The IASME Governance Standard is risk-based and provides a highly credible security management standard for your business.
The IASME Governance standard was developed over several years to be an appropriate and cost-effective alternative for small and medium sized businesses who want to demonstrate their commitment to cyber security, without the expense and complexity of the ISO 27001 certification.
The IASME Governance standard allows SMEs to demonstrate their level of cyber security for a realistic cost, indicating that they are taking sufficient measures to protect their customers information. It is recognised as the best cyber security standard for SMEs and is becoming a mandatory requirement for UK Government, Welsh Government, NHS Wales and supply chains for companies supplying certain products and services. The assessment includes a Cyber Essentials assessment and GDPR requirements and is available either as a self-assessment or on-site audit.
IASME includes all five of the Cyber Essentials technical topics and adds additional topics that mostly relate to people and processes within your business, which include:
If you are a direct supplier to the government or part of a government supply chain, Cyber Essentials is a mandatory requirement. However, the IASME Governance standard includes Cyber Essentials and allows you to demonstrate a more rigorous security posture.
By achieving IASME certification, your organisation is achieving IASME’s highest level of certification and will set your business apart from the competition. It also provides assurance to customers and suppliers that your organisation’s security has been audited by a skilled, independent third-party.
To achieve the IASME Governance standard, you must first pass the IASME Governance self-assessment, which includes Cyber Essentials certification.
The next stage involves an in-depth security assessment by Cyfor Secure, who are an IASME Certification Body. Once the audit has been completed, the Cyfor Secure will provide you with a written report and a recommendation of a pass or fail, which will then be confirmed by IASME.
If your organisation passes the assessment, you will be awarded a certificate and be authorised to display the IASME Governance logo on your website and associated marketing materials.