The IASME Governance standard was created over the course of several years as part of a government-funded effort to implement a cyber security standard that will be a more affordable and practical alternative to ISO 27001.
The IASME Governance standard enables small businesses in a supply chain to demonstrate their degree of cyber protection at a reasonable expense, demonstrating that they are adequately protecting their customers’ data. The IASME Governance review requires a Cyber Essentials assessment as well as GDPR criteria, and it can be done as a self-assessment or as an on-site audit. This combination of Data Protection and Information Security gives a rounded approach to securing an organisations operations.
As with the precursing Cyber Essentials accreditation there are two levels of this accreditation:
IASME Governance – Self Assessment
IASME Governance is a risk-oriented standard and covers ensuring best practise in core areas of security such as:
- incident management
- personnel recruitment
- planning and operations
IASME Governance includes a Cyber Essentials evaluation as well as a self-certified review of the General Data Protection Regulation (GDPR).
IASME Governance – Audited
This level of the standard requires an on-site audit of your governance systems and operations, which are then assessed against the IASME Governance standard.
IASME Governance Audited (also known as IASME Gold) is an impartial on-site audit into the organization’s level of information security.
It has a comparable degree of assurance to the globally recognised ISO 27001 standard, but it is much easier to implement.