– the best cyber security standard for small companies in the UK –

What is the IASME Cyber Assurance?

The IASME (Information Assurance for Small and Medium Enterprises) Cyber Assurance standard, was formerly known as IASME Governance and it is a comprehensive, flexible and affordable cyber security standard.

Cyber Assurance demonstrates that an organisation has put into place a range of important cyber security, privacy and data protection measures.

IASME Cyber Assurance Level 1 Verified Assessed helps organisations achieve an excellent level of information security in a cost-effective manner. It is particularly applicable to SMEs who want to demonstrate to clients and business partners that they manage information and data securely.

IASME Cyber Assurance Maps to the Government’s 10 Steps to Cyber Security & NIS Directive. It also maps closely to ISO27001

Although ISO27001 is the globally recognised benchmark for Information Governance, smaller organisations find it challenging to get certified due to the cost and effort involved.

Many Organisations therefore choose the IASME standard as a more cost-effective certification and a stepping stone to achieving the ISO27001 at a later stage if required.

IASME Cyber Assurance enables you to demonstrate your organisation’s overall maturity level for good security and data privacy practices and that you are taking proper steps to protect customer information.

Many UK and International organisations now accept IASME Cyber Assured whilst in the past they may have insisted on ISO 27001. Government departments are also following suit and the Ministry of Justice is one such organisation who will accept IASME Cyber Assured.

The Cyber Assured Level 1 is a self assessment which is then checked and verified by an assessor. This certification must be achieved before you can move on to Level Two which is the fully audited version of the standard. It is the audited standard that would be accepted by the Ministry of Justice and is broadly equal to ISO27001.

Before you can apply for the IASME Cyber Assured standard you must already be certified to Cyber Essentials.

ISO/IEC 27001:2013 is the best-known standard in the family of standards providing help to keep information assets secure.

The 27001 standard sets out generic requirements for establishing, implementing, maintaining and improving an information security management system within the context of the organization. It also includes requirements for the assessment and treatment of information security risks.

You can see the 27000 standards here.

Why become certified against the IASME Standard

  • Demonstrate your commitment to security and protection of data
  • Enhance your organisation’s cyber security controls
  • Make your data governance processes more robust
  • Increase business partners’ confidence in your information assurance level
  • If you have access to another organisation’s data or systems, you are likely to be asked to demonstrate how you manage information security
  • Place your  business in a strong position if you wish to certify to the international standard ISO27001 in the future.

What Does the IASME Cyber Assurance Cover?

The IASME Cyber Assurance maintains a continuous annual assessment with re-certification every 3 years. The standard includes a number of elements covered in 13 categories:

  • Organisation
  • Assessing the Risk
  • Policy and Compliance
  • Assets
  • Personnel
  • Physical and Environmental Protection
  • Operations and Management
  • Access Control
  • Malware and Technical Intrusion
  • Monitoring
  • Backup and Restore
  • Incident Management
  • Disaster Recovery and Business Continuity

Differences between Cyber Essentials and IASME Cyber Assurance

While Cyber Essentials is a Government-backed scheme designed to cover the basics of cyber security, certification against the IASME Cyber Assurance seeks additional evidence to cover your security management, staff, physical security and business continuity.

Providing a more thorough level of data protection than Cyber Essentials, IASME focus on the complete management of information through a continuous development process and includes an optional assessment against the forthcoming General Data Protection Regulation (GDPR).

IASME Certification Levels

The IASME Cyber Assurance assessment includes a Cyber Essentials assessment and is available either as a self assessment or on-site audit. Since the 1st March 2017, it has also included an optional assessment against the GDPR requirements.



The self-assessed certification option comprises a set of questions regarding the controls in place governing Information Assurance in your organisation.

On submission we mark the questionnaire and award the certification if all of the answers given are compliant with the standard.



Once your self-assessment questionnaire has been assessed, an assessor will visit your organisation for a thorough audit of the controls and artefacts of the Information Security Management System and a report produced

The audited IASME certification is seen as a realistic alternative to ISO27001

We are licensed assessors of the IASME Cyber Assurance

We can assess against and competently advise on the Self-Assessed and Audited IASME Certifications