Evolving Cyber Security Standards: What’s New From IASME

Whilst Cyber Essentials is a widely respected UK cyber security certification and the most prominent offering from IASME, they’ve actually introduced multiple other schemes over the last few years. Due to these accreditations being relatively new they aren’t as well known, however they could be helpful if you are working in a particular sector, want to achieve a specific security goal or looking for a competitive advantage.

Cyber Essentials

Haven’t heard of Cyber Essentials? Cyber Essentials is a UK government-backed certification that helps businesses of all sizes protect themselves against common cyber threats. It provides a clear framework for securing IT systems by focusing on five key controls: firewalls, secure configuration, user access management, malware protection and software updates. Achieving Cyber Essentials not only strengthens your organisation’s security defences but also demonstrates a commitment to cyber security, boosting trust with customers, meeting compliance requirements, and reducing the risk of data breaches. There are two levels to the standard, Cyber Essentials and Cyber Essentials Plus, the first is a self-assessment whereas Plus involves a technical audit. To find out more, we have a range of helpful resources and Cyber Essentials blogs you can access.

Achieving Cyber Essentials Plus compliance across their partnership network has helped St James’s Place reduce cyber security incidents by approximately 80%.

Defence Cyber Certification (DCC)

Defence Cyber Certification (DCC) is a new cyber security framework for UK defence suppliers, developed by the MOD and IASME to strengthen supply chain resilience. There are four levels to the scheme. It offers a single, organisation-level assurance that supports UK Defence procurement, with annual check-ins and recertification every three years. Achieving and maintaining DCC certification signals a supplier’s sustained commitment to cyber resilience across the defence sector.

IASME Cyber Baseline 

IASME Cyber Baseline is an international cyber hygiene certification designed for organisations outside the UK. It covers essential security measures across eight key themes such as asset protection, secure architecture, and access management. The certification provides a respected benchmark for demonstrating basic cyber resilience and serves as a stepping stone toward the more comprehensive certifications. IASME are implementing 2 levels to the standard, that follow a similar style of Cyber Essentials.

IASME Cyber Assurance 

IASME Cyber Assurance has been designed to help organisations “achieve cyber resilience for a realistic cost”. It demonstrates that an organisation has implemented key controls for cyber security and data protection, aligning with global regulations and supply chain expectations. It has been around longer than the other standards in this list and you might know it by its previous name, IASME Governance. Unlike other certifications, it is flexible as the depth of the requirements to achieve the certification depends on the organisation’s size. You must have Cyber Essentials to achieve IASME Cyber Assurance. Plus, like Cyber Essentials, there are two levels.

IASME IoT Cyber 

IASME IoT Cyber is a partnership between IASME and the Police Crime Prevention Initiative, Secured By Design (SBD). It certifies internet-connected devices against key cyber security controls, helping manufacturers demonstrate compliance with UK legislation. It offers a visible certification badge that can be displayed on packaging to build customer trust, supporting all manufacturers in delivering secure, privacy-conscious products. There are two levels, Baseline and Assurance, with the second level having more security provisions in place.

IASME Civil Aviation Authority ASSURE 

IASME Civil Aviation Authority ASSURE is the UK’s accredited cyber audit scheme for aviation, developed with the CAA and CREST. It enables airlines, airports, and air navigation providers to assess cyber resilience using the Cyber Assessment Framework for Aviation. Audits are conducted by certified professionals across risk, technical, and operational domains providing independent assurance without compromising safety or compliance.

IASME Maritime Cyber Baseline 

IASME Maritime Cyber Baseline is a practical and affordable certification for vessel owners, operators, and builders to improve onboard cyber security. It supports alignment with IMO Maritime Cyber Risk Management guidelines and helps reduce the risk of cyber attacks. Available as a verified self-assessment or audited certification, it reassures passengers, partners, and port authorities of a vessel’s cyber resilience.

Trusted Security Partner

We are an NCSC certified Assured Service Provider, Cyber Advisor, Cyber Essentials Certification Body (both levels) and IASME Cyber Assurance Certification Body. If you’re unsure what your next steps should be, get in contact and our team will be happy to advise.

When working with clients, our goal is to not only mitigate cyber risks but to achieve their other security objectives, whether that is to increase their competitive advantage, streamline processes or improve ROI.

Find out how Data Connect can help today.