IASME Governance
Incorporates GDPR Requirements and Cyber Essentials
The Governance standard by IASME was developed over several years as part of a government funded project to create a cyber security standard which would be an affordable and achievable alternative to the international standard, ISO 27001.
The IASME Governance standard allows smaller Businesses to demonstrate their level of cyber security for a realistic cost and show stakeholders that they have a security management system in place to properly protect their customers’ as well as other sensitive information.
The IASME Governance assessment includes a Cyber Essentials assessment as well as GDPR requirements and can be completed either as a self-assessment or on-site audit.
IASME Governance Self-Assessed from £400 + VAT
Depending on the size of your organisation:
- Micro Organisations 0-9 Employees £400 + VAT
- Small Organisations 10-49 Employees £500 + VAT
- Medium Organisations 50-249 Employees £550 + VAT
- Large Organisations 250+ Employees £600 + VAT
Based on international best practice, IASME Governance is risk based and includes key aspects of security such as incident response, staff training, planning and operations. IASME Governance also incorporates a Cyber Essentials assessment and an assessment against the General Data Protection Regulation (GDPR).
IASME Governance Includes:
- Risk Assessment
- Backup
- Policies
- Incident Management
- Data Protection
- Operational Management
The self-assessed option is carried out online using IASME’s secure portal where organisations are required to answer around 160 short questions about their security.
Access to the portal is provided after paying for the assessment and you have up to six months to complete the answers.
The answers are saved automatically by the system as you progress through them.
Once the answers have been completed, the assessment will be marked by Solutions 4 IT and usually a pass or fail is returned to the organisation within 72 hours.
If a pass is achieved an organisation receives certificates showing their compliance to both IASME Governance and Cyber Essentials. The assessment also demonstrates achievement against the requirements of GDPR.
The cost of the assessment is from £400+VAT. Please note that both assessments must be submitted at the same time.
FAQS
WHAT IS THE DIFFERENCE BETWEEN THE CYBER ESSENTIALS SCHEME AND THE IASME GOVERNANCE SCHEME?
- Secure your Internet connection (Firewalls and routers)
- Secure your devices and software (Secure configuration)
- Control access to your data and services (Access control)
- Protect from viruses and other malware (Malware protection)
- Keep your devices and software up to date (Software updates)
IASME Governance certification is aligned to the Government’s Ten Steps to Cyber Security and includes Cyber Essentials certification as well as controls around people and processes. It also covers the General Data Protection Regulation (GDPR) requirements. IASME Governance is aligned to a similar set of controls as ISO 27001 but is more affordable and achievable for small and medium sized organisations to implement.
The cost of Cyber Essentials certification is from £300 + VAT
The cost of basic IASME Governance certification is from £400 + VAT – this cost includes the Cyber Essentials certificate.
IS IASME GOVERNANCE AUDITED THE SAME AS CYBER ESSENTIALS PLUS?
IASME Governance Audited (sometimes known as IASME Gold) is an independent on-site audit of the level of information security provided by your organisation, against the IASME Governance standard. It is aligned to a similar set of controls to ISO 27001 but is more affordable and achievable for small and medium sized organisations to implement.
The standard includes GDPR requirements and adds additional topics that mostly relate to people and processes, for example:
- Risk assessment and management
- Training and managing people
- Change management
- Monitoring
- Backup
- Incident response and business continuity
IS IT FROM £400 IN TOTAL FOR IASME GOVERNANCE (INCLUDING CYBER ESSENTIALS) OR IS IT £300 + VAT PLUS £400 + VAT?
HOW DOES IASME GOVERNANCE MAP TO OTHER STANDARDS INCLUDING ISO 27001?
IASME Governance Audited
– Price on Application
An IASME Governance Audit requires an on-site audit of your governance processes and procedures covered by the IASME Governance standard. IASME Governance Audited (sometimes known as IASME Gold) is an independent on-site audit of the level of information security provided by your organisation. It offers a similar level of assurance to the internationally recognised ISO 27001 standard but is simpler and often more cost effective for small and medium-sized organisations to implement.
The audited IASME Governance standard is IASME’s highest level of certification and is an excellent alternative to ISO 27001 for small and medium sized organisations
IASME Governance Includes:
The standard includes all of the five Cyber Essentials technical topics and adds additional topics that mostly relate to people and processes. For example:
- Risk Assessment & Management
- Monitoring
- Change Management
- Training and Managing People
- Backup
- Incident Response & Business Continuity
By gaining the Audited IASME Governance certificate your organisation is achieving IASME’s highest level of certification and providing assurance to customers and suppliers that your organisation’s security has been audited by a skilled, independent third-party.
Renewal
The audited certification is renewed at the end of years 1 and 2, Solutions 4 IT will contact you before this date to arrange. At the end of year 3 a full audit, as described above, is required again to renew the certification.
FAQS
WHERE IS THE IASME GOVERNANCE AUDITED STANDARD USED?
The procurement teams of many large companies will accept the IASME Governance Audited standard as independent confirmation of good information and cyber security practice.
This is extremely useful when trying to win tenders and renew contracts, particularly where supplier requirements mention ISO 27001.
For example, The Government of Jersey is one organisation that has specified IASME Governance Standard within its security standards document.
HOW IS THE ASSESSMENT CARRIED OUT?
The first step towards achieving the IASME Governance Audited standard is to contact Solutions 4 IT for a quote. You can do this by filling in the form on this page and one of our experts will be in touch.
Solutions 4 IT are a Certification Body for IASME, if you choose to move forward with an audit, we will discuss with you the scope of the assessment and arrange a mutually convenient time to visit your organisation’s head office to carry out an audit of your policies and process.
The audit usually involves interviews with members of staff and a review of documentation and system configuration.
It does not involve a technical assessment unless you are being assessed to Cyber Essentials PLUS at the same time, although it may be helpful to have technical staff available to provide evidence to the assessor of your system configuration.
The assessor may also wish to visit branch offices or other locations in order to satisfy themselves that your good security practice is reflected across the organisation.
Request More Information
& Get In Touch
Here at Solutions 4 IT we appreciate that Cyber Security can seem quite daunting and overwhelming in any business, but we are here to make this easy for you and keep your business well protected.
Please fill out the contact form so one of our experienced and friendly team members can assess your requirements and contact you to discuss further. We will be available to answer any questions.
For more information on Cyber Security click the links below:
Latest Cyber Security News
New Phishing Tactic Tricks Apple iMessage Users!
Our mobile devices are more than just communication tools; they’re central to everything from shopping and banking to connecting with friends and colleagues. Unfortunately, this reliance on smartphones has made them prime targets for cybercriminals, who are...
How Much Would You Trust A Brand After A Data Breach?
In a rapidly evolving digital landscape, consumer trust is more valuable than ever. A recent survey conducted by Vercara, a leading provider of cloud-delivered security services, sheds light on the significant impact of cyber security data breaches on brand...
2FA – why do you need it?
Passwords have started to get weaker as a form of security. In the current climate of cyber awareness, there are more attacks and breaches than ever, making it even more important to use a good password. We covered good password measures in a previous blog post...
2FA – why do you need it?
Passwords have started to get weaker as a form of security. In the current climate of cyber awareness, there are more attacks and breaches than ever, making it even more important to use a good password. We covered good password measures in a previous blog post...
Is Password Security Enough?
Whenever we hear anything about cyber security, there is always a piece of advice about password security. But are passwords really secure? Let’s find out!