Cyber Essentials and CE Plus
Certified directly by us. The entry ticket for OEM, prime and public-sector contracts, with the audited tier when a buyer demands it.
For most manufacturers the pressure does not come from a regulator. It comes from your customers. Win and keep contracts with OEMs, primes and the public sector and you have to prove your cyber security. We get manufacturers certified and keep the production line out of the headlines. From an IASME Certification Body operating since 2014.
Prefer email? hello@layer7.uk
Manufacturing rarely faces a single legal mandate. The pressure is commercial: OEMs, primes and large buyers push security requirements down their supply chains and make certification a condition of being awarded, or keeping, the work. Cyber Essentials is the usual entry ticket, and Cyber Essentials Plus is what the more demanding buyers ask for.
Bid for public-sector work and Cyber Essentials is often a pass-or-fail requirement under government procurement rules. Supply a global automotive OEM and you may meet TISAX, the automotive sector's information-security assessment. Sit in an aerospace or defence supply chain and you may meet JOSCAR and the MOD's Def Stan 05-138. The thread through all of them is the same baseline of technical controls.
As production networks connect to corporate IT, the risk moves onto the factory floor. IT and OT convergence widens the attack surface and lets an attacker move from the office into production. Manufacturing is one of the most targeted sectors for ransomware.
When a customer wants more than Cyber Essentials, IASME Cyber Assurance is the proportionate next step: a governance-led standard built on Cyber Essentials, with a verified and an audited level, and a lighter route than full ISO 27001.
Certified directly by us. The entry ticket for OEM, prime and public-sector contracts, with the audited tier when a buyer demands it.
Know what you expose before a customer asks, and flow your own requirements down to your suppliers.
We help you separate the factory floor from corporate IT and reduce the risk that a breach in the office reaches production.
A clear path to IASME Cyber Assurance when a customer wants more, mapped to your size and risk.
CREST and Cyber Scheme qualified testing of the systems your customers and auditors scrutinise.
Manufacturing is among the most targeted sectors for ransomware. We pressure-test your backups, segregation and recovery so an attack does not stop the line.
We have certified UK organisations since 2014 and work with regulated and supply-chain-driven clients. We prioritise by real risk, help you close the gaps, and give you certification evidence that unblocks contracts, without disrupting production. Certification, testing and assurance under one roof, so you deal with one team from baseline to audited.
The North East is one of the UK's strongest manufacturing regions: a major automotive base around Sunderland and its supply chain, rail manufacturing in County Durham, and one of the country's largest process and chemical clusters on Teesside. It is exactly the kind of certification-hungry, supply-chain-driven base we are built to serve, on our home turf.
Usually because a customer requires it. OEMs, primes and public-sector buyers push security requirements down their supply chains and make Cyber Essentials, or Cyber Essentials Plus, a condition of winning or keeping contracts. It is the entry ticket to staying in the supply chain.
General manufacturing is not regulated as an operator of essential services under the NIS Regulations. The real pressure is commercial: customer and supply-chain requirements, and procurement rules when you bid for public-sector work.
Yes, we can help you prepare. TISAX is the automotive sector's information-security assessment, based on ISO 27001 with automotive additions. The assessment itself is carried out by accredited audit providers; we get your controls and evidence ready and certify the Cyber Essentials baseline beneath it.
IASME Cyber Assurance is a governance-led standard built on Cyber Essentials, with a verified level and an independently audited level. It is the proportionate step up when a customer wants more than Cyber Essentials but you are not ready for full ISO 27001.
Yes. As production networks connect to corporate IT, the factory floor becomes part of your attack surface. We help you separate the two and reduce the risk that a breach in the office reaches production.
Yes. We are North East based, in the heart of the region's automotive, rail and process-manufacturing base, and we certify across the region and the wider UK.
Prefer email? hello@layer7.uk