The IASME Assessor Course

The IASME Assessor Course

The IASME Assessor Course is for companies who wish to become a Certifying Body and issue Cyber Essentials and IASME governance certification, including GDPR readiness, to clients. This course includes the one day, GCHQ Certified Training course, Assessing GDPR as part of IASME Governance.

IASME requires that anyone who applies to become an IASME assessor to offer Cyber Essentials, Cyber Essentials Plus and/or IASME Governance assessment to clients must meet a certain level of skill and experience.

This is usually demonstrated by meeting both of the following requirements:

  • Have at least 3 years’ experience in information technology or cyber security
  • Hold at least one of the following qualifications or memberships:
    • ISC2 Certified Information Systems Security Professional (CISSP)
    • ISACA Certified Information Security Manager (CISM)
    • ISO27001 Lead Auditor
    • Certified Professional (CCP) scheme – either SIRA, IA Auditor or IA Architect roles at any level
    • Full member of Institute of Information Security Professionals (IISP)

Course Structure

The course consists of the following steps:

  • Two-day classroom-based training at the National Cyber Skills Centre in Malvern, Worcestershire.
  • Follow up activity –
    • Self-assessment of your own organisation to IASME and Cyber Essentials standards
    • Pairing up with another trainee to carry out a mutual audit of each other’s organisations to the IASME Gold standard. This requires you to visit your partner company to complete the audit at your own cost, which typically requires a day for the visit and some time back at the office to write up your report

Day 1

  • Review of the IASME governance and Cyber Essentials standards
  • Learning about the processes used, the costs and the skills required to assess clients
  • Review of tools and templates provided, including the Pervade system.
  • Hands-on experience of marking self-assessments and auditing to the IASME audited standard

Day 2

  • Training on GDPR* (General Data Protection Regulation) and how it relates to the IASME standard.
  • Course Exam

*If you are a GDPR practitioner, you do not need to attend the GDPR day of the    course, and the cost will be £1000.

Following successful completion of the course, achievement of the certifications and mutual governance audit, you will be authorised to become a Certifying Body and offered a contract to carry out assessments on behalf of the IASME Consortium. Additional costs are playable at this point – please ask us for more information.

Location and Costs

We currently run the classroom training once a month at the National Cyber Skills Centre in Malvern, Worcestershire. Contact us to reserve a place. Each course costs £1,500 + VAT per delegate. This price covers the costs of all steps detailed above, including the embedded GDPR course but excluding travel and accommodation costs and the time required to audit your partner company.

Cost includes

  • Two Day training
  • Cyber Essentials assessment
  • IASME governance assessment including GDPR
  • IASME governance audit.
  • Cyber Insurance for SMEs who certify whole company if Cyber Essentials is achieved

There are further costs following completion of the course and an annual payment required in order to be a Certifying Body. Details can be found here.

If you want to become a Certification Body, then at least one member of your company must attend The IASME Assessor Course. At a later date, and once your company has become a Certification body, you may wish to train further members of your company.