What is IASME Cyber Assurance Level 2?
IASME Cyber Assurance Level 2 is an advanced level of cybersecurity certification offered by the UK Information Assurance Consortium for Small and Medium-sized Enterprises (IASME).
It is based on the Cyber Essentials certification requirements and covers additional technical controls and governance requirements.
IASME Cyber Assurance Level 2 includes a more comprehensive assessment of an organization’s cybersecurity posture and is designed to provide a higher level of assurance to stakeholders, including customers, suppliers and investors.
It is suitable for organizations with more complex IT infrastructures and higher cybersecurity risks, and offers a more robust and holistic approach to managing cybersecurity.
Difference Between Cyber Assurance level 1 and 2
| Feature | IASME Cyber Assurance Level 1 | IASME Cyber Assurance Level 2 |
| Technical Controls | 5 technical controls from Cyber Essentials | 10 technical controls from Cyber Essentials plus 5 additional technical controls |
| Governance Requirements | Not required | Governance requirements covering policies, procedures, and risk management |
| Cybersecurity Assessment | Self-assessment questionnaire | Independent assessment by a certified assessor |
| Scope | Suitable for small organizations or those with lower cybersecurity risks | Suitable for medium-sized organizations or those with more complex IT infrastructures and higher cybersecurity risks |
| Assurance Level | Provides a basic level of assurance to stakeholders | Provides a higher level of assurance to stakeholders, including customers, suppliers, and investors |
| Certification Validity | Valid for 12 months | Valid for 12 months |
Applicability
- Medium-sized organizations with complex IT.
- Organisations with high cybersecurity risks.
- Organisations requiring higher level of assurance.
- Organisations with Regulatory/compliance requirements.
- Organisation which require advanced cybersecurity management program.
- Organisations with Governance requirements beyond Cyber Essentials.
Methodology
Phase 1: Scope determination
Determine the scope of the cybersecurity management program, including the IT infrastructure, assets, and data involved.
Phase 2: Gap analysis
Conduct a gap analysis to identify areas that need improvement to meet the requirements of IASME Cyber Assurance Level 2.
Phase 3: Planning
Develop a plan to implement additional technical controls and governance requirements to meet the certification criteria.
Phase 4: Implementation
Implement the cybersecurity management program, including technical controls and governance requirements, based on the plan.
Phase 5: Testing and validation
Test and validate the implemented controls and processes to ensure they are effective in mitigating cybersecurity risks.
Phase 6: Certification assessment
Engage a certified assessor to perform an independent assessment of the cybersecurity management program to meet the requirements of IASME Cyber Assurance Level 2.
Phase 7: Certification
Receive IASME Cyber Assurance Level 2 certification after a successful assessment.
Phase 8: Maintenance
Maintain the certification by conducting regular assessments and addressing any new cybersecurity risks or changes in the IT infrastructure.
Why CyberSRC®?
- We are team of qualified professionals with rich experience of multiple industries such as Manufacturing, BFSI, Insurance, Healthcare, NBFCs & others. Our consultants are industry experts and have proven track records, some of the renowned certificates that our consultants hold such as CISA, CISSP, COBIT, CEH, CCNA, OSCP, ISO 9001 LA/LI, ISO 27001, ITIL LA/LI, PMP, to name a few.
- We believe in adding value to your business which is enabled through our Centre of Excellence (Coe) and, we have end-to-end capability for Program Build – Operations – Transformation. We can jump start and execute projects in Managed Services mode globally and flexible delivery models.
- Our Vision is to be one of the World’s most trusted advisory & solution provider for Cyber Security, Data Protection an Assurance practices.