...
Have good cyber security and can keep client data secure (security requirements)
Are committed to achieving an excellent and consistent client experience by using a quality management system (quality requirements)
Meet, and maintain compliance with, the NCSC CIE Technical Standard.
Assured Service Provider Security requirements
1. All Assured Service Providers must provide independently verified evidence that they have achieved and maintain Cyber Essentials.
2. The Assured Service Provider must also:Achieve and maintain independently verified ISO 27001 certification,
...
or
Achieve and maintain audited IASME Cyber Assurance Level 2 certification
The scope of all these certifications must cover all areas of the business that will be involved in Incident Exercising activities or that will hold data that relates to these activities. ISO 27001 certification must be attained through a UKAS Accredited Certification Body or an International Accreditation Forum (IAF) recognised equivalent.
...