing a representative set of user devices, all internet gateways, and servers with services accessible to unauthenticated internet users. The assessment's cost is contingent on your network(s)' size and complexity. To obtain an estimate or quote, kindly reach out to us through our Contact page.
-
What are the requirements of the Cyber Essentials scheme?Cyber Essentials centers around five key technical control themes to ensure robust cybersecurity: Firewalls Secure Configuration User Access Control Malware Protection Patch Management To access the Cyber Essentials requirements document and the Cyber Essentials Plus illustrative technical specification (for Cyber Essentials Plus), you can find them both at this location: here
-
Do Cyber Essentials certificates expire?Every new certificate issued will be valid for 12 months. As recommended by the UK government, it is advisable to renew your certification annually. To maintain your status as a certified organisation, it is essential to undergo recertification within the past 12 months. Rest assured, any company we assist in the certification process will receive a notification at least one month before their certificate's expiry date, ensuring timely renewal.
-
Do I need Cyber Essentials to bid for Government contracts?For Government contracts, Cyber Essentials certification or evidence of implemented technical controls is often a prerequisite. We strongly recommend confirming the specific expectations of each Government department regarding Cyber Essentials certification before pursuing any contracts. Requirements and exemptions can differ between departments, making it crucial to seek clarification for each contract individually.
-
Are personal or Bring Your Own Device (BYOD) included in the scope of Cyber Essentials?Every device utilised to connect to the business network or access any business applications or services falls within the scope for Cyber Essentials. For instance, if you use mobile phones to view work emails, these devices must also adhere to the scheme's requirements, including having a secure lock/pin, malware protection, being non-jailbroken/non-rooted, and promptly applying updates within 14 days of release.
-
Where can I find additional help and advice?Right here! Just get in Contact with us and we will be more than happy to assist you on your Cyber Essentials journey.