IASME Cyber Assurance Certification FAQs
Posted 9th December 2022
The IASME Cyber Assurance Certification is a cost-effective way for small to medium-sized businesses to achieve a higher level of security standards, practices and controls, notably covering UK-GDPR and privacy requirements.
IASME Cyber Assurance certification not only helps your business develop a security culture that will protect your business from cyber attack, it will help open doors to opportunities with bigger businesses in the UK and abroad. Aligned to international standards and audited by an independent third-party, Level 2 IASME Cyber Assurance certification provides proof of your security standards compliance often demanded by larger businesses protective about the risk of security breach in their supply chain.
How is the Cyber Assurance Certification different from Cyber Essentials and do I need both?
Backed by the UK Government, the Cyber Essentials Scheme was introduced to help organisations implement a basic set of controls that guard against the most common cyber threats and to help them demonstrate that they take security seriously when it comes to protecting customers and suppliers from cyber criminals.
Cyber Essentials focuses on 5 key technical controls that help protect companies from about 80% of common threats. Cyber Essentials is the first level of certification and has to be achieved before moving forward to IASME Cyber Assurance which is a more comprehensive assessment and audit.
IASME Cyber Assurance builds on the foundation provided by Cyber Essentials and takes a deeper dive into your business processes, notably covering GDPR (the General Data Protection Regulation) and privacy requirements. It is aligned to the UK Government’s Ten Steps to Cyber Security as well as similar international security frameworks, thereby helping your business reduce its vulnerability to cyber threats. As a certification, IASME Cyber Assurance has been designed to be more affordable and achievable for small and medium-sized organisations than many other international security standards.
I was audited for Cyber Essentials Plus, why do I need IASME Cyber Assurance?
Cyber Essentials Plus only tests the 5 controls demanded by Cyber Essentials. Whilst you were audited, Cyber Essentials Plus doesn’t cover the additional elements covered by the IASME Cyber Assurance certification such as GDPR requirements, risk assessments and incident management. The Level 2 audit for Cyber Assurance is an in-depth, independent on-site audit checking against a wider set of controls and processes.
What Does IASME Cyber Assurance Cover?
The certification has two levels that need to be completed, both are aligned with the UK Government’s Ten Steps to Cyber Security and NIS Directive. Level Two is IASME’s highest and most comprehensive compliance standard and involves an on-site audit.
IASME Cyber Assurance Level One:
An online assessment comprising 160 questions on your organisation’s cyber security controls, these include:
- Risk assessment and management
- Back-up
- Policies
- Incident Response Management
- Data Protection
- Operational Management
IASME Cyber Assurance Level Two:
Level Two of the certification includes all of the categories listed in Level One, with an added focus on employee security training and management.
- Monitoring
- Change management
- Business continuity
- Training and management
Learn more about IASME Cyber Assurance cover and benefits.
How long does it take to achieve IASME Cyber Assurance certification?
As soon as you have paid your Level One certification fee, you can start the assessment. You have 6 months to complete the assessment. The online assessment saves your answers, so you can complete it in stages. Once you have completed it, it will be assessed by one of IASME’s certification bodies and a pass or fail is received within 72 hours.
You need to have completed and passed Level One before you start Level Two. Once you’ve passed, you can arrange a convenient time for an assessor to conduct your audit. The length of time that takes will depend on the size of your business and how many sites they need to visit.
What does a Cyber Assurance audit involve?
You will be visited by an independent third-party assessor who will be looking at your processes, procedures and controls. As well as reviewing your documented policies and interviewing members of staff, the assessor will look at your system configuration; so you might find it handy to have a member of the technical team at hand to answer any questions.
Can you do Cyber Essentials and Cyber Assurance at the same time?
You can apply forCyber Essentials and IASME Cyber Assurance at the same time, however, as Cyber Essentials is the basic level of certification, you will need to achieve this before you start the IASME Cyber Assurance process and audit. Each certification will be charged separately.
How often do we need to renew our IASME Cyber Assurance certification?
At the end of years one and two, your Cyber Assurance Certification is renewed by completing a new online Level One assessment. At the end of year three, you’ll be required to do a Level 2 audit to continue with certification.
How much does Cyber Assurance certification cost?
Level One’s online assessment can be completed within your business and costs (depending on the size of your business) from £300 to £500+ VAT.
Level Two, requires a trained and licenced certification body to complete the on-site audit. The cost depends on the size of your business and the complexity of your network, so you’ll need to get a quote based on your specific requirements.
How to get started
LP Networks are a licensed certification body and can help you achieve your IASME Cyber Assurance certification – Level 1. We also provide services that will help your organisation meet the requirements of the standard. Learn more about our IASME Cyber Assurance Consultancy Services, or get in touch to get your business-specific questions answered.