IASME governance

The IASME Governance standard was developed over several years during a government funded project to create a cyber-security standard which would be an affordable and achievable alternative to the international standard, ISO27001.

The IASME Governance standard allows the small companies in a supply chain to demonstrate their level of cyber security for a realistic cost and indicates that they are taking good steps to properly protect their customer’s information.

The IASME Governance assessment includes a Cyber Essentials assessment and GDPR requirements and is available either as a self-assessment or on-site audit.

Audited IASME Governance (sometimes known as IASME Gold) is an independent, on-site audit of the level of information security provided by your organisation.

The standard includes all of the five Cyber Essentials technical topics and adds additional topics that mostly relate to people and processes, for example:

      • Risk assessment and management
      • Training and managing people
      • Change management
      • Monitoring
      • Backup
      • Incident response and business continuity

By gaining the Audited IASME Governance certificate your organisation is achieving IASME’s highest level of certification and providing assurance to customers and suppliers that your organisation’s security has been audited by a skilled, independent third-party.

The procurement teams of many large companies will accept the IASME Governance Audited standard as independent confirmation of good information and cyber security practice. This is extremely useful when trying to win tenders and renew contracts, particularly where supplier requirements mention ISO 27001.

  • The IASME governance standard maps closely to a number of widely recognised cyber security and assurance standards and guides. This means it can be used to demonstrate compliance to many of these standards.
  • The 10 Steps Guidance (https://www.ncsc.gov.uk/collection/10-steps-to-cyber-security was designed by NSCS for organisations looking to protect themselves in cyberspace. The 10 Steps to Cyber Security was originally published in 2012 and is now used by a majority of the FTSE350
  • One of the key objectives of the NIS Directive is to ensure that Operators of Essential Services (OES) take appropriate and proportionate technical and organisational measures to manage the risks to the security of network and information systems which support the delivery of essential services. The Cyber Assessment Framework (CAF) is intended to assist in achieving effective security assessments
  • The NHS Data Security and Protection Toolkit is an online self-assessment tool that allows organisations to measure their performance against the National Data Guardian’s 10 data security standards.  All organisations that have access to NHS patient data and systems must use this toolkit to provide assurance that they are practising good data security and that personal information is handled correctly.
  • Complete self-assessment (guided),
  • Report on ‘gaps’
  • On-site audit
  • Report – pass or fail
  • Certificate award and issuing of logos

You can download a free copy of the IASME Governance Standard here.

Housing case study

Size of company:
25

Sector:
Housing

Threat protection cover:
Cyber Essentials, Cyber Essentials Plus, Ongoing Cyber Support

Overview:

Our client holds lots of confidential data relating to tenants in their properties and financial and medical care plans in relation to the care and support of those tenants in their properties and managed/assisted living spaces.

View full case study >>

Managed Business Services case study

Size of company:
25

Sector:
IT

Threat protection cover:
Cyber Essentials, Cyber Essentials Plus, Ongoing Cyber Support

Overview:

Our client, a smaller company within a larger organisation, providing internal and external ICT support for the wider company and their end clients.

View full case study >>

Data Management case study

Size of company:
50-100

Sector:
Government

Threat protection cover:
Cyber Essentials, Cyber Essentials Plus, Ongoing Cyber Support

Overview:

Our client works with several very well-known UK brands and local / central government departments all of which, through questionnaires and external audits, were asking our client for further information about their security provision as there was a need to ensure that the data being managed by our client was secure.

View full case study >>

Legal case study

Size of company:
25

Sector:
Legal

Threat protection cover:
Cyber Essentials, Cyber Essentials Plus, Ongoing Cyber Support

Overview:

Our client, a legal firm, wanted to improve their Cyber Security Posture through the National Cyber Security Centre’s (NCSC) Cyber Essentials and Cyber Essentials Plus certification path.

View full case study >>

Our Credentials

We are the only Cyber Security Company who can certify your compliance (we are an approved certifying body) and manage your security and risk on an ongoing basis, as well as help you achieve Cyber Essentials, Cyber Essentials Plus and IASME Gold Framework.

Get in touch