The IASME Governance standard was created over the course of several years as part of a government-funded effort to implement a cyber security standard that will be a more affordable and practical alternative to ISO 27001.

The IASME Governance standard enables small businesses in a supply chain to demonstrate their degree of cyber protection at a reasonable expense, demonstrating that they are adequately protecting their customers’ data. The IASME Governance review requires a Cyber Essentials assessment as well as GDPR criteria, and it can be done as a self-assessment or as an on-site audit. This combination of Data Protection and Information Security gives a rounded approach to securing an organisations operations.

As with the precursing Cyber Essentials accreditation there are two levels of this accreditation:

IASME Governance – Self Assessment
IASME Governance is a risk-oriented standard and covers ensuring best practise in core areas of security such as:

  • incident management
  • personnel recruitment
  • planning and operations

IASME Governance includes a Cyber Essentials evaluation as well as a self-certified review of the General Data Protection Regulation (GDPR).

IASME Governance – Audited
This level of the standard requires an on-site audit of your governance systems and operations, which are then assessed against the IASME Governance standard.

IASME Governance Audited (also known as IASME Gold) is an impartial on-site audit into the organization’s level of information security.

It has a comparable degree of assurance to the globally recognised ISO 27001 standard, but it is much easier to implement.

01

IASME Governance is a risk-oriented standard and covers ensuring best practise in core areas of security such as:

incident management
personnel recruitment
planning and operations

IASME Governance includes a Cyber Essentials evaluation as well as a self-certified review of the General Data Protection Regulation (GDPR).

01

IASME Governance - Self Assessment

IASME Governance - Self Assessment
02

This level of the standard requires an on-site audit of your governance systems and operations, which are then assessed against the IASME Governance standard.

IASME Governance Audited (also known as IASME Gold) is an impartial on-site audit into the organization's level of information security.

It has a comparable degree of assurance to the globally recognised ISO 27001 standard, but it is much easier to implement.

02

IASME Governance - Audited

IASME Governance - Audited