Incorporates GDPR Requirements and Cyber Essentials
The Governance standard by IASME was developed over several years as part of a government funded project to create a cyber security standard which would be an affordable and achievable alternative to the international standard, ISO 27001.
The IASME Governance standard allows smaller Businesses to demonstrate their level of cyber security for a realistic cost and show stakeholders that they have a security management system in place to properly protect their customers’ as well as other sensitive information.
The IASME Governance assessment includes a Cyber Essentials assessment as well as GDPR requirements and can be completed either as a self-assessment or on-site audit.
Depending on the size of your organisation:
Based on international best practice, IASME Governance is risk based and includes key aspects of security such as incident response, staff training, planning and operations. IASME Governance also incorporates a Cyber Essentials assessment and an assessment against the General Data Protection Regulation (GDPR).
The self-assessed option is carried out online using IASME’s secure portal where organisations are required to answer around 160 short questions about their security.
Access to the portal is provided after paying for the assessment and you have up to six months to complete the answers.
The answers are saved automatically by the system as you progress through them.
Once the answers have been completed, the assessment will be marked by Solutions 4 IT and usually a pass or fail is returned to the organisation within 72 hours.
If a pass is achieved an organisation receives certificates showing their compliance to both IASME Governance and Cyber Essentials. The assessment also demonstrates achievement against the requirements of GDPR.
The cost of the assessment is from £400+VAT. Please note that both assessments must be submitted at the same time.
IASME Governance certification is aligned to the Government’s Ten Steps to Cyber Security and includes Cyber Essentials certification as well as controls around people and processes. It also covers the General Data Protection Regulation (GDPR) requirements. IASME Governance is aligned to a similar set of controls as ISO 27001 but is more affordable and achievable for small and medium sized organisations to implement.
The cost of Cyber Essentials certification is from £300 + VAT
The cost of basic IASME Governance certification is from £400 + VAT – this cost includes the Cyber Essentials certificate.
IASME Governance Audited (sometimes known as IASME Gold) is an independent on-site audit of the level of information security provided by your organisation, against the IASME Governance standard. It is aligned to a similar set of controls to ISO 27001 but is more affordable and achievable for small and medium sized organisations to implement.
The standard includes GDPR requirements and adds additional topics that mostly relate to people and processes, for example:
– Price on Application
An IASME Governance Audit requires an on-site audit of your governance processes and procedures covered by the IASME Governance standard. IASME Governance Audited (sometimes known as IASME Gold) is an independent on-site audit of the level of information security provided by your organisation. It offers a similar level of assurance to the internationally recognised ISO 27001 standard but is simpler and often more cost effective for small and medium-sized organisations to implement.
The audited IASME Governance standard is IASME’s highest level of certification and is an excellent alternative to ISO 27001 for small and medium sized organisations
The standard includes all of the five Cyber Essentials technical topics and adds additional topics that mostly relate to people and processes. For example:
By gaining the Audited IASME Governance certificate your organisation is achieving IASME’s highest level of certification and providing assurance to customers and suppliers that your organisation’s security has been audited by a skilled, independent third-party.
The audited certification is renewed at the end of years 1 and 2, Solutions 4 IT will contact you before this date to arrange. At the end of year 3 a full audit, as described above, is required again to renew the certification.
The procurement teams of many large companies will accept the IASME Governance Audited standard as independent confirmation of good information and cyber security practice.
This is extremely useful when trying to win tenders and renew contracts, particularly where supplier requirements mention ISO 27001.
For example, The Government of Jersey is one organisation that has specified IASME Governance Standard within its security standards document.
The first step towards achieving the IASME Governance Audited standard is to contact Solutions 4 IT for a quote. You can do this by filling in the form on this page and one of our experts will be in touch.
Solutions 4 IT are a Certification Body for IASME, if you choose to move forward with an audit, we will discuss with you the scope of the assessment and arrange a mutually convenient time to visit your organisation’s head office to carry out an audit of your policies and process.
The audit usually involves interviews with members of staff and a review of documentation and system configuration.
It does not involve a technical assessment unless you are being assessed to Cyber Essentials PLUS at the same time, although it may be helpful to have technical staff available to provide evidence to the assessor of your system configuration.
The assessor may also wish to visit branch offices or other locations in order to satisfy themselves that your good security practice is reflected across the organisation.
Here at Solutions 4 IT we appreciate that Cyber Security can seem quite daunting and overwhelming in any business, but we are here to make this easy for you and keep your business well protected.
Please fill out the contact form so one of our experienced and friendly team members can assess your requirements and contact you to discuss further. We will be available to answer any questions.
For more information on Cyber Security click the links below:
AI tools are changing the game for coding, making it easier than ever to build websites, apps, and software without needing to be a tech wizard. For example, tons of website builder companies like Webflow and Wix now let people use AI to create digital products...
Sometimes cybersecurity slip-ups come from the places you'd least expect — like the very tools meant to keep you safe. Recently, over 1,700 sensitive documents accidentally ended up in the public domain, all thanks to a chain reaction involving Microsoft Defender...
Although organisation are quick to notice vulnerabilities in their systems, it still can take up to 363 days to fix approximately 50% of software security flaws.
Although organisation are quick to notice vulnerabilities in their systems, it still can take up to 363 days to fix approximately 50% of software security flaws.
Passwords have started to get weaker as a form of security. There are more attacks and breaches than ever, making it even more important to use a good password. We covered good password measures in a previous blog post here. However, millions of people still use...