Cyber Assurance builds upon the foundation of Cyber Essentials and Cyber Essentials Plus by introducing governance, risk management, and data protection into your cyber security strategy. This structured framework supports a progressive three-tiered pathway, guiding organisations from CE and CE Plus toward the internationally recognised ISO 27001 standard.

Note: Must have and maintain Cyber Essentials to achieve and maintain Cyber Assurance

 Two Levels of Assurance for a Resilient Cyber Security Framework

Cyber Assurance is designed to help organisations advance their cyber security maturity, with each level enhancing and expanding on the strong foundation provided by Cyber Essentials.

Cyber Assurance Level 1: Verified Self-Assessment

Building on the basics of CE and CE Plus, this level introduces independent verification, allowing organisations to assess and reinforce their security practices across a wider range of areas. Cyber Assurance Level 1 includes technical controls, as well as added focus on privacy, data protection, governance, and risk management. It’s ideal for organisations seeking a more structured approach, with verified standards covering critical areas beyond the purely technical.

 Cyber Assurance Level 2: Full Audit

For those ready to go deeper, Level 2 involves a comprehensive audit by certified IASME assessors. This audit evaluates your policies, risk assessments, and data controls, ensuring your organisation meets Cyber Assurance’s 13 core principles. This level allows organisations to demonstrate a robust and proactive stance on cybersecurity and governance.

The Benefits of Cyber Assurance

• A cost-effective alternative to ISO 27001
• Enhance trust with clients and stakeholders
• Support compliance with legal and regulatory requirements
• Improve resilience against cyber threats and attacks
• Includes GDPR readiness and data protection measures
• Demonstrates commitment to cyber security best practices

Renewal Requirements for Continued Security

To maintain certification and keep pace with evolving security standards, organisations must renew Cyber Essentials and Cyber Assurance Level 1 on an annual basis. Cyber Assurance Level 2 requires a full recertification every three years, supported by annual Level 1 reviews to ensure continued compliance.

Service delivered in partnership with Evolve North.