IASME Cyber Assurance Version 7 Released - Cyber Security Specialists

IASME Cyber Assurance Version 7 Released

The first version of the IASME Cyber Assurance certification was introduced in 2012 and initially known as the IASME Governance standard. The aim has always been to offer SMEs an affordable information security assurance standard, although it can equally be an option to larger organisations. The standard was relaunched and rebranded in 2022 as IASME Cyber Assurance.

With the Government continuing to push Cyber Security and large organisations drive for a “secure supply chain”, IASME has been reviewing the standard over several months to ensure it offers a cost-effective way of achieving cyber resilience and can be used by larger organisations to demonstrate that they take Cyber Security seriously.

Version 7 of IASME Cyber Assurance was released in May 2025. This update brings several changes, which are designed to make implementation easier and more closely aligned with the requirements of organisations in the real world. The standard still has two levels of certification. Level one is a self-assessment, which is renewed annually. Level 2 certification includes an independent audit of the information declared in the self-assessment and is renewed every three years.

The key changes that have been made in version 7 are:

The number of themes has increased from 13 to 14, with Systems Development now being in a separate theme. Changes have also been made to the categories that themes belong to.
Questions have been rewritten to remove ambiguity and condensed and placed in more appropriate sections.
Changes have been made to the requirements to remove duplication.
The standard now aligns more closely to ISO 27001, the NCSC Cyber Assessment Framework and the DSIT Cyber Governance Framework.
The standard can now be aligned to the size of the business, making it more cost-effective for smaller organisations to achieve certification.

Smaller organisations often found that some of the requirements were not relevant to them, were not overly aligned to risk, and the policy requirements could be too large.

Without compromising the Cyber Assurance standard, the requirements can now be tailored to the size of the organisation, from sole-traders to organisations with 250 people or more. Certification for all sizes will still be based on an appropriate Security Policy, Risk Assessment and Business Impact Assessment, which is coupled with a Business Continuity Plan.

The main benefits of the IASME Cyber Assurance standard are:

A viable cost-effective alternative to ISO 27001for organisations who predominantly do business in the UK.
Making it easier for small business to do business in the UK and abroad by playing a role in securing supply chains.
Addressing legal and regulatory compliance, to ensure organisations are compliant with data protection laws, including GDPR.

The changes made by IASME to the Cyber Assurance Standard, including the tailoring of the number of requirements to suit the size of the organisation, along with the improved alignment to other leading standards, will make it more accessible to all businesses who are looking to improve their Cyber Security measures.