The IASME standard, based on international best practice, is risk-based and includes aspects such as physical security, staff awareness, and data backup. The IASME standard was recently recognised as the best cyber security standard for small companies by the UK Government when in consultation with trade associations and industry groups. The audited IASME certification is also seen as showing compliance to ISO27001 by an increasing number of companies.
The IASME standard was developed over several years during a Technology Strategy Board funded project to create an achievable cyber security standard for small companies. The international standard, ISO27001, is comprehensive but extremely challenging for a small company to achieve and maintain. The IASME standard is written along the same lines as the ISO27001 but specifically for small companies. The gold standard of IASME demonstrates baseline compliance with the international standard
The IASME standard has a number of business benefits including: -
- Realistic cost and investment
- Demonstrates to customers, suppliers and other stakeholders the level of cyber security maintained by the business or organisation
- Establishes an on-going cyber security management approach
- Provides owners and senior management with reassurance that security are in place and are being maintained
- Helps to develop wide staff awareness and a strong security culture
The process is best started by adopting the Cyber Essentials standard and then developing the further policies and processes that IASME requires. The journey can be standard quickly and easily and does not need to be either a financial or time drain on the business.