What is IASME Cyber Assurance (and who needs it)?

If you’re looking for a higher cybersecurity standard for your business – something to help you reassure investors and attract new clients – IASME Cyber Assurance could be it.

But what is IASME Cyber Assurance exactly? Who needs it? And what sort of business is it the right choice for?

Because, from the outside, cybersecurity standards can be difficult to tell apart.

As Dial A Geek regularly completes all the work required for IASME Cyber Assurance compliance for our Protect & Grow Premium clients and then certifies them to Level 1 in-house, we know more than a little about how it works.

Here is everything you need to know about whether this higher standard of information security is the one that would suit your business:

What is IASME Cyber Assurance?

IASME Cyber Assurance is one of several different cybersecurity standards applicable to the UK. These standards are frameworks that lay out all of the different aspects you should have in place in order to have a certain level of cybersecurity protection.

These “aspects” are often referred to as “technical controls”. In the case of Cyber Assurance, there are thirteen themes of these. They cover everything from risk assessment to digital asset protection to information security to access management.

In the case of Cyber Assurance, there are also two important technical controls – for processes and people – that aren’t covered by more basic standards. This will become important shortly. Cyber Assurance also includes GDPR compliance, so that’s another priority taken care of.

Previously, IASME Cyber Assurance was known as IASME Governance. Since then, the Cyber Essentials accreditation has been decoupled from it. You now need to get Cyber Essentials and then move on to getting Cyber Assurance. We’ll explain more about this below.

Why are cybersecurity standards so important?

Cybersecurity is complicated. Especially in the modern world, where cybercriminals are increasingly sophisticated – spoofing email addresses and buying passwords online – an effective approach to data, identity, and information security needs to be comprehensive.

Cybersecurity standards like Cyber Assurance give businesses clear guidelines for what they should be doing and how to do it. This means businesses know what they need to do to protect themselves.

Cybersecurity compliance is becoming more and more important for another reason too. Because so many organisations now understand cyber threats to their partners are potentially a threat to themselves, many businesses won’t work with those who can’t signal they have protection in place.

The UK government, for instance, won’t accept tender bids from companies that don’t have the minimum standard – Cyber Essentials. In some cases, demonstrating you meet a higher cybersecurity standard than your competitors means you can also secure more business.

When is Cyber Assurance the right choice for my business?

For many businesses, this means the most important question is really which cybersecurity standard is the right choice for them.

Cyber Assurance is a higher standard of cybersecurity, equivalent to the international ISO 27001 standard – and developed with the support of the UK government as a more affordable, flexible alternative to it for UK businesses.

Here is how Cyber Assurance compares with other information security standards you might be considering:

1) IASME Cyber Assurance vs Cyber Essentials

One of the other choices you might be thinking about is Cyber Essentials. This UK government-backed scheme covers the “essentials” of what you should be doing to protect yourself from roughly 80% of cyber threats.

Often, this is enough to deter most cybercrime. Most cybercriminals want an easy score, so they tend to move on to a better target. This means that if your business isn’t in a sensitive industry or you don’t need a higher standard for some other reason, Cyber Essentials might be enough.

However, if you are in a sensitive industry or you want to signpost that you meet a higher security standard, Cyber Assurance might be the better option.

  • Cyber Essentials covers the basics of cybersecurity you should have in place
  • Cyber Essentials certification is a requirement to starting Cyber Assurance
  • Cyber Assurance is a much higher standard that also covers people and processes
  • This can mean Assurance is more suited to companies in sensitive industries
  • Assurance can also be useful for attracting business if security is important to your investors or partners

2) IASME Cyber Assurance vs ISO 27001

Cyber Assurance was largely developed as a more cost-effective alternative to the ISO 27001 standard, the cost of getting certification in which can run to many thousands of pounds.

The choice between the two isn’t as simple as national versus international though. The standards aren’t exactly the same. It can be a question of cost, but it’s also a question of where and how your business operates and with whom.

  • Cyber Assurance is the more affordable UK equivalent of ISO 27001
  • It’s increasingly accepted internationally too
  • Both are a higher cybersecurity standard more suited to larger and sensitive businesses
  • The choice of which is better can come down to cost, but there are many other factors

Get free advice on which cybersecurity standard is right for your business

Because Dial A Geek regularly assists our Protect & Grow Premium managed service clients in their journey to cybersecurity compliance of a level that makes sense for them – and we work with businesses in numerous sensitive fields – we can always advise you on the most suitable choice.

Why not talk over your business needs with one of the experts that over 1000 businesses in Bristol and beyond have trusted to get the best from their business tech?

Reach out to us to book a cost and commitment-free consultation with Chief Geek Gildas Jones today.