News & Insights
Cyber Assurance Level 1 & Level 2 Certification: FAQs
Cyber Assurance Certification: FAQs – Fourtify have been recieving a number of questions recently from organisations approaching us for a certification in cyber security. The majority of these have related specifically to Cyber Assurance Certification and how it effects existing or planned Cyber Essentials Certificates.
We hope you find this useful and relevant, as always – if there is a question which we have not answered, please do get in touch with the team at Fourtify: hello@fourtify.co.uk
The scheme was re-developed to build upon the existing knowledge and understanding of Cyber Security at a higher level. To counteract cyber-crime as it continues to evolve by implementing additional controls to protect your environment. As the adoption of cloud services increases so does our risk. The standard will help to add a greater understanding of these risks and/or build knowledge of issues relating to cyber security for SMBs today.
1. What is the difference between Cyber Essentials and the Cyber Assurance scheme?
The Cyber Essentials Scheme is a UK government scheme developed by the National Cyber Security Council to enable organisations to fortify themselves against the most common cyber threats from the internet and to demonstrate commitment to cyber security.
It covers five main technical controls which will protect companies against an estimated 80% of common internet threats.
- The controls are:
- Secure your Internet connection (Firewalls and routers)
- Secure your devices and software (Secure configuration)
- Control access to your data and services (Access control)
- Protect from viruses and other malware (Malware protection)
- Keep your devices and software up to date (Software updates)
The IASME Cyber Assurance standard is aligned to the UK-Government’s 10-Steps to Cyber Security and covers General Data Protection Regulation (GDPR) and privacy requirements.
Cyber Assurance is further aligned to a similar set of controls in other international security standards but is more affordable and achievable for small and medium sized organisations to achieve and implement.
Cyber Essentials certification is required before undertaking the IASME Cyber Assurance assessment.
2. Is Cyber Assurance Level 2 the same as Cyber Essentials Plus?
No.
Cyber Essentials Plus is an independently audited level of the Cyber Essentials assessment, testing the 5 Cyber Essentials controls only.
Whereas, Cyber Assurance Level 2 is an independent on-site audit of the level of information security provided by your organisation, against the IASME Cyber Assurance standard.
It is aligned to a similar set of controls in other international security standards but is more affordable and achievable for small and medium sized organisations to implement. The standard includes GDPR and privacy requirements and adds additional topics that mostly relate to people and processes, for example:
- Risk assessment and Management
- Training and Managing people
- Change Management
- Monitoring
- Backup
- Incident Response and Business Continuity
3. Can I apply for Cyber Essentials and Cyber Assurance together?
You can apply for Cyber Essentials and IASME Cyber Assurance at the same time. However, you cannot start your IASME Cyber Assurance application until you have successfully achieved Cyber Essentials.
Both standards have a tiered pricing structure and are chargeable separately as per the breakdown below. To note, these are the fee’s payable to IASME only for access to the certification.
Cyber Essentials tiered fee’s (for assessment only)
Micro Organisations | 0-9 Employees | £300 + VAT
Small Organisations | 10-49 Employees | £400 + VAT
Medium Organisations | 50-249 Employees | £450 + VAT
Large Organisations | 250+ Employees | £500 + VAT
Cyber Assurance tiered fee’s (for assessment only)
Micro Organisations | 0-9 Employees | £300 + VAT
Small Organisations | 10-49 Employees | £400 + VAT
Medium Organisations | 50-249 Employees | £450 + VAT
Large Organisations | 250+ Employees | £500 + VAT
4. Does the fee for Cyber Assurance include the fee for Cyber Essentials?
No. Both Cyber Essentials and IASME Cyber Assurance Level 1 have a tiered pricing structure as per the below and are charged for separately as detailed above:
5. How does Cyber Assurance map to standards such as ISO27001?
The Cyber Assurance Standard for Level 1 certificates and Level 2 certificates map closely to a number of widely recognised standards and principles of cyber security as well as assurance standards and guides. This means it can be used to demonstrate compliance to many of these standards.
The Cyber Assurance Standard enables your team – no matter the roles and issues they face gain a greater understanding of the requirements and how they apply specifically to the context your environment.
The IASME team has mapped the standard and assessment question set to the standards listed below. The mapping comparisons are free for you to review and we would be happy to provide upon request.
- NIS Directive Cyber Assessment Framework (CAF)
- ISO 27001 / ISO 27002
- NHS Digital Data Security & Protection Toolkit
- ICO’s Accountability Framework
- 10 Steps to Cyber Security
If you would like to speak to a member of the team today regarding Cyber Assurance, please click this link and reach out to a member of the team.
Categories
- Consultancy
- What is Malware?
- Is Vulnerability Scanning important to your business?
- Cyber Essentials for Accountancy Sector
- IASME Cyber Baseline FAQs
- Cyber Essentials for Small Businesses
- Funded Cyber Essentials Programme
- Cyber Essentials – Grace Period for Technical Controls
- IASME and British Chamber of Commerce: Chamber Cyber Essentials Partnership
- Cyber Assurance Level 1 & Level 2 Certification: FAQs
- The IASME Cyber Assurance Standard
- Fourtify’s Cyber Security FAQ’s
- E-mail Security
- The rise of Ransomware-as-a-Service (RaaS)
- Cyber Essentials & Cyber Essentials Plus
- Cyber Awareness
- Is Vulnerability Scanning important to your business?
- Cyber Essentials / IASME Cyber Assurance: Price Increase from April 2nd 2024
- Sophos Intercept X achieves ‘AAA’ Protection
- Cyber Essentials FAQs
- What is the difference between Phishing and Blagging?
- Diminish Cyber Threats with Sophos Intercept X
- Cyber Assurance Level 1 & Level 2 Certification: FAQs
- The IASME Cyber Assurance Standard
- Fourtify’s Cyber Security FAQ’s
- E-mail Security
- The rise of Ransomware-as-a-Service (RaaS)
- Cyber Essentials 3.0 will be launching in January 2022
- Stay Safe Online this Christmas.
- Cyber Essentials & Cyber Essentials Plus
- Cyber Essentials
- What is Malware?
- Cyber Essentials for Accountancy Sector
- Cyber Essentials / IASME Cyber Assurance: Price Increase from April 2nd 2024
- Lexcel and Cyber Essentials: Strengthening Your Legal Practice’s Security.
- Cyber Essentials Montpellier (3.1)
- Cyber Security for Charities
- Cyber Essentials for Small Businesses
- Funded Cyber Essentials Programme
- Cyber Essentials – Grace Period for Technical Controls
- Cyber Essentials FAQs
- IASME and British Chamber of Commerce: Chamber Cyber Essentials Partnership
- What is the difference between Phishing and Blagging?
- Diminish Cyber Threats with Sophos Intercept X
- The IASME Cyber Assurance Standard
- Fourtify’s Cyber Security FAQ’s
- Update to Fees for Cyber Essentials Certification
- Cyber Essentials 3.0 will be launching in January 2022
- Cyber Essentials & Cyber Essentials Plus
- IASME Cyber Assurance
- Cyber Essentials / IASME Cyber Assurance: Price Increase from April 2nd 2024
- IASME Cyber Assurance & Privacy Commissioner, Bermuda.
- Cyber Security for Charities
- What is the difference between Phishing and Blagging?
- Diminish Cyber Threats with Sophos Intercept X
- Cyber Assurance Level 1 & Level 2 Certification: FAQs
- The IASME Cyber Assurance Standard
- IASME Cyber Baseline
- Remote Working