Cyber Assurance builds upon the foundation of Cyber Essentials (CE) and Cyber Essentials Plus (CE Plus) by introducing governance, risk management, and data protection into your cyber security strategy.

Developed by IASME, it’s the next step for organisations ready to go beyond basic technical controls and adopt a comprehensive approach to strengthening resilience.

This structured framework offers a progressive three-tiered pathway, guiding organisations from CE and CE Plus toward the internationally recognised ISO 27001 standard.

Three Levels of Assurance for a Resilient Cybersecurity Framework

Cyber Assurance is designed to help organisations advance their cyber security maturity, with each level enhancing and expanding on the strong foundation provided by Cyber Essentials.

 

Building on the basics of CE and CE Plus, this level introduces independent verification, allowing organisations to assess and reinforce their security practices across a wider range of areas. Cyber Assurance Level 1 includes technical controls, as well as added focus on privacy, data protection, governance, and risk management. It’s ideal for organisations seeking a more structured approach, with verified standards covering critical areas beyond the purely technical. 

For those ready to go deeper, Level 2 involves a comprehensive audit by certified IASME assessors. This audit evaluates your policies, risk assessments, and data controls, ensuring your organisation meets Cyber Assurance’s 13 core principles. This level allows organisations to demonstrate a robust and proactive stance on cybersecurity and governance. 

The final level in this structured pathway is ISO 27001, an internationally recognised standard for information security management. ISO 27001 certification is often the end goal for organisations seeking the highest level of assurance, proving that information security is embedded across all aspects of operations. With Level 2 Cyber Assurance in place, organisations typically find the jump to ISO 27001 smoother, as key foundational work has already been established. 

Renewal Requirements for Continued Security 

To maintain certification and keep pace with evolving security standards, organisations must renew Cyber Essentials and Cyber Assurance Level 1 on an annual basis. Cyber Assurance Level 2 requires a full recertification every three years, supported by annual Level 1 reviews to ensure continued compliance. ISO 27001, once achieved, includes annual surveillance audits, with a full recertification audit every three years to validate ongoing adherence to the standard. 

Why Cyber Assurance? 

Cyber Assurance enables organisations to build on CE and CE Plus, offering more than just technical security. It allows for a more comprehensive risk management approach that covers governance, privacy, and data protection, addressing both operational and compliance needs. This structured journey is adaptable—many organisations opt to progress to ISO 27001, while others find that stopping at Level 2 Cyber Assurance meets their long-term security goals. 

At Evolve North, we’re here to support each step of your journey. Whether you’re establishing your Cyber Essentials foundation or preparing for ISO 27001, we provide expert guidance to ensure you’re ready, resilient, and confident in your security. 

 

Interested in Cyber Assurance for your business? Speak to our experts today

01748 905 002

.