Cyber Trust
Cyber Trust brand background

International cyber hygiene certification

Prove your cyber hygiene to global customers — without heavy standards.

IASME Cyber Baseline is an international cyber hygiene certification for organisations based outside the UK. It shows you have the basic but critical security measures in place for customers, partners and supply chains.

  • Recognised, light-touch certification for basic cyber hygiene.
  • Aligns with international cyber hygiene baselines.
  • Easier than full governance standards such as ISO 27001.
  • Helps you answer customer and supply-chain security checks.

Short enquiry form. We confirm if Cyber Baseline is right for you and outline next steps and pricing.

Cyber Trust team discussing a client's cyber hygiene

IASME Certification Body

Work with an assessor who turns IASME requirements into plain English and practical steps.

Official IASME Cyber Baseline certification

IASME Cyber Baseline badgeIASME logo

In plain English

What IASME Cyber Baseline actually is.

Think of it as an internationally-recognised “basic cyber hygiene” badge for organisations based outside the UK.

IASME Cyber Baseline is an international cyber hygiene scheme for organisations based outside the UK. It focuses on the essential security measures that stop the bulk of common, automated attacks from the internet.

The assessment checks that you have sensible technical controls and simple management practices in place – things like secure configuration, access control, malware protection and basic backup habits. The aim isn't to turn you into a security expert; it's to make sure the basics are covered, documented and evidenced.

Behind the scenes, Cyber Baseline is mapped against several international best-practice baselines and frameworks. Many of those frameworks had no simple way to prove you complied with them; Cyber Baseline fills that gap with a straightforward, certifiable standard.

At a glance

A simple, auditable way to say "we've sorted the basics".

Scope: non-UK organisations who need proof of basic cyber hygiene for customers and supply chains.

Checks: core controls such as configuration, patching, access, malware protection and backups.

Effort: lighter than ISO style standards – designed to be achievable for growing teams.

Outcome: an independent, IASME-backed certificate you can reuse with multiple customers.

Perfect when questionnaires keep asking "what basic security do you have in place?" and you need something concrete to point to.

Who it's designed for

Who IASME Cyber Baseline is designed for.

Cyber Baseline is deliberately shaped for organisations that need credible proof of basic cyber hygiene without jumping straight into heavy-weight, governance-led standards.

This is for you if…

You want a practical, internationally-recognised hygiene badge you can put in front of customers and supply chains.

You're based outside the UK.

Cyber Baseline is specifically aimed at non-UK organisations that still need to show they take cyber hygiene seriously.

Customers or partners want proof.

You're seeing more security questionnaires and supplier due diligence requests that ask what basics you have in place.

You want something lighter than ISO.

You're not ready for full ISO 27001 yet, but you do want a structured, certifiable starting point.

You must reassure global supply chains.

Procurement teams and larger customers want to see that basic controls are in place and independently checked.

Typical examples: international SaaS providers, professional services firms, manufacturers and distributors with non-UK headquarters who sell into security-conscious markets.

If you're in the UK…

We'll usually talk to you first about Cyber Essentials as your starting point.

For UK-based organisations, IASME and the UK government position Cyber Essentials as the recommended minimum level of cyber security certification.

If you're headquartered in the UK and ask us about Cyber Baseline, we'll usually discuss whether Cyber Essentials (and potentially Cyber Essentials Plus) is a better fit – and then explain how IASME Cyber Assurance could follow later.

Operating in multiple countries?

If you operate globally with both UK and non-UK entities, we can help you decide where Cyber Essentials and Cyber Baseline each make sense – so you don't duplicate effort.

UK HQ → Cyber Essentials firstNon-UK HQ → Cyber Baseline

A practical step between nothing and heavy-weight standards.

Many international organisations already have some cyber security tools and policies in place, but nothing they can easily show to customers as proof. Security questionnaires become a time-sink and every new customer wants a different answer.

IASME Cyber Baseline gives you a standardised, auditable way to say "we've sorted the basics". It's more concrete than a slide deck of policies, but much lighter than a full ISO 27001 implementation or complex governance framework.

Once certified, you can reuse the same evidence with multiple customers and, if you later move towards IASME Cyber Assurance or other risk-based standards, Cyber Baseline gives you a solid, recognised foundation.

Easier questionnaires

Answer security questionnaires faster by pointing to a recognised baseline certification.

Reassures procurement

Helps risk and procurement teams see that essential controls are independently checked.

Stepping stone to Cyber Assurance

Use Cyber Baseline as a practical first step before moving to IASME Cyber Assurance.

Signals commitment

Shows customers you take cyber hygiene seriously without huge cost or overhead.

Where Cyber Baseline fits in.

IASME offers several schemes at different levels of depth. Cyber Baseline focuses on international cyber hygiene for non-UK organisations. Cyber Essentials is the recommended minimum standard for UK organisations. IASME Cyber Assurance goes further into risk, governance and supporting policies.

IASME Cyber Baseline

International hygiene

  • For organisations based outside the UK.
  • Checks basic technical and organisational cyber controls are in place.
  • Good fit when customers want proof of basic cyber hygiene, but you don't need a full governance framework yet.

Cyber Essentials

UK minimum baseline

  • Recommended minimum certification for organisations based in the UK.
  • Focuses on five key technical controls to cut out the majority of common attacks.
  • Often required for UK public-sector work and many private sector supply chains.

IASME Cyber Assurance

Deeper risk & governance

  • Risk-based, policy-driven standard covering governance, processes and technical controls.
  • Suitable when customers expect a more comprehensive management-system style approach.
  • Cyber Baseline can be used as a step towards Cyber Assurance for non-UK organisations.

In short: UK organisations normally start with Cyber Essentials. Non-UK organisations looking for a sensible first certification for basic cyber hygiene should look at IASME Cyber Baseline.

Need a simple way to prove basic cyber hygiene?

Tell us about your organisation and we'll help you decide if IASME Cyber Baseline is the right first step or whether Cyber Essentials / Cyber Assurance would be a better fit.

We'll review your situation and recommend the most suitable certification – whether that's Cyber Baseline, Cyber Essentials or IASME Cyber Assurance.