The IASME Governance standard was developed over several years during a government funded project to create a cyber security standard which would be an affordable and achievable alternative to the international standard, ISO 27001.
The IASME Governance standard allows the small companies in a supply chain to demonstrate their level of cyber security for a realistic cost and indicates that they are taking good steps to properly protect their customers’ information. The IASME Governance assessment includes a Cyber Essentials assessment and GDPR requirements and is available either as a self assessment or on-site audit.
The Standard is governed by a document issued by the IASME Consortium. The Standard is available for download.
The requirements of the Standard require an organisation to fully understand the information that is safeguarded and processed, and to develop policies and processes to ensure that the information is secure.
The benefits of such an approach include the following: -
Clear understanding of the information used by the organisation.
Identification of the risks to organisational information.
Development of adequate barriers or controls to reduce the likelihood or impact of unwanted scenarios.
Management and maintenance of the information risks to an acceptable level.
Use of a structured self-assessment for the completeness of how to protect organisational information.
Proactively verify that the security controls that implemented provide the appropriate and intended level of information and cyber security.
Increased awareness of information risks in organisations and the wider supply chain of which the organisation may be part of.
Provides the organisation, customers/clients, and the supply chain, a level of assurance akin to ISO/IEC 27001 and similar standards.
Online questions also include GDPR and Data Protection questions.
The IASME Governance standard provides an independent review by an assessor completed with an understanding of the organisation size and risk, and aimed at verifying the effectiveness of policies and processes in use.
Interaction with Cyber Essentials
Cyber Essentials forms a key element of the IASME standard and covers the configuration of organisational infrastructure. The self-certification process includes both Cyber Essentials and IASME related questions.
How to gain IASME
The IASME certification is achieved by self-certifying compliance via an online portal submission. The requirements are set out in preparation document available for download.
The IASME process is started by applying for an online portal account. The prices vary according to the organisation size, use this link to sign up - CE & IASME sign up
A second level of standard is available called IASME Governance which requires an independent assessment to be completed.