Synergos Logo

IASME Cyber Certification Pathway

Plan the right level of assurance for your environment: Cyber Baseline, Cyber Essentials, Cyber Essentials Plus, or Cyber Assurance.

Risk-Based Scope Planning Control Maturity Mapping Evidence Pack Support Technical Validation Readiness

Certification Levels

Choose the assurance level that matches buyer expectations, operational risk, and the maturity of your internal control evidence.

Level 1 Entry

Cyber Baseline

  • International cyber hygiene certification for businesses outside the UK
  • Covers basic but critical protection measures for global supply chains
  • Can be used as a prerequisite route into IASME Cyber Assurance (outside UK)
Select Cyber Baseline
Level 2 Core

Cyber Essentials

  • Annually renewable scheme aligned to the UK Government minimum baseline
  • Built around five technical controls against common internet-based threats
  • Recommended minimum certification for UK-based businesses
Select Cyber Essentials
Level 3 Verified

Cyber Essentials Plus

  • Includes a technical audit to verify controls are actually in place
  • Requires a passed Cyber Essentials verified self-assessment first
  • Audit covers representative user devices, internet gateways, and internet-facing servers
Select Cyber Essentials Plus
Level 4 Extended

Cyber Assurance

  • Comprehensive, risk-based and policy-driven cyber resilience standard
  • Demonstrates cyber security and data protection controls at broader depth
  • Available at two levels: Level One Verified Assessment and Level Two Audited
Select Cyber Assurance

Top-Tier Route

ISO 27001 (Highest Maturity Path)

When clients require the strongest governance-led information security position, ISO 27001 is the top-tier strategic route.

Select ISO 27001 View ISO 27001 Service

Control Depth Matrix

Area Cyber Baseline Cyber Essentials Cyber Essentials Plus Cyber Assurance
Control Breadth Starter scope Core technical controls Core controls + independent verification Extended governance + risk depth
Evidence Expectation Basic policy and process evidence Structured self-assessment evidence Assessment evidence + verified test readiness Expanded governance, risk, and operational evidence
Procurement Suitability Low-risk supplier onboarding Common baseline for contract entry Higher trust and assurance requirements Enterprise and maturity-focused requirements
Internal Effort Low to moderate Moderate Moderate to high High (cross-functional involvement)

Certification Paths (Prerequisites)

Use this to explain why a route may start at Cyber Essentials before moving into higher-assurance options.

Most common progression route
Cyber Essentials -> Cyber Essentials Plus -> Cyber Assurance

For UK-based businesses, Cyber Essentials is typically the minimum baseline before progressing to Cyber Assurance.

International pathway (outside UK)
Cyber Baseline -> Cyber Assurance

For businesses outside the UK, Cyber Baseline can be used as a prerequisite step before Cyber Assurance.

Understand Each Option

Expand each level for decision criteria, who it suits, and why you might choose it over Cyber Essentials alone.

Cyber Baseline: what it is and when to use it
  • Purpose: international cyber hygiene certification focused on basic but critical protection measures.
  • Best for: businesses outside the UK that need a standardised, respected baseline for global supply chains.
  • Why choose it: maps to international cyber hygiene standards and best practices that historically lacked formal certification routes.
  • Path note: outside the UK it can be used as a prerequisite to Cyber Assurance; in the UK, Cyber Essentials is usually the recommended minimum.
Cyber Essentials: the common procurement baseline
  • Purpose: annually renewable certification aligned to UK Government minimum cyber baseline requirements.
  • Best for: businesses of all sizes needing a recognised buyer-facing baseline.
  • Control focus: five technical controls proven to protect against common internet-based threats.
  • Typical next step: Cyber Essentials Plus where independent verification is required.
Cyber Essentials Plus: verified technical assurance
  • Purpose: technical audit that verifies the Cyber Essentials controls are implemented in practice.
  • Prerequisite: you must complete and pass Cyber Essentials first.
  • Audit scope: representative user devices, all internet gateways, and all internet-accessible servers.
  • Why choose it: provides stronger assurance than self-assessment alone.
Cyber Assurance: broader maturity and governance depth
  • Purpose: comprehensive, flexible standard to build cyber resilience at realistic cost.
  • Assurance value: demonstrates a broad set of cyber security and data protection controls.
  • Levels: Level One Verified Assessment and Level Two Audited; Level One must be passed before Level Two.
  • Path note: in many UK contexts Cyber Essentials is expected first; outside the UK, Cyber Baseline can be the prerequisite route.
ISO 27001: top-tier strategic route
  • Purpose: full ISMS framework with strategic governance and continual improvement.
  • Best for: businesses requiring international-standard top-tier assurance positioning.
  • Why choose it: strongest option when enterprise clients expect formal management-system maturity.
  • Service page: ISO 27001 Support.

Cyber Assurance Levels and Business Size

IASME Cyber Assurance is designed for all business sizes, and assessment depth is tailored by business size to reduce unnecessary compliance burden.

Assessment Levels
  • Level One: Verified Assessment
  • Level Two: Audited (requires passed Level One first)
Business Size Bands Used for Tailoring
  • Sole trader / two-person partnership: 1 to 2 people
  • Micro business: 3 to 9 people
  • Small business: 10 to 49 people
  • Medium / large business: 50+ people

Pathway Decision Tool

Answer these questions for a recommendation based on assurance depth, procurement pressure, control maturity, and delivery window.

Question 1 of 4

What level of external assurance is required by your clients?

Delivery Phases

1. ScopeAsset boundary, user model, exclusions, target certification.
2. GapControl walkthrough, policy review, remediation priorities.
3. EvidenceCompile evidence pack and technical artefacts.
4. SubmitSubmission support and assessor query management.
5. MaintainRenewal planning and continuous control upkeep.

Contact

Call for immediate triage and certification route planning.

01484 940950

Selected Certification: None

    You can put your trust in our team

    You can put your trust in us, as we’ve worked hard to build a solid reputation helping clients like you achieve their business goals. Working across a wide range of business sectors, we collaborate with you to ensure a great outcome for everyone.

    100% Guarantee Accreditation

    We guarantee*
    we will get you through the certification/accreditation process or we will refund 100% of all monies paid to Synergos Consultancy.

    *subject to our terms and conditions

    ISO 9001
    Quality

    ISO 9001 sets the standard for Quality Management Systems

    ISO 14001
    Environmental

    ISO 14001 sets the standard for Environmental Management Systems

    ISO 45001
    Health & Safety

    ISO 45001 sets the standard for Health and Safety Management Systems

    ISO 27001
    Information Security

    ISO 27001 sets the standard for Information Security Management Systems

    ISO 22301
    Business Continuity

    ISO 22301 sets the standard for Business Continuity Management Systems

    ISO 20000
    IT Service

    ISO 20000 sets the standard for Service Management Systems

    ISO 15189
    Medical Laboratories

    ISO 15189 sets the standard for Medical Laboratories Management Systems

    Subscribe to our newsletter

    Sign up to receive updates, promotions, and sneak peaks of upcoming products. Plus 20% off your next order.

    Promotion nulla vitae elit libero a pharetra augue
    Subscribe to our newsletter

    Sign up to receive updates, promotions, and sneak peaks of upcoming products. Plus 20% off your next order.

    Promotion nulla vitae elit libero a pharetra augue
    Subscribe to our newsletter

    Sign up to receive updates, promotions, and sneak peaks of upcoming products. Plus 20% off your next order.

    Promotion nulla vitae elit libero a pharetra augue