Introduction
Due to the proven effectiveness of the Cyber Essentials controls, the scheme continues to grow. Almost 50,000 certificates were issued between March 2024 and April 2025. But who issues these certificates, and what happens when organisations need support implementing the controls?
This is where IASME Assessors and NCSC Cyber Advisors come into play. In this article, we explore the key differences between a Cyber Advisor and an Assessor to help inform organisations seeking support from these trusted professionals.
Cyber Advisor
The National Cyber Security Centre (NCSC) is the technical authority for the Cyber Essentials scheme and defines the certification requirements. In April 2023, the NCSC introduced Cyber Advisors—individuals proven to provide tailored advice to organisations.
Cyber Advisors are employed by NCSC Assured Service Providers, meaning both the individuals and their organisations are vetted to NCSC standards. There are currently around 100 Cyber Advisors in the UK.
Key elements of a Cyber Advisor role can include:
- Trusted Advice: Cyber Advisors offer expert guidance on the implementation of Cyber Essentials’ five technical controls. They help organisations understand the requirements and provide advice tailored to their specific environments
- Consultancy: Without Jargon – Advisors are required to offer practical, jargon-free advice, using strong communication skills to ensure that technical recommendations are easy to understand
- Support for SMEs: While Cyber Essentials applies to organisations of all sizes, the Cyber Advisor programme focuses particularly on small and medium-sized businesses (SMEs)
- NCSC Assurance: Cyber Advisors are vetted to NCSC standards, providing assurance to organisations that they are receiving trusted and professional support
- Customer Satisfaction: Feedback has been overwhelmingly positive. A recent customer satisfaction survey found that 100% of respondents rated Cyber Advisor services as ‘excellent’ or ‘very good’
Assessor
IASME are the official delivery partner for the Cyber Essentials scheme. They manage the assessment and certification process via a network of around 950 Assessors across the UK.
Assessors are employed by Certification Bodies, who issue Cyber Essentials certificates after conducting appropriate assessments.
Key elements of an Assessor role can include:
- Conducting Assessments: Assessors evaluate whether an organisation meets Cyber Essentials requirements. For Cyber Essentials (Level One), this involves reviewing documentation. For Cyber Essentials Plus (Level Two), this includes a detailed technical audit.
- Independent Validation: Assessors provide independent verification of compliance. They must be appropriately qualified for the level they are assessing—either Level One or Level Two.
- Broad Scope: Assessors work with organisations of all sizes. At Level One, they assess a completed questionnaire. At Level Two, they carry out a technical review of end-user devices, servers, networks, and cloud services.
- Technical Expertise: Assessors must have technical expertise and certifications. They are trained to conduct thorough evaluations to ensure full compliance with Cyber Essentials.
- Certification Bodies: Assessors operate under Certification Bodies, organisations audited to meet strict standards for security, compliance, and quality.
How We Help
At RB Consultancy Ltd, we support organisations with the implementation and certification of Cyber Essentials and Cyber Essentials Plus.
- NCSC Cyber Advisor Certified – We’re proven to help organisations understand and implement controls without jargon.
- NCSC Assured Service Provider – Our organisation meets the NCSC’s required standards.
- IASME Assessor for Cyber Essentials and Cyber Essentials Plus – We’re qualified to assess both levels of the scheme.
- Certification Body – We issue certificates to organisations that meet the required Cyber Essentials standards.
RB Consultancy Ltd are proud to hold all these qualifications and more. We’re the first NCSC Assured Service Provider with Cyber Advisor status in our region. If you would like more information, please make contact.
Conclusion – the difference between a Cyber Advisor and Assessor
Cyber Advisors and Assessors both play a vital role in enhancing the cybersecurity resilience of organisations. Cyber Advisors provide guidance and practical support to help organisations implement cyber security measures. Assessors ensure that these measures are correctly implemented and provide independent validation through the certification process.
Understanding the roles of Cyber Advisors and IASME Assessors can help organisations make informed decisions about the type of support they need. Whether seeking practical advice or aiming for certification, organisations can choose which skill set and expertise they might require to guide them through the process.
By leveraging the expertise of RB Consultancy Ltd, organisations are able to benefit from both Cyber Advisor and Assessor expertise, resulting in trusted implementation advice and cost-effective certification support – contact us for information and support.
Written by Remo Belisari, Managing Director of RB Consultancy Ltd, an experienced cyber security professional and cyber advisor. Remo holds certifications relating to CISSP, ISSAP, ISO 27001, Cyber Essentials, IASME Cyber Assurance, and has many years experience in IT and cyber security. Remo has a history of supporting organisations from over the world – including a Fortune 500 in USA and over 100 organisations across the UK. The views expressed in this blog are those of the author and do not necessarily reflect the views of RB Consultancy Ltd, its clients, partners, or affiliated organisations. The content is intended for general information only.