Packages & Certifications

We are proud to be associated with the IASME Certification Body for the Government Backed Cyber Essentials, Cyber Essentials PLUS & IASME Governance Standards.

We offer stand alone self-assessed (where appropriate) services through to supporting your organisation through on-site Consultancy throughout the process, check out our information boxes below for our different certifications and package options.

Packages & Certifications

Cyber Essentials

The Cyber Essentials Certification is a Government backed certificate intended to harden SME Businesses against the unskilled, automated Internet based threats which make up a large part of the background threat ‘noise’ of the Internet.

Cyber Essentials is an independently verified self assessment. Organisations assess themselves against five basic security controls and a qualified assessor moderates the information provided and either awards the certificate or grades it a failure in which case the organisation has two days in which to make changes & re-submit.

It covers 5 Key Technical Controls: 

  • Boundary firewalls and internet gateways
  • Secure configuration
  • Access control
  • Malware protection
  • Patch management

For organisations sucessfully completing Cyber Essentials or IASME Governance Standard for the whole of their business, £25,000 of Cyber Liability Insurance Cover is included.

Cyber Essentials PLUS

The Cyber Essentials Certification is a Government backed certificate intended to harden SME Businesses against the unskilled, automated Internet based threats which make up a large part of the background threat ‘noise’ of the Internet.

Cyber Essentials PLUS builds on the steps taken in Cyber Essentials, providing additional confidence to the organisation & its clients through an on-site audit of the 5 key technical controls of CE through testing that they work in practice by simulating basic hacking and phishing attacks.

Cyber Essentials PLUS involves a technical audit of the systems that are in-scope for Cyber Essentials. This includes a representative set of user devices, all internet gateways and all servers with services accessible to unauthenticated internet users.

The assessor will test a suitable random sample of these systems (typically around 10 per cent) and then make a decision whether further testing is required.

The assessor will need to visit your head office and a representative sample of your other offices in order to carry out the tests. The quantity of other offices visited depends on the complexity of your organisation – in a multinational organisation the assessor may need to visit a number of countries. Some tests may be carried out remotely provided that the agreed on-site visits have been carried out.

IASME Governance Standard

The IASME Governance standard was created by a project, funded by the government, with the aim to create a cyber security standard which would be an affordable and achievable alternative to the international standard, ISO27001.

The IASME Governance standard allows small companies to demonstrate their level of cyber security for a realistic cost and indicates that they are following best practice approaches to protect their customers information through policies, procedures and by implementing the technical controls assessed through Cyber Essentials Certification.

The IASME Governance assessment includes a Cyber Essentials assessment and is available either as a self assessment or on-site audit. Since the 1st March 2017, it has also included an optional assessment against the GDPR requirements.

IASME Governance Standard - Audited

The IASME Governance standard was developed over several years during a government funded project to create a cyber security standard which would be an affordable and achievable alternative to the international standard, ISO27001.

The IASME Governance standard allows the small companies in a supply chain to demonstrate their level of cyber security for a realistic cost and indicates that they are taking good steps to properly protect their customers information through policies, procedures and by implementing the technical controls assessed through Cyber Essentials Certification.

The IASME Governance assessment includes a Cyber Essentials assessment and is available either as a self assessment or on-site audit. Since the 1st March 2017, it has also included an optional assessment against the GDPR requirements.

The Audited version (also known as IASME Gold) follows the self-assessed version of IASME and comprises an on-site audit of the level of information security provided by your organisation. It offers a similar level of assurance to the internationally recognised ISO 27001 standard but is simpler and often cheaper for small and medium-sized organisation to implement.

The standard includes all of the five Cyber Essentials technical topics and adds additional topics that mostly relate to people and processes, for example:

  • Risk assessment and management
  • Training and managing people
  • Change management
  • Monitoring
  • Backup
  • Incident response and business continuity

By gaining the Audited IASME Governance certificate your organisation is achieving IASME’s highest level of certification and providing assurance to customers and suppliers that your organisation’s security has been audited by a skilled, independent third-party.

GDPR Readiness

GDPR – The EU wide General Data Protection Regulation – came into force on 25th May 2018.

We offer custom Consultancy services to assist your organisation become GDPR-Ready and to demonstrate your commitment to the key principles of GDPR through the award of a CSUK Certificate.

Please call us on 0151 363 5823 to find out more.

Levels of Support

Self Assessed

Both the Cyber Essentials & IASME Certifications can be applied for on a Self Assessed basis. Once you have completed the assessment on behalf of your organisation, it will be moderated by one of our  IASME Certified Assessors.

This best suits organisations with a high degree of confidence in their IT & Information Assurance controls, policies & procedures.

A little help

 If your organisation has little formal IT Support – or they’re too busy with business as usual demands – then you might want to consider a package that includes a little assistance to help explain the concepts underlying some of the questions in the assessment.

This best suits organisations where there may be ad-hoc IT & Information Assurance controls, policies & procedures in place, supported by a small support department wither internally or externally and some outline guidance is required.

A lot of help

Businesses without in-house or formal external IT Support in place may struggle with some of the concepts underpinning the assessment questions and require more extensive guidance throughout the process along with advice of how to change their operations to achieve compliance.

We offer packages that include on-site assistance to work through the programme with you. If you have an incumbent IT Support service then we will liaise with them as to any changes that need to be made or we can arrange for a trusted, vetted supplier from our Accredited Supplier & Practitioner Pool to quote directly.

Custom Support

For clients wishing to embark on the IASME Audited standard – or the audited version of Cyber Essentials (Cyber Essentials PLUS) – then we would be happy to quote on a custom basis following discussion of the level of support required.

Clients seeking to progress through our GDPR-Readiness programme are advised to start with a Gap Analysis, followed by a custom quote for support once we have a clearer understanding of the business.