Skip content

LRQA are an accredited Civil Aviation Authority ASSURE Cyber Supplier 

The Civil Aviation Authority (CAA) created the accredited third-party cyber security audit scheme (ASSURE), developed in partnership with CREST that provides rigorous and continuous audits for the aviation sector.

The key objective of this scheme is to enable the aviation industry to manage cyber security risks without compromising aviation safety, security or operational resilience. Our experts deliver a complete range of services for organisations within the aviation industry to undertake an ASSURE Cyber Audit against the Cyber Assessment Framework (CAF).

 

Civil aviation authority

ASSURE Cyber Security Scheme process

 

The Cyber security Oversight Process for Aviation is covered in CAP 1753 and consists of the six key steps outlined below:
1. Engagement
2. Critical systems scoping
3. Cyber self-assessment for aviation
4. ASSURE Cyber Audit
5. Provisional Statement of Assurance; and
6. Final Statement of Assurance and Letter of Compliance

The CAA Cyber Oversight team will assess the applicability of each step with you during the initial engagement phase and each step will be discussed, agreed and determined. The CAA will base this discussion on several factors including the assessment of cyber security risk, your organisation’s complexity and any regulatory requirements that apply. 

If deemed applicable by the CAA, you will need to procure cyber audit services from an accredited ASSURE Cyber Supplier such as LRQA. Your organisation will be required to make the following available:
•    Completed Critical Systems Scoping Template;
•    Completed Critical system scoping diagrams;
•    Completed CAF for Aviation for all in-scope systems; and
•    All necessary supporting evidence.

Following the self-assessed ASSURE Cyber Audit, our ASSURE Cyber Professionals will review and evaluate the ASSURE-specific areas of the CAF for Aviation and issue an ASSURE Audit Report to you detailing:
•    A validated opinion of ‘achieved’, ‘partially achieved’ or ‘not achieved’ with associated commentary against each CAF for Aviation contributing outcome.
•    Recommendations where ‘partially achieved’ or ‘not achieved’ contributing outcomes have been identified. You may use this to update your Corrective Action Plan section of the CAF for Aviation.


At LRQA, we have a complete range of accredited ASSURE Cyber Professionals across the three specialism areas.  As well as being an accredited ASSURE Cyber Supplier, we have extensive experience working in the aviation industry on cyber security assessments and audits, threat hunting and penetration testing exercises as well as PCI DSS engagements. 

We can also provide proactive, actionable guidance and advice on the technical aspects of IT/OT systems as well as researching legacy or niche elements and developing capability and organisational cyber strategy.

 

 

  Award-winning expertise

Our cyber security team continues to achieve multiple vendor certifications, highly respected industry accreditations and international accolades, demonstrating the breadth, depth and impact of their services.  

Why work with us?

Specialist expertise

Our cyber security experts hold multiple vendor certifications and accreditations as well as highly respected industry accreditations from CREST, the PCI SSC, ISC2, BCI, Chartered Institute of IT, and NCSC CHECK.

Industry leadership

We lead and shape industry on advisory boards and councils including the PCI SSC Global Executive Assessor Roundtable and CREST councils in the Americas, Asia, EMEA and the UK. We are certified by a range of governing bodies including the payment card industry and are approved as a Qualified Security Assessor.

Everywhere you are

Operating in over 55 countries, with more than 250 dedicated cyber security specialists and over 300 highly qualified information security auditors across the world, we can provide a local service with a globally consistent dedication to excellence.

Image of two cyber security experts chatting in an office

Award winners

We have been recognised for the breadth and depth of our services – including the TEISS Award for Best Penetration Testing Service in 2024, Enterprise Threat Detection and Cloud Security awards at the Security Excellence Awards 2024 and the Stratus Award for Best Managed Cloud Security Service.

Image of LRQA cyber security team winning at the teiss 2024 awards

The world leader in CREST accreditations

We are proud to be the only organisation in the world with a full suite of accreditations from The Council of Registered Ethical Security Testers (CREST).

Our team of consultants have achieved the highest accreditations for Penetration Testing, Red Teaming, Incident Response services and Threat Intelligence. In addition, we were also the first organisation to be CREST accredited for our Security Operation Centre services.

 

 

 

 

 

 

 

 

 

Latest news, insights and upcoming events