JE3 Logo

Cyber Assurance

IASME Cyber Assurance is a UK Government-backed certification scheme, designed to help organisations of all sizes implement good cybersecurity practices to protect their sensitive information and IT systems.

The IASME Cyber Assurance scheme covers a range of cybersecurity areas, including information security, access control, secure configuration, incident management, and staff awareness.

If you would like to obtain this certification and/or be taken through the process, please contact us.

Identify and Classify

It is required that organizations identify and classify their assets and data based on their sensitivity and criticality. This is an important step in determining the appropriate level of protection needed to secure these assets and data.

Organizations must identify all assets and data within their environment and classify them based on their level of importance. This could include classifying data as confidential, secret, or top secret based on their sensitivity level. By properly identifying and classifying assets and data, organizations can ensure that they apply the appropriate level of protection to secure them against cyber threats.


It is required that organizations implement measures to protect their systems and data from unauthorized access or attack. This includes implementing access controls to limit access to authorized personnel, encrypting data in transit and at rest, and ensuring that systems are securely configured. Access controls could include things like implementing role-based access controls, multi-factor authentication, and least privilege access to limit the potential damage in case of a security breach.

Encryption could be implemented using technologies like SSL/TLS, disk encryption, and file encryption to prevent unauthorized access to data. Secure system configurations could include implementing regular security patches, disabling unnecessary services, and properly configuring firewalls and intrusion prevention systems.

Detect and Deter

It is required that organizations implement measures to detect and deter cyber threats. This includes implementing intrusion detection and prevention systems to monitor for suspicious activity, conducting regular vulnerability assessments to identify potential weaknesses, and monitoring for indicators of compromise.

By detecting threats early, organizations can take action to prevent a successful attack or minimize its impact.

Respond and Recover

It is required that organizations have plans and processes in place to respond to and recover from cybersecurity incidents. This includes having an incident response plan that outlines the steps to be taken in case of a security breach, conducting regular incident response drills to test the plan, and ensuring that backups are regularly taken and tested to enable recovery in case of data loss or system failure.

By having a well-defined incident response plan, organizations can respond quickly and effectively to a security breach, minimizing the damage and downtime caused.


IASME Cyber Assurance is specifically designed with SMEs in mind. This means the fee's are achievable for an organisation of any size.


IASME works with the National Cuber Security Council to create and manage the standards supported by the UK Government.

Reassure Customers

Reassure your customers that you take data protection seriously and prospective customers that business with you has their data's protection in mind.

Cyber Assurance Level One Certification Cyber Assurance Level Two Certification

Ready to get certified?