IASME Cyber Assurance – an alternative information assurance governance standard for SMEs

Although ISO27001 is the globally recognised benchmark for Information Governance, smaller organisations often find it challenging to get ISO27001 certified due to cost and effort involved.

The IASME (Information Assurance for Small and Medium Enterprises) Cyber Assurance standard aligns with the UK Government’s 10 steps to Cyber Security and includes additional Data Privacy controls. It provides smaller companies within a supply chain with a suitable and affordable method to demonstrate their level of information security.

IASME Cyber Assurance certification shows that you are taking the right steps to protect customer information. It includes an assessment of your General Data Protection Regulations (GDPR) compliance.

IASME Cyber Assurance

What are the benefits of IASME Cyber Assurance?

IASME Cyber Assurance demonstrates the integrity of your information security practices. A risk-based assurance, IASME looks at aspects such as physical security, staff awareness and data backup.

It will:

  • Prove your cyber security, privacy and data protection measures are effective
  • Offer assurance to your stakeholders that your security has been assessed or audited independently by an accredited third-party
  • Show a clear picture of your organisations current cyber security level and ensure processes are documented
  • Give your organisation a competitive advantage and retain more business

You can use IASME Cyber Assurance (also referred to as IASME Governance) as a stepping-stone to achieving the ISO27001 at a later stage.

By engaging with us, you can rely on RightCue’s established methods to efficiently achieve the cyber assurance credentials. We provide you with all mandatory documentation and processes required by an IASME certification body.

The standard covers 13 themes across 5 areas of control

IASME governance standard

RightCue are experts in information assurance governance standards – and are here to help you get certified.

IASME Cyber Assurance – Level 1

The self-assessed IASME certification option requires you to complete an online questionnaire about the controls you have in place to govern information assurance.

Our phased approach to implementation of IASME Cyber Assurance

If you choose to implement Cyber Assurance within your organisation, RightCue will work with you to define policies, establish industry best practices, embed risk management as a core of your security governance and management processes.

IASME governance certification

IASME information assurance standard

Phase 1: Information gathering and risk assessment

We conduct workshops with heads of your functional areas to document information and personal data flows and convert these into asset registers, ensuring information security responsibilities are clearly defined. We also assist you with initial risk assessment, IT business continuity and disaster recovery plans.

Phase 2: Information Security Management System

We assist you with defining your information security and privacy management system by providing you with policies, procedures and other core documentation adapted specifically for your business and organisation culture. We assist you with implementing technical controls – at a minimum these include the controls required by the UK government’s Cyber Essentials Scheme as well as best practices to protect your key information and systems. We also work with you on change management to ensure a seamless transition to these new processes with as minimal disruption to your business and existing ways of working as possible.

At the end of phase 2, you will be ready to achieve self-certification to Cyber Essentials and IASME Cyber Assurance level 1.

IASME cyber assurance level 1

IASME Cyber Assurance Level 1

IASME cyber assurance level 2

IASME Cyber Assurance Level 2

IASME Cyber Assurance – Level 2

If you would like to move to the next step, we can provide an audit of your information governance to ensure the highest possible standards are achieved.

A third-party audit demonstrates to your customers and other stakeholders that your organisation’s security has been independently evaluated and verified by skilled experts, offering a similar level of assurance to ISO 27001.

What makes us stand out?

  • Extensive and thorough understanding of business, technology, and regulations
  • Consistent praise from our clients for exceptional customer service and high-quality deliverables
  • Availability of a diverse pool of skilled professionals to cater to various industry sectors
  • A flexible approach that allows us to adjust our services to meet your specific needs, whether scaling up or down
IASME information standards

information assurance standard

Our expertise

  • Supply chain risk management
  • Security audits and internal audits
  • Knowledge of industry best practices e.g., CIS, NIST, ISO 27001, OWASP, DevSecOps
  • All types of penetration testing
  • Vulnerability assessments and cyber threat assessments
  • Global data privacy regulations
  • Knowledge of market leading security tools and solutions
  • Knowledge of major cloud platforms such as Azure, AWS and GCP
  • Cyber Essentials and Cyber Essentials Plus
What our clients think

“We began looking at how to get ISO 27001 certification and CSA Star Level 2. After an extensive search it became clear that while many companies stated they could deliver both, RightCue was the only business that met our requirements.

“The RightCue team were instrumental in the process – to be blunt, if there was no RightCue, we wouldn’t have been able to do this. Their knowledge of controls was outstanding, and they really understood our business.”


“We were keen to develop our IT security to the next level so we could expand our client base as well as giving existing clients further peace of mind. Working with RightCue has been a total pleasure. They are just lovely people and to us they are not only trusted advisors but they feel like part of our extended team.

"Working with RightCue has supported our growth as a business and given us the reassurance we need, knowing that our security and data protection is well developed and managed - that's thanks to RightCue.”


“In early 2021, the ATI established the FlyZero project, with ambitious targets and timeframes. RightCue were involved from the start, contributing ideas and sustainable solutions to keep the project data secure.

“RightCue are so supportive and helpful. They operate almost as a virtual CIO and worked with me on a long-term strategy for IT and security to ensure it remains fit for purpose as the business continues to grow.”


“Beyond the accreditations, RightCue have caused us to think harder. To develop a maturity for our cyber security – processes and ideas for the future, and to think beyond IT to the business implications. Would I work with RightCue again? Absolutely, without hesitation…’


“RightCue helped us to achieve our cyber security accreditations including Cyber Essentials and IASME. But it’s more than that - the protection and management of data is now very much at the centre of our business.

“The RightCue team are absolute stars. Nothing is too much trouble. if you need help with cyber security, you can’t go wrong with RightCue.”


"The team at Rightcue worked very closely with our internal team on our ISO27001 accreditation. They were extremely thorough and rigorous throughout the process, they acted professionally at all times and guided us through each step of the way to attain ISO27001. I would recommend Rightcue to help you achieve your security accreditations.”


"They don’t just do the job and leave. They are at the end of the phone and happy to advise and engage at any time if you need them. If you’re considering Cyber Essentials accreditation, I’d definitely recommend RightCue.”


"Whilst going for a computer security accreditation is never easy, the team at RightCue made it as painless as possible. They were clearly very knowledgeable and as helpful as they could be, given their role as a certification body…”


“There is no doubt working with RightCue saved me a hell of a lot of time. I didn’t have to spend ages researching solutions. I would say RightCue are a very dependable resource, and are reassuringly competent. A good choice if you’re looking to acquire security accreditations…’


“We have been hugely impressed with the team at RightCue. They are very approachable and incredibly knowledgeable...Achieving those accreditations was so much easier, by working with an experienced and accomplished team of professionals, such as RightCue…’


“Having confidence in recommending them to our clients has allowed us to concentrate on playing to our strengths.

All of the RightCue team are very helpful and very willing to go the extra mile. They are very committed to delivering a good service, and that’s why we are always happy to refer them.”


Get in touch with us

For further information about our different IASME Cyber Assurance certification and IASME governance options, or to arrange a consultation, contact us.

+44 (0)1256 744 780