ASSURE

ASSURE is an accredited third-party cyber security audit model. ‘Third parties’ refers to ASSURE Cyber Suppliers that are subject to a rigorous and continuous accreditation process under the ASSURE framework.

The ASSURE scheme supports the CAA’s approach to oversight of cyber security regulations, including the security of Network and Information Systems (NIS) regulations that apply to Operators of Essential Services (OES).

Where stipulated by the CAA, aviation organisations that are required to complete a self-assessment of their management of cyber security will need to procure an ASSURE Cyber Audit from an accredited ASSURE Cyber Supplier.

ASSURE Cyber Professionals are each accredited in one or more, of the following three specialisms (all specialisms must be present for an ASSURE Cyber Audit):

•   Cyber Audit & Risk Management;
•   Technical Cyber Security Expert; and/or
•   Industrial Control Systems/Operational Technology Expert.


How to become an ASSURE Provider

To become an accredited ASSURE Cyber Supplier, an organisation must already be accredited to the CREST penetration testing discipline.  Companies can then submit an application for ASSURE accreditation via the CREST membership portal which will be reviewed by CREST and CAA before CAA make the final decision which will be communicated through the ASSURE platform.

Further Information

Further details of ASSURE Cyber Professional and ASSURE Cyber Supplier requirements can be found here.