IASME STANDARD

– the best cyber security standard for small companies in the UK –

What is the IASME Standard?

The IASME (Information Assurance for Small and Medium Enterprises) Standard is an Information Assurance Standard developed specifically to create an achievable cyber security standard for small and medium sized organisations (SMEs).

The standard is designed to fall along the same lines as ISO 27001:2013 but it is less resource intensive and therefore a realistic and affordable way for SMEs to demonstrate that they are following best practice. Building on the technical controls of Cyber Essentials IASME requires that a basic information security management system is in place with optional assessment against the GDPR requirements.

Achieving an IASME accreditation demonstrates that the company follows cyber security best practices as well as being in compliance for the most of it with the ISO 27001 standard.

The IASME governance standard is publicly available and can be downloaded from here.

ISO/IEC 27001:2013 is the best-known standard in the family of standards providing help to keep information assets secure.

The 27001 standard sets out generic requirements for establishing, implementing, maintaining and improving an information security management system within the context of the organization. It also includes requirements for the assessment and treatment of information security risks.

You can see the 27000 standards here.

Why become certified against the IASME Standard

  • Demonstrate your commitment to security and protection of data
  • Enhance your organisation’s cyber security controls
  • Make your data governance processes more robust
  • Increase business partners’ confidence in your information assurance level
  • If you have access to another organisation’s data or systems, you are likely to be asked to demonstrate how you manage information security
  • Place your  business in a strong position if you wish to certify to the international standard ISO27001 in the future.

What Does the IASME Standard Cover?

The IASME Standard maintains a continuous annual assessment with re-certification every 3 years. The standard includes a number of elements covered in 13 categories:

  • Organisation
  • Assessing the Risk
  • Policy and Compliance
  • Assets
  • Personnel
  • Physical and Environmental Protection
  • Operations and Management
  • Access Control
  • Malware and Technical Intrusion
  • Monitoring
  • Backup and Restore
  • Incident Management
  • Disaster Recovery and Business Continuity

Differences between Cyber Essentials and IASME Standard

While Cyber Essentials is a Government-backed scheme designed to cover the basics of cyber security, certification against the IASME standard seeks additional evidence to cover your security management, staff, physical security and business continuity.

Providing a more thorough level of data protection than Cyber Essentials, IASME focus on the complete management of information through a continuous development process and includes an optional assessment against the forthcoming General Data Protection Regulation (GDPR).

IASME Certification Levels

The IASME Governance assessment includes a Cyber Essentials assessment and is available either as a self assessment or on-site audit. Since the 1st March 2017, it has also included an optional assessment against the GDPR requirements.

IASME STANDARD (SELF-ASSESSED)

The self-assessed certification option comprises a set of questions regarding the controls in place governing Information Assurance in your organisation.

On submission we mark the questionnaire and award the certification if all of the answers given are compliant with the standard.

IASME STANDARD (AUDITED)

THIS NEEDS T BE REVISED Once your self-assessment questionnaire has been assessed, an assessor will visit your organisation for a thorough audit of the controls and artefacts of the Information Security Management System and a report produced

The audited IASME certification is seen as a realistic alternative to ISO27001

We are licensed assessors of the IASME Standard

We can assess against and competently advise on the Self-Assessed and Audited IASME Certifications