Improve Your Security and Gain Customer Trust with IASME Cyber Assurance Certification

Cyber threats are a significant concern for organisations of all sizes. However, for small and medium-sized enterprises (SMEs), the resources and expertise to navigate this complex environment can often be limited.

This is where the IASME Cyber Assurance standard steps in, providing a practical and accessible framework to enhance your security posture and demonstrate your commitment to protecting valuable information.

#1 : What is IASME Cyber Assurance?

The IASME Cyber Assurance standard is a comprehensive information security methodology specifically designed for SMEs, although it can be successfully applied to any organisation.

It's a sector-agnostic standard, offering a clear and straightforward approach to building a robust security framework against the ever-evolving landscape of cyber threats. Think of it as a structured way to understand, implement, and manage your organisation's security controls.

Achieving IASME Cyber Assurance certification demonstrates to your customers, supply chain partners, and stakeholders that your organisation takes information security seriously and has implemented measures to protect the data you handle. The standard is also risk-led, meaning your approach to security is guided by understanding and mitigating the specific risks your organisation faces.

#2 : Why is IASME Cyber Assurance Beneficial?

The benefits of adopting IASME Cyber Assurance are numerous:

• Identify and Mitigate Risks: The standard helps you systematically identify the specific risks your organisation faces regarding its information and systems. This understanding allows you to implement targeted controls to reduce the likelihood and impact of cyber incidents.

  
  

• Cost-Effective Security: Unlike some complex frameworks designed for large corporations, IASME Cyber Assurance is tailored to the resources and budgets of SMEs, offering a practical and proportionate approach to security.

  
  

• Build Trust and Confidence: Certification demonstrates to your customers, suppliers, and partners that you have taken proactive steps to secure their information, enhancing trust and providing a competitive advantage. This can be crucial for winning new business and maintaining strong relationships.

  
  

• Supply Chain Assurance: Many larger organisations and government bodies are increasingly requiring their suppliers to demonstrate a baseline level of cybersecurity. IASME Cyber Assurance provides a recognised standard to meet these requirements.

  
  

• GDPR Compliance Support: By focusing on good security practices, IASME Cyber Assurance helps your organisation demonstrate the measures you've taken towards complying with data protection regulations like GDPR.

  
  

• Continuous Improvement: The certification process encourages a cycle of continuous assessment and improvement, ensuring your security practices remain effective in the face of new threats.

  
  

#3 : Routes to Achieving IASME Cyber Assurance Certification

IASME Cyber Assurance offers two distinct levels of certification, allowing organisations to choose the level that best suits their needs and maturity:

• Level 1: Verified Self-Assessment: This level involves your organisation completing an online assessment questionnaire, answering approximately 130 straightforward questions about your security practices. To be eligible for Level 1, your organisation must first hold a valid Cyber Essentials (mandatory for UK organisations) or IASME Cyber Baseline certification. Once submitted, your answers are reviewed and marked by an approved IASME Cyber Assurance Certification Body Assessor, who will provide feedback and determine if you have met the requirements for a pass. Level 1 focuses on confirming a broad understanding and implementation of essential security controls through your self-attestation.

• Level 2: Audited: Building upon the foundation of Level 1, Level 2 certification provides a higher level of assurance through an independent, on-site or remote audit conducted by a qualified IASME Cyber Assurance Certification Body Assessor. This in-depth audit involves a review of your security documentation, interviews with key personnel, and observation of your security practices. The audit must cover all thirteen themes of the IASME Cyber Assurance standard. The Assessor will identify areas of compliance and any non-conformities. Ultimately, the final certification decision (pass or fail) for Level 2 is made by IASME Moderators after reviewing the Assessor's audit report.

#4: The journey to IASME Cyber Assurance certification typically involves the following steps:

1. Achieve Prerequisite Certification: Begin by obtaining Cyber Essentials (via self-assessment or the more rigorous Cyber Essentials Plus) or IASME Cyber Baseline certification.

   
   

2. Apply for IASME Cyber Assurance Level 1: Once you have your prerequisite certificate, you can apply for Level 1 through IASME's online assessment platform.

   
   

3. Complete the Self-Assessment Questionnaire: Answer all the questions in the online portal accurately and thoroughly. Ensure your responses are approved by a board member, business owner, or equivalent.

   
   

4. Submit for Marking: Once completed, submit your Level 1 assessment for review by an approved Certification Body.

   
   

5. Address Feedback (if any): The Assessor may provide feedback or request further information. Address these points promptly.

   
   

6. Proceed to Level 2 (Optional but Recommended): Upon successfully achieving Level 1, you can opt to pursue the higher Level 2 certification. This involves contacting an approved IASME Cyber Assurance Certification Body to schedule an audit.

   
   

7. Undergo the Level 2 Audit: Work with the Assessor during the audit, providing access to documentation, personnel, and premises (if on-site).

   
   

8. Receive Audit Report and Address Non-conformities (if any): The Assessor will produce an audit report. Address any identified non-conformities within the specified timeframe.

   
   

9. Moderation and Certification: The audit report is then reviewed by IASME Moderators who make the final certification decision.

   
   
   
   

#5 : Services Provided by an Approved IASME Cyber Assurance Certification Body - OCM

Approved IASME Cyber Assurance Certification Bodies play a vital role in helping organisations achieve and maintain their certification. Our services include:

• Level 1 Assessment and Marking: Reviewing and marking your Level 1 self-assessment questionnaire, providing valuable feedback.

  
  

• Level 2 Audits: Planning, conducting, and reporting on Level 2 audits, providing an independent verification of your security controls.

  
  

• Guidance and Support: Offering expert advice and support throughout the entire certification process, helping you understand the standard's requirements and best practices.

  
  

• Consultancy Services (Optional): We also offer optional consultancy services to help you implement the necessary security controls and prepare for certification.

  
  

• Vulnerability Scanning: Some Certification Bodies can also provide vulnerability scanning services, which can be particularly relevant for achieving Cyber Essentials Plus or identifying areas for improvement within your IASME Cyber Assurance framework.

  
  

• Assessor Expertise: Assessors are highly skilled and experienced information security professionals who have undergone specific IASME training and adhere to a strict code of conduct.

  
  

• Ensuring Quality and Consistency: Certification Bodies operate under the governance of IASME, ensuring a consistent and high-quality assessment process.

  
  
  
  

  

  
  
  
  

By partnering with an approved IASME Cyber Assurance Certification Body such as OCM, SMEs can gain the expertise and support needed to navigate the certification process effectively, strengthen their security posture, and demonstrate their commitment to information security. This ultimately leads to increased trust, enhanced business opportunities, and a more resilient organisation in the face of ever-present cyber threats.

About the Author – OCM Engineers

Hi, I’m an OCM Engineer, part of the expert team at OCM Communications, where we specialise in IT support and solutions, AI, network infrastructure, and cyber security with compliance. Our mission is to help businesses stay connected, secure, and efficient by providing insightful advice, practical solutions, and the latest industry updates.

With a BSc in Computing and Law and 30+ years of experience in designing, implementing, and supporting business systems, I bring extensive expertise backed by Microsoft and Google certifications and lead Cyber Essentials Assessor credentials. I’m passionate about making complex technology accessible for businesses of all sizes. Whether it’s optimising your network, strengthening security, or harnessing AI tools, I’m here to share knowledge and guide you through the evolving world of business technology.

Need tailored solutions or have questions? Get in touch – we’re here to help!