Malvern cyber organisation to partner with Civil Aviation Authority to deliver security audit

BCS cyber security trends

IASME, the Malvern based cyber security organisation which works alongside a network of more 250 UK certification bodies to help certify organisations of all sizes in cyber security and counter fraud, is to partner with the Civil Aviation Authority to deliver a security audit.

The ASSURE scheme, launched in January 2020, is the Civil Aviation Authority’s third-party cyber security audit model. Aviation organisations such as UK airports, air carriers and air navigation service providers in scope of the Civil Aviation Authority’s Cyber Security Oversight Process are required to complete an ASSURE Cyber Audit. The ASSURE Scheme provides the aviation industry with a mechanism to manage their cyber security risks without compromising aviation safety, security or resilience whilst ensuring compliance with applicable regulations.

The ASSURE Scheme was originally developed in partnership with CREST and from today it will also be delivered by the IASME Consortium. This aims to provide aviation organisations a greater choice of ASSURE Cyber Suppliers and accredited ASSURE Cyber Professionals. It is IASME’s intention to champion the interests of the smaller airports and promote compliance and security for every organisation no matter its size.

The ASSURE Scheme is a scalable and responsive model which provides aviation organisations with a level of assurance in their choice of skilled ASSURE Cyber Suppliers and a structure for how audits should be conducted. It utilises commercial suppliers, many of whom are well known to the aviation sector, bringing current knowledge and a wealth of experience to deliver independent validation.

Boards and owners of aviation organisations will value the independent assurance offered by a cyber security audit which provides an accurate representation of their organisation’s cyber risk posture at a point in time. The ASSURE Cyber Audit helps organisations meet their regulatory requirements and communicate key cyber security issues to their Boards.