CAA ASSURE Cyber Security Audit
Providing the complete end-to-end cyber security audit journey for aviation organisations
LRQA are an accredited Civil Aviation Authority ASSURE Cyber Supplier
The Civil Aviation Authority (CAA) created the accredited third-party cyber security audit scheme (ASSURE), developed in partnership with CREST that provides rigorous and continuous audits for the aviation sector.
The key objective of this scheme is to enable the aviation industry to manage cyber security risks without compromising aviation safety, security or operational resilience. Our experts deliver a complete range of services for organisations within the aviation industry to undertake an ASSURE Cyber Audit against the Cyber Assessment Framework (CAF).
ASSURE Cyber Security Scheme process
The Cyber security Oversight Process for Aviation is covered in CAP 1753 and consists of the six key steps outlined below:
1. Engagement
2. Critical systems scoping
3. Cyber self-assessment for aviation
4. ASSURE Cyber Audit
5. Provisional Statement of Assurance; and
6. Final Statement of Assurance and Letter of Compliance
The CAA Cyber Oversight team will assess the applicability of each step with you during the initial engagement phase and each step will be discussed, agreed and determined. The CAA will base this discussion on several factors including the assessment of cyber security risk, your organisation’s complexity and any regulatory requirements that apply.
If deemed applicable by the CAA, you will need to procure cyber audit services from an accredited ASSURE Cyber Supplier such as LRQA. Your organisation will be required to make the following available:
• Completed Critical Systems Scoping Template;
• Completed Critical system scoping diagrams;
• Completed CAF for Aviation for all in-scope systems; and
• All necessary supporting evidence.
Following the self-assessed ASSURE Cyber Audit, our ASSURE Cyber Professionals will review and evaluate the ASSURE-specific areas of the CAF for Aviation and issue an ASSURE Audit Report to you detailing:
• A validated opinion of ‘achieved’, ‘partially achieved’ or ‘not achieved’ with associated commentary against each CAF for Aviation contributing outcome.
• Recommendations where ‘partially achieved’ or ‘not achieved’ contributing outcomes have been identified. You may use this to update your Corrective Action Plan section of the CAF for Aviation.
At LRQA, we have a complete range of accredited ASSURE Cyber Professionals across the three specialism areas. As well as being an accredited ASSURE Cyber Supplier, we have extensive experience working in the aviation industry on cyber security assessments and audits, threat hunting and penetration testing exercises as well as PCI DSS engagements.
We can also provide proactive, actionable guidance and advice on the technical aspects of IT/OT systems as well as researching legacy or niche elements and developing capability and organisational cyber strategy.
Why work with us?
Specialist expertise
Our cybersecurity experts hold multiple vendor certifications and accreditations as well as highly respected industry accreditations from CREST, the PCI SSC, ISC2, BCI, Chartered Institute of IT, and NCSC CHECK.
Industry leadership
We lead and shape industry on advisory boards and councils including the PCI SSC Global Executive Assessor Roundtable and CREST councils in the Americas, Asia, EMEA and the UK. We are certified by a range of governing bodies including the payment card industry and are approved as a Qualified Security Assessor.
Everywhere you are
Operating in over 55 countries, with more than 250 dedicated cyber security specialists and over 300 highly qualified information security auditors across the world, we can provide a local service with a globally consistent dedication to excellence.
Award winners
We have been recognized for the breadth and depth of our services – including the TEISS Award for Best Penetration Testing Service in 2024, Enterprise Threat Detection and Cloud Security awards at the Security Excellence Awards 2024 and the Stratus Award for Best Managed Cloud Security Service.
Our expertise
At LRQA, we have a complete range of accredited ASSURE Cyber Professionals across the three specialism areas. As well as being an accredited ASSURE Cyber Supplier, we have extensive experience working in the aviation industry on cyber security assessments and audits, threat hunting and penetration testing exercises as well as PCI DSS engagements.
We can also provide proactive, actionable guidance and advice on the technical aspects of IT/OT systems as well as researching legacy or niche elements and developing capability and organisational cyber strategy.
Award-winning expertise
Our cyber security team continues to achieve multiple vendor certifications, highly respected industry accreditations and international accolades, demonstrating the breadth, depth and impact of their services.
The world leader in CREST accreditations
We are proud to be the only organization in the world with a full suite of accreditations from The Council of Registered Ethical Security Testers (CREST).
Our team of consultants have achieved the highest accreditations for Penetration Testing, Red Teaming, Incident Response services and Threat Intelligence. In addition, we were also the first organization to be CREST accredited for our Security Operation Centre services.