Background

The IASME Governance standard was developed over several years during a government funded project to create a cyber security standard which would be an affordable and achievable alternative to the international standard, ISO 27001.

 

The IASME Governance standard allows the small companies in a supply chain to demonstrate their level of cyber security for a realistic cost and indicates that they are taking good steps to properly protect their customers’ information. The IASME Governance assessment includes a Cyber Essentials assessment and GDPR requirements and is available either as a self assessment or on-site audit.

​

The Standard is governed by a document issued by the IASME Consortium. The Standard is available for download. 

​

​

​

​

​

​

​

Benefits

The requirements of the Standard require an organisation to fully understand the information that is safeguarded and processed, and to develop policies and processes to ensure that the information is secure. 

​

The benefits of such an approach include the following: -

• Clear understanding of the information used by the organisation.

• Identification of the risks to organisational information.

• Development of adequate barriers or controls to reduce the likelihood or impact of unwanted scenarios.

• Management and maintenance of the information risks to an acceptable level.

• Use of a structured self-assessment for the completeness of how to protect organisational information.

• Proactively verify that the security controls that implemented provide the appropriate and intended level of information and cyber security.

• Increased awareness of information risks in organisations and the wider supply chain of which the organisation may be part of.

• Provides the organisation, customers/clients, and the supply chain, a level of assurance akin to ISO/IEC 27001 and similar standards.

• Online questions also include GDPR and Data Protection questions.

​

The IASME Governance standard provides an independent review by an assessor completed with an understanding of the organisation size and risk, and aimed at verifying the effectiveness of policies and processes in use. 

​

Interaction with Cyber Essentials

Cyber Essentials forms a key element of the IASME standard and covers the configuration of organisational infrastructure. The self-certification process includes both Cyber Essentials and IASME related questions.

​

How to gain IASME

The IASME certification is achieved by self-certifying compliance via an online portal submission. The requirements are set out in  preparation document available for download.

​

​

​

​

​

​

​

​

Getting started

The IASME process is started by applying for an online portal account. The prices vary according to the organisation size, use this link to sign up - CE & IASME sign up

​

IASME Governance

A second level of standard is available called IASME Governance which requires an independent assessment to be completed.

​

​