IASME governance

The IASME Governance standard was developed over several years during a government funded project to create a cyber-security standard which would be an affordable and achievable alternative to the international standard, ISO27001.

The IASME Governance standard allows the small companies in a supply chain to demonstrate their level of cyber security for a realistic cost and indicates that they are taking good steps to properly protect their customer’s information.

The IASME Governance assessment includes a Cyber Essentials assessment and GDPR requirements and is available either as a self-assessment or on-site audit.

Audited IASME Governance (sometimes known as IASME Gold) is an independent, on-site audit of the level of information security provided by your organisation.

The standard includes all of the five Cyber Essentials technical topics and adds additional topics that mostly relate to people and processes, for example:

      • Risk assessment and management
      • Training and managing people
      • Change management
      • Monitoring
      • Backup
      • Incident response and business continuity

By gaining the Audited IASME Governance certificate your organisation is achieving IASME’s highest level of certification and providing assurance to customers and suppliers that your organisation’s security has been audited by a skilled, independent third-party.

The procurement teams of many large companies will accept the IASME Governance Audited standard as independent confirmation of good information and cyber security practice. This is extremely useful when trying to win tenders and renew contracts, particularly where supplier requirements mention ISO 27001.

  • The IASME governance standard maps closely to a number of widely recognised cyber security and assurance standards and guides. This means it can be used to demonstrate compliance to many of these standards.
  • The 10 Steps Guidance (https://www.ncsc.gov.uk/collection/10-steps-to-cyber-security was designed by NSCS for organisations looking to protect themselves in cyberspace. The 10 Steps to Cyber Security was originally published in 2012 and is now used by a majority of the FTSE350
  • One of the key objectives of the NIS Directive is to ensure that Operators of Essential Services (OES) take appropriate and proportionate technical and organisational measures to manage the risks to the security of network and information systems which support the delivery of essential services. The Cyber Assessment Framework (CAF) is intended to assist in achieving effective security assessments
  • The NHS Data Security and Protection Toolkit is an online self-assessment tool that allows organisations to measure their performance against the National Data Guardian’s 10 data security standards.  All organisations that have access to NHS patient data and systems must use this toolkit to provide assurance that they are practising good data security and that personal information is handled correctly.
  • Complete self-assessment (guided),
  • Report on ‘gaps’
  • On-site audit
  • Report – pass or fail
  • Certificate award and issuing of logos

You can download a free copy of the IASME Governance Standard here.