Short answer
IASME Cyber Assurance is a cyber security assurance scheme that looks beyond the basic technical controls covered by Cyber Essentials. It is intended to help organisations demonstrate a broader approach to managing cyber risk.
It can be useful where customers, suppliers or leadership teams want evidence of governance, policies, risk management and operational controls.
How it differs from Cyber Essentials
Cyber Essentials focuses on key technical controls that help protect against common cyber attacks.
IASME Cyber Assurance is broader. It considers how the organisation manages cyber security, including governance, policies, people, processes and evidence.
That makes it more suitable where an organisation needs to show that cyber security is being managed as a business issue, not just as a set of technical settings.
Who it may be useful for
IASME Cyber Assurance may be useful for organisations that:
- need to demonstrate stronger governance to customers or suppliers;
- have already completed Cyber Essentials and want to go further;
- want a more structured view of security management;
- need evidence for tenders or assurance reviews;
- are not ready for a larger or more complex certification route;
- want a framework for improvement.
What preparation involves
Preparation usually involves reviewing policies, responsibilities, risk management, access control, technical controls, incident readiness and evidence.
The exact work depends on your starting point. Some organisations already have many controls in place but lack evidence. Others need to create clearer ownership, update policies or improve how risks are reviewed.
Why the process can be useful
The value is not only the certificate. The process can help you clarify responsibilities, improve documentation, identify gaps and make cyber security more visible to leadership.
It can also provide a useful bridge between basic certification and a more mature security programme.
How it fits with vCISO support
IASME Cyber Assurance can work well alongside vCISO support. The scheme can help identify what needs to improve, while vCISO support can help manage those improvements over time.
This is particularly useful where the organisation needs ongoing guidance rather than a one-off assessment.
How Be Secure Cyber can help
Be Secure Cyber can help organisations understand IASME Cyber Assurance, prepare for assessment and use the process to strengthen wider governance and security management.