Cyber Assurance
What is IASME Cyber Assurance?
IASME Cyber Assurance is a recognised UK cyber security and information assurance standard. It provides a structured and affordable framework to help organisations demonstrate that they are managing cyber risk effectively and protecting sensitive data.
It is particularly well suited to SMEs and supply-chain organisations that need to evidence good cyber governance without the overhead of ISO 27001.
The scheme has two levels:
- Level 1 – Verified Assessment
- Level 2 – Audited Certification (Level 1 must be achieved first)
Why achieve IASME Cyber Assurance?
Demonstrate Cyber Resilience
Show customers, suppliers and stakeholders that appropriate security controls are in place.
Supply Chain Assurance
The standard meets many supply-chain requirements where structured cyber governance is expected.
Practical & Proportionate
Scaled to organisation size — smaller organisations answer fewer questions, reducing compliance burden.
Data Protection Alignment
Supports alignment with UK data protection and information security best practice.
What does the certification cover?
IASME Cyber Assurance looks beyond basic technical controls and includes:
- Risk management processes
- Security policies and procedures
- Asset management
- Access control
- Incident response
- Business continuity
- Data protection measures
- Supplier management
It provides a broader governance framework compared to baseline certifications.
Level 1 – Verified Assessment
Level 1 is a structured, externally verified self-assessment.
You complete the online assessment through the IASME platform and it is reviewed by a Certification Body.
Pricing (fixed – per IASME)
| Organisation Size | Price |
| Micro (0-9 employees) | £320 + VAT |
| Small (10-49 employees) | £440 + VAT |
| Medium (50-249 employees) | £500 + VAT |
| Large (250+ employees) | £600 + VAT |
Level 2 – Audited Certification
Level 2 builds on Level 1 and includes an external audit to validate implementation of the controls.
This provides higher assurance and is suitable for organisations with stronger contractual or regulatory requirements.
Pricing
Level 2 certification is dependent on scope and organisational complexity.
Please contact us for a tailored quotation.
Is Cyber Assurance Right for Your Organisation?
You may require Cyber Assurance if:
- You need to demonstrate structured cyber governance beyond baseline technical controls.
- Your customers or supply chain require broader information security assurance.
- You handle sensitive, regulated or high-value information.
- You want a recognised, affordable alternative to ISO 27001.
- You need to evidence risk management, policy controls and organisational security processes.
Cyber Assurance provides a broader level of organisational assurance than entry-level certifications, focusing on governance, risk management and information security controls across the business.
B
Base3 offers Cyber Assurance Support
Base3 supports organisations in building a robust, proportionate cyber governance framework aligned to IASME Cyber Assurance requirements — providing clarity, structure and expert guidance from initial readiness through to certification.
Our support includes:
- Gap Analysis & Readiness Review – Identifying areas requiring improvement before assessment.
- Policy & Documentation Development – Ensuring required governance and security controls are properly documented.
- Assessment Submission Guidance – Structured support during completion and submission.
- Ongoing Compliance Support – Helping you maintain and build on certification year after year.
Whether you require comprehensive assistance or certification-only support, Base3 can tailor the engagement to suit your organisation’s size, maturity and objectives.
Key Documentation & Resources
All official documentation can be found on the Cyber Assurance section of the IASME website:
Help and Resources (standards, question sets, templates and guides)
These pages include the official requirements and assessment materials.