Bridewell Consulting, an independent cyber security and data privacy consultancy, has been named one of the first organisations to be awarded accreditation on the Civil Aviation Authority’s (CAA) new ASSURE scheme.
Copyright Shutterstock

The company is one of only seven firms to receive accreditation on the scheme, which aims to protect the UK aviation industry against the growing cyber threat. 
Developed in partnership with CREST, the not-for-profit accreditation and certification body for the technical security industry, the ASSURE scheme has been introduced to support the CAA’s Cyber Security Oversight strategy. The strategy seeks to enable the aviation industry, including airlines, airports and air navigation service providers, to manage all their cyber security risks without compromising aviation security or resilience, and supports the UK government’s National Cyber Security Strategy.
Where stipulated by the CAA, aviation organisations will be required to complete a self-assessment against the Cyber Assessment Framework (CAF) for aviation, which provides a baseline of their security control effectiveness and identifies any necessary improvements. As an accredited ASSURE Cyber Supplier, Bridewell Consulting can be engaged to audit an organisation’s CAF on behalf of the CAA.
Scott Nicholson, Delivery Director at Bridewell Consulting said: “We’re thrilled to be one of the first companies to gain ASSURE accreditation. It’s a great validation of our expertise across cyber and information security risk, as well as our technical expertise and experience within industrial control systems, operational technology environments and the aviation industry.
“By supporting organisations in assessing, implementing and leading transformational projects, we enable clients to improve their security posture and defences and achieve industry certifications such as ISO27001. Through the ASSURE Framework we can continue to use our deep technical expertise to effectively assess aviation organisations and help put in place plans to improve cyber security, whilst understanding their technology and operating context.”