Your Information Assurance, Certified

IASME Cyber Assurance Assessments

IASME Cyber Assurance (ICA) offers SMEs a practical alternative to ISO 27001, showing strong governance, risk management, and data protection without the complexity or cost. It builds on Cyber Essentials by extending assurance beyond technical controls into processes, documentation, and management systems.

Our service covers Level 1 and Level 2 assessments, with the option to include IASME Quality Principles certification. We guide you through the full process, from scoping to certification, providing clear advice, support, and practical guidance at every step.

The result is more than certification; stronger information governance, greater operational resilience, and visible trust for clients, partners, and regulators.

Good Things To Know

Cyber Assurance is an IASME alternative to ISO 27001 for SMEs
Builds on Cyber Essentials to include governance, risk, and data protection controls
ICA Level 1 is a self-assessment; ICA Level 2 involves a full independent audit
Helps meet supply chain and government assurance requirements
Strengthens compliance, assurance, and client confidence
Quality Principles is an IASME alternative to ISO 9001 for SMEs

IASME Cyber Assurance & Quality Principles FAQs

What is IASME Cyber Assurance (ICA)?

IASME Cyber Assurance (ICA) is a UK Government-backed standard that certifies an company’s ability to manage information security and data protection effectively.

It provides evidence that both systems and internal processes are secure, well managed, and resilient.

What is the difference between IASME Cyber Assurance Level 1 and IASME Cyber Assurance Level 2?

Level 1 is a verified self-assessment where your submission is reviewed by an accredited IASME assessor.

Level 2 involves an independent audit that includes interviews, document reviews, and evidence gathering, showing that controls are being followed in practice.

Note: Level 1 must be completed before progressing to Level 2.

Are there any prerequisites for IASME Cyber Assurance?

Yes. You must hold a valid Cyber Essentials certificate before you can start an IASME Cyber Assurance application.

IASME require that your Cyber Essentials certificate is valid (it must normally have at least one month remaining when you purchase IASME Cyber Assurance).

You must complete Level 1 before progressing to Level 2.

The IASME Quality Principles are optional. They are taken directly with IASME and can be taken alongside IASME Cyber Assurance where required.

Can a company skip IASME Cyber Assurance Level 1 and go straight to Level 2?

No. Level 1 must be completed first, and it establishes the baseline and eligibility for the audit-based Level 2 stage.

What are the IASME Quality Principles?

The Quality Principles certification is an optional assessment from IASME that focuses on management quality and operational consistency.

It is broadly equivalent to ISO 9001 and is often completed alongside IASME Cyber Assurance to demonstrate strong governance and continual improvement.

Can IASME Cyber Assurance and Quality Principles be certified at the same time?

Yes, they can be done in parallel.

You can apply for IASME Cyber Assurance Level 1 or Level 2 alongside the optional Quality Principles certification to show both security and quality governance together.

Note: Quality Principles is applied directly through IASME.

Does the IASME Cyber Assurance assessment require on-site visits?

For Level 1, most of the process can be handled remotely.

For Level 2 audit, depending on the scope, some on-site or hybrid review may be required to verify evidence, interview staff, and inspect controls.

Do staff need to be involved in the IASME Cyber Assurance?

Yes. Part of the assessment or audit includes review of staff awareness, roles and responsibilities, and sometimes interviews.

You should ensure relevant personnel understand the controls, policies, and processes being assessed.

How does IASME Cyber Assurance relate to ISO 27001?

IASME Cyber Assurance is designed as a more accessible route to strong information security assurance for small and medium enterprises (SMEs), while aligning with many of the same principles covered by ISO 27001. It offers many of the same benefits with lower cost and complexity.

Who should get IASME Cyber Assurance certification?

Any company that handles sensitive information, delivers professional or digital services, or operates within a regulated or government supply chain can benefit. It is especially valuable for small and medium enterprises that want a structured, credible alternative to ISO 27001.

How long does the IASME Cyber Assurance certification process take?

The timescale depends on the size and complexity of your company and how mature your existing processes are.

After an initial scoping discussion, we will provide a clear plan and timeline to complete the assessment efficiently with minimal disruption.

What happens if we identify gaps during the IASME Cyber Assurance assessment?

If areas for improvement are found, we will provide a clear action plan and support you in making any necessary updates.

Once completed, we help you through revalidation to achieve the certification successfully.

What happens if we fail the audit at IASME Cyber Assurance Level 2?

If this happens, we will provide a detailed report highlighting non-conformities and required improvements.

You will then have an opportunity to remediate those areas, submit evidence again, and undergo a re-audit to achieve certification.

What do we receive after IASME Cyber Assurance certification?

You will receive an official IASME Cyber Assurance Level 1 or Level 2 certificate and, if applicable, a Quality Principles certificate.

You will also receive a report that outlines the findings, recommendations, and areas for ongoing improvement.

How often must we renew IASME Cyber Assurance certification?

IASME Cyber Assurance certification follows a three-year cycle.

In years one and two, company renew at Level 1 through verified self-assessment.

In year three, both Level 1 and Level 2 are revalidated through a full audit to maintain certification and confirm that controls remain effective.

Are IASME Cyber Assurance and Quality Principles cost-effective?

Yes. It provides meaningful assurance similar to ISO 27001 and ISO 9001, but with a simpler and more accessible framework.

They help to reduce risk, demonstrate compliance, security and quality commitments, and strengthen credibility with clients, suppliers, and regulators.

Get In Touch

Our team is available to help you with your next Penetration Test, Cloud Security Audit, or Cyber Essentials Assessment.

Whether you are launching a new platform, expanding an existing service, reviewing your defences, or strengthening your security posture, we can provide a tailored engagement that meets your specific needs and scope.

Contact us today to discuss your requirements and see how we can help you protect your business with confidence.

Email Us

Call us on 0333 339 7246

View Our Other Services