...
Assured Service Provider Security requirements
All Assured Service Providers must provide independently verified evidence that they have achieved and maintain Cyber Essentials.
The Assured Service Provider must also
:
Achieve and maintain independently verified ISO 27001 certification,
...
The scope of all these certifications must cover all areas of the business that will be involved in Incident Exercising activities or that will hold data that relates to these activities. ISO 27001 certification must be attained through a UKAS Accredited Certification Body or an International Accreditation Forum (IAF) recognised equivalent.
Assured Service Provider Quality Requirements
All Assured Service Providers must commit to achieving and maintaining a good quality management system.
...
ISO9001 certification must be through a UKAS Accredited Certification Body; or; an International Accreditation Forum (IAF) recognised equivalent.
NCSC CIE Technical Standard
Assured Service Providers will be assessed against the requirements in the Technical Standard the Assured Service Provider evaluation process, which is detailed in separate documentation.
...