IASME Governance Standard
Based on international best practice, the IASME Governance Standard (Information Assurance for Small and Medium Enterprises) is risk-based and provides a highly credible security management standard.
Funded by the Government’s Technology Strategy Board, the IASME Governance Standard was developed as an appropriate and cost-effective alternative for small and medium sized businesses who want to demonstrate their commitment to cyber security, but without the expense and complexity of ISO/IEC 27001 certification.
It was recently recognised as the best cyber security standard for small companies and is becoming a mandatory requirement for UK Government, Welsh Government, NHS Wales and Supply chains for companies supplying certain products and services.
The IASME Governance Standard also includes a Cyber Essentials assessment and an optional assessment against the General Data Protection Regulation (GDPR).
Significant elements of the standard are covered within Cyber Essentials, however IASME adds compliance aspects such as Risk Assessments, ICT Policy, Asset Management, Personnel Security, Physical Security, Monitoring, Backup & Restore, Incident Management, and Disaster Recovery.
If you are a direct supplier to government or part of a government supply chain, Cyber Essentials is a mandatory requirement but IASME (which includes Cyber Essentials) allows you to demonstrate a more rigorous approach.
Having IASME certification may set you apart from your competition. It may also help you to participate in a government supply chain, where there is a growing awareness that small companies pose a known threat to information security.
By certifying to the IASME governance standard including the specific GDPR questions, you show your organisation has a wider governance system for management of the controls protecting personal data.
IASME certification is typically conducted at the same time as a Cyber Essentials assessment. Companies can choose to self-assess against the IASME standard or provide further evidence of their security posture by instructing CYFOR to complete an on-site IASME audit. If successful, a company undertaking the assessment will achieve both certifications and entitle you to Cyber Liability Insurance with a £25,000 indemnity limit.