IASME Cyber Assurance Standard
IASME Cyber Assurance standard
The standard, now known as the IASME Cyber Assurance standard was the basis for the creation of the IASME Consortium organisation, founded back in 2012. The motivation was to create an Information Assurance Standard that was affordable and accessible for SMEs. This is still the case today.
IASME Cyber Assurance is a comprehensive, flexible and affordable cyber security standard that provides assurance that an organisation has put in practice a range of important cyber security, privacy and data protection measures. It aligns directly on all topics with the UK Government's 10 steps to Cyber Security in addition to Data Privacy controls and offers smaller companies within a supply chain a 'right sized' approach to show their level of information security for a realistic cost.
Important cyber security measures are set out which include assessing and managing risk, training people and setting practical policies as well as resilience strategies such as backing up data, business continuity planning and incident response. Legal and regulatory requirements are also addressed such as your country's implementation of GDPR (in the UK this is the Data Protection Act).
IASME Cyber Assurance is available in two levels - verified assessment and audited
For Level 1 - verified assessment, organisations access a secure portal to answer around 160 questions about their security. The assessment is marked by a Certification Body and a pass or fail is returned to the organisation. For Level 2 - audited, an independent assessor conducts an on-site audit of the controls, processes and procedures covered in the IASME Cyber Assurance standard. The audited version gives a higher level of assurance and is pass or fail. (There are no longer bronze, silver, and gold classifications.)
Cyber Essentials certification is a prerequisite
Cyber Essential certification is now specified as a prerequisite for IASME Cyber Assurance. There are early questions asking, "Do you have Cyber Essentials?" and "What is your certificate number?". The price of IASME Cyber Assurance does not include the Cyber Essentials certification.
Both standards can be purchased at the same time - see Cyber Assurance sign up options.
Pricing structure for IASME Cyber Assurance
Micro organisations - 0-9 employees - £300.00 plus VAT
Small organisations - 10-49 employees - £400.00 plus VAT
Medium organisations - 50-249 employees - £450.00 plus VAT
Large organisations - 250+ employees - £500.00 plus VAT
The above prices exclude the cost of Cyber Essentials. To sign up - Cyber Assurance sign up options.