The Governance standard by IASME was developed over several years as part of a government funded project to create a cyber security standard which would be an affordable and achievable alternative to the international standard, ISO 27001.
The IASME Governance standard allows smaller Businesses to demonstrate their level of cyber security for a realistic cost and show stakeholders that they have a security management system in place to properly protect their customers’ as well as other sensitive information.
The IASME Governance assessment includes a Cyber Essentials assessment as well as GDPR requirements and can be completed either as a self-assessment or on-site audit.
IASME Governance Audited
– Price on Application
An IASME Governance Audit requires an on-site audit of your governance processes and procedures covered by the IASME Governance standard. IASME Governance Audited (sometimes known as IASME Gold) is an independent on-site audit of the level of information security provided by your organisation. It offers a similar level of assurance to the internationally recognised ISO 27001 standard but is simpler and often more cost effective for small and medium-sized organisations to implement.
The audited IASME Governance standard is IASME’s highest level of certification and is an excellent alternative to ISO 27001 for small and medium sized organisations
IASME Governance Includes:
The standard includes all of the five Cyber Essentials technical topics and adds additional topics that mostly relate to people and processes. For example:
- Risk Assessment & Management
- Change Management
- Training and Managing People
- Incident Response & Business Continuity
By gaining the Audited IASME Governance certificate your organisation is achieving IASME’s highest level of certification and providing assurance to customers and suppliers that your organisation’s security has been audited by a skilled, independent third-party.
The audited certification is renewed at the end of years 1 and 2, Solutions 4 IT will contact you before this date to arrange. At the end of year 3 a full audit, as described above, is required again to renew the certification.
WHERE IS THE IASME GOVERNANCE AUDITED STANDARD USED?
The procurement teams of many large companies will accept the IASME Governance Audited standard as independent confirmation of good information and cyber security practice.
This is extremely useful when trying to win tenders and renew contracts, particularly where supplier requirements mention ISO 27001.
For example, The Government of Jersey is one organisation that has specified IASME Governance Standard within its security standards document.
HOW IS THE ASSESSMENT CARRIED OUT?
The first step towards achieving the IASME Governance Audited standard is to contact Solutions 4 IT for a quote. You can do this by filling in the form on this page and one of our experts will be in touch.
Solutions 4 IT are a Certification Body for IASME, if you choose to move forward with an audit, we will discuss with you the scope of the assessment and arrange a mutually convenient time to visit your organisation’s head office to carry out an audit of your policies and process.
The audit usually involves interviews with members of staff and a review of documentation and system configuration.
It does not involve a technical assessment unless you are being assessed to Cyber Essentials PLUS at the same time, although it may be helpful to have technical staff available to provide evidence to the assessor of your system configuration.
The assessor may also wish to visit branch offices or other locations in order to satisfy themselves that your good security practice is reflected across the organisation.
Latest Cyber Security News
A virtual private network (VPN) is the closest that you can get to real anonymity online. VPN is a service that aims to keep users safe when browsing public networks through establishing a secure and encrypted connection between your device and the internet.
Since the pandemic, the world has had to adapt in more ways than one especially when it comes to technology and working outside the ‘normal’ office environment. It is crucial for businesses to stay on top of their cyber security procedures and protocols to limit data breaches and vulnerabilities that could put them at risk of cyber attacks.
The cyber essentials certification process assesses a set of controls that provide basic cyber security for all types of organisations. Cyber essentials involve a self-assessment questionnaire of these controls, ensuring that each of them are present and are functional to verify that they protect the organisation and their cyber security system.