IASME Governance

By IASME approved Certifying Body


The Problem

You need ISO 27001 but it takes two years to get and can cost tens of thousands. 

The Solution

The NCSC and IASME recognised that not all UK businesses, particularly SMEs, had resources and funds to achieve ISO 27001 every year. So they decided to offer an option which would allow businesses to secure themselves against a standard almost identical to ISO 27001 but at a fraction of the price – IASME Governance (Audited).

How it works


Step 1: Register Your Interest

Fill out the application form and we'll get in touch to discuss the assessment process.


Step 2: Delivery Phase




Delivery Plan



Step 3: Success

Once passed, you'll be able to download your IASME Gold certification and use the logo on your website and collateral.

Why should I get IASME Governance Audited?


Assured Pass with Guided Certification

A dedicated account manager will be assigned to you to hold your hand and offer support throughout the process.


Maps to the ISO 27001 Standard

IASME Governance Audited enables you to map with a standard almost identical to that of ISO 27001.


Pass Self-Assessment within 72 Hours

We'll help you submit your organisation's self-assessment and get it reviewed within 3 days, so you can get your certification quickly.


Boost Stakeholder Confidence

When you achieve IASME Governance you'll able to use the certification to demonstrate your cyber security competence to stakeholders - investors, insurers and clients will see you take protecting their data seriously.


Win Business

It's becoming a requirement for many businesses to have a cyber security certification in order to secure contracts and win tenders. Gain a competitive edge by achieving IASME's highest level certification.


Remote Audit

We have the technology to be able to assess and certify your organisation fully remotely, without the need for auditors to be on-site. This makes the whole process much faster and more efficient.

IASME Governance Self- Certification


Achieve a high level of security with the IASME Governance Self-Certification, which includes the Cyber Essentials certification as well as meeting GDPR requirements. 


IASME Governance Guided Certification


Avoid the hassle and ensure you pass first time with our Guided Certification option. You’ll be in expert hands with a personal account manager who will help you achieve Cyber Essentials with GDPR. 


IASME Governance

From £3,000/year

IASME Governance Audited starts with achieving the Self-Certification but in addition, an external body must audit your business’ security to verify it’s in line with the IASME Governance standard.


IASME Governance: Understanding the Standard

Find out how IASME Governance determines your business’ cyber risk profile and what areas you will be assessed on in order to meet the standard. 

You can download and read this document for free here.

Download now

Frequently Asked Questions

The Cyber Essentials Scheme is a Government scheme that helps organisations guard against the most common cyber threats demonstrate commitment to cyber security. It covers five main technical controls which will protect companies against an estimated 80% of common internet threats. 

IASME Governance certification is aligned to the Government’s Ten Steps to Cyber Security and includes Cyber Essentials certification as well as controls around people and processes. It also covers the General Data Protection Regulation (GDPR) requirements. IASME Governance is aligned to a similar set of controls to ISO 27001 but is more affordable and achievable for small and medium sized organisations to implement.

Cyber Essentials Plus is an audited level of the Cyber Essentials assessment, testing the 5 Cyber Essentials controls only. IASME Governance Audited (sometimes known as IASME Gold) is an independent audit of the level of information security provided by your organisation, against the IASME Governance standard. It is aligned to a similar set of controls to ISO 27001 but is more affordable and achievable for small and medium sized organisations to implement. The standard includes GDPR requirements and adds additional topics that mostly relate to people and processes, for example:

  • Risk assessment and management
  • Training and managing people
  • Change management
  • Monitoring
  • Backup
  • Incident response and business continuity

Want to speak to one of the team?

Send Us a Message