IASME Governance

Incorporates GDPR Requirements and Cyber Essentials

The Governance standard by IASME was developed over several years as part of a government funded project to create a cyber security standard which would be an affordable and achievable alternative to the international standard, ISO 27001.

The IASME Governance standard allows smaller Businesses to demonstrate their level of cyber security for a realistic cost and show stakeholders that they have a security management system in place to properly protect their customers’ as well as other sensitive information.

The IASME Governance assessment includes a Cyber Essentials assessment as well as GDPR requirements and can be completed either as a self-assessment or on-site audit.

IASME Governance Self-Assessed from £400 + VAT

Depending on the size of your organisation: 

  • Micro Organisations  0-9 Employees  £400 + VAT
  • Small Organisations  10-49 Employees  £500 + VAT
  • Medium Organisations  50-249 Employees  £550 + VAT
  • Large Organisations  250+ Employees  £600 + VAT

Based on international best practice, IASME Governance is risk based and includes key aspects of security such as incident response, staff training, planning and operations. IASME Governance also incorporates a Cyber Essentials assessment and an assessment against the General Data Protection Regulation (GDPR).

IASME Governance Includes:

 

  • Risk Assessment
  • Backup
  • Policies
  • Incident Management
  • Data Protection
  • Operational Management

The self-assessed option is carried out online using IASME’s secure portal where organisations are required to answer around 160 short questions about their security.

Access to the portal is provided after paying for the assessment and you have up to six months to complete the answers.

The answers are saved automatically by the system as you progress through them.

Once the answers have been completed, the assessment will be marked by Solutions 4 IT and usually a pass or fail is returned to the organisation within 72 hours.

If a pass is achieved an organisation receives certificates showing their compliance to both IASME Governance and Cyber Essentials. The assessment also demonstrates achievement against the requirements of GDPR.

The cost of the assessment is from £400+VAT. Please note that both assessments must be submitted at the same time.

FAQS

 

WHAT IS THE DIFFERENCE BETWEEN THE CYBER ESSENTIALS SCHEME AND THE IASME GOVERNANCE SCHEME?
The Cyber Essentials Scheme is a Government scheme that helps organisations to guard against the most common cyber threats from the internet and demonstrate commitment to cyber security. It covers five main technical controls which will protect companies against an estimated 80% of common internet threats. The controls are:

  • Secure your Internet connection (Firewalls and routers)
  • Secure your devices and software (Secure configuration)
  • Control access to your data and services (Access control)
  • Protect from viruses and other malware (Malware protection)
  • Keep your devices and software up to date (Software updates)

IASME Governance certification is aligned to the Government’s Ten Steps to Cyber Security and includes Cyber Essentials certification as well as controls around people and processes. It also covers the General Data Protection Regulation (GDPR) requirements. IASME Governance is aligned to a similar set of controls as ISO 27001 but is more affordable and achievable for small and medium sized organisations to implement.

The cost of Cyber Essentials certification is from £300 + VAT

The cost of basic IASME Governance certification is from £400 + VAT – this cost includes the Cyber Essentials certificate.

IS IASME GOVERNANCE AUDITED THE SAME AS CYBER ESSENTIALS PLUS?
No – Cyber Essentials Plus is an audited level of the Cyber Essentials assessment, testing the 5 Cyber Essentials controls only.

IASME Governance Audited (sometimes known as IASME Gold) is an independent on-site audit of the level of information security provided by your organisation, against the IASME Governance standard. It is aligned to a similar set of controls to ISO 27001 but is more affordable and achievable for small and medium sized organisations to implement.

The standard includes GDPR requirements and adds additional topics that mostly relate to people and processes, for example:

  • Risk assessment and management
  • Training and managing people
  • Change management
  • Monitoring
  • Backup
  • Incident response and business continuity
IS IT FROM £400 IN TOTAL FOR IASME GOVERNANCE (INCLUDING CYBER ESSENTIALS) OR IS IT £300 + VAT PLUS £400 + VAT?
IASME Governance includes Cyber Essentials and so the cost for both is From £400 + VAT in total.
HOW DOES IASME GOVERNANCE MAP TO OTHER STANDARDS INCLUDING ISO 27001?
IASME have mapped IASME Governance to a variety of standards including ISO 27001. For more information please click here.

IASME Governance Audited

– Price on Application

 

An IASME Governance Audit requires an on-site audit of your governance processes and procedures covered by the IASME Governance standard. IASME Governance Audited (sometimes known as IASME Gold) is an independent on-site audit of the level of information security provided by your organisation. It offers a similar level of assurance to the internationally recognised ISO 27001 standard but is simpler and often more cost effective for small and medium-sized organisations to implement.

The audited IASME Governance standard is IASME’s highest level of certification and is an excellent alternative to ISO 27001 for small and medium sized organisations

IASME Governance Includes:

 

The standard includes all of the five Cyber Essentials technical topics and adds additional topics that mostly relate to people and processes. For example:

  • Risk Assessment & Management
  • Monitoring
  • Change Management
  • Training and Managing People
  • Backup
  • Incident Response & Business Continuity

By gaining the Audited IASME Governance certificate your organisation is achieving IASME’s highest level of certification and providing assurance to customers and suppliers that your organisation’s security has been audited by a skilled, independent third-party.

Renewal

The audited certification is renewed at the end of years 1 and 2, Solutions 4 IT will contact you before this date to arrange. At the end of year 3 a full audit, as described above, is required again to renew the certification.

FAQS

 

WHERE IS THE IASME GOVERNANCE AUDITED STANDARD USED?

The procurement teams of many large companies will accept the IASME Governance Audited standard as independent confirmation of good information and cyber security practice.

This is extremely useful when trying to win tenders and renew contracts, particularly where supplier requirements mention ISO 27001.

For example, The Government of Jersey is one organisation that has specified IASME Governance Standard within its security standards document.

HOW IS THE ASSESSMENT CARRIED OUT?

The first step towards achieving the IASME Governance Audited standard is to contact Solutions 4 IT for a quote. You can do this by filling in the form on this page and one of our experts will be in touch.

Solutions 4 IT are a Certification Body for IASME, if you choose to move forward with an audit, we will discuss with you the scope of the assessment and arrange a mutually convenient time to visit your organisation’s head office to carry out an audit of your policies and process.

The audit usually involves interviews with members of staff and a review of documentation and system configuration.

It does not involve a technical assessment unless you are being assessed to Cyber Essentials PLUS at the same time, although it may be helpful to have technical staff available to provide evidence to the assessor of your system configuration.

The assessor may also wish to visit branch offices or other locations in order to satisfy themselves that your good security practice is reflected across the organisation.

  • This field is for validation purposes and should be left unchanged.

Request More Information
& Get In Touch

 

Here at Solutions 4 IT we appreciate that Cyber Security can seem quite daunting and overwhelming in any business, but we are here to make this easy for you and keep your business well protected.

Please fill out the contact form so one of our experienced and friendly team members can assess your requirements and contact you to discuss further. We will be available to answer any questions.

For more information on Cyber Security click the links below:

 

Latest Cyber Security News