• About
  • Services
    • Penetration Testing
    • Vulnerability Assessment
    • Phishing & Training
    • Strategy & Maturity
    • Information Assurance
    • Cyber Essentials
  • Resources
  • British Data Awards
  • Contact
  • Get a Quote
Menu
  • About
  • Services
    • Penetration Testing
    • Vulnerability Assessment
    • Phishing & Training
    • Strategy & Maturity
    • Information Assurance
    • Cyber Essentials
  • Resources
  • British Data Awards
  • Contact
  • Get a Quote
  • About
  • Services
    • Penetration Testing
    • Vulnerability Assessment
    • Phishing & Training
    • Strategy & Maturity
    • Information Assurance
    • Cyber Essentials
  • Resources
  • British Data Awards
  • Contact
  • Get a Quote
Menu
  • About
  • Services
    • Penetration Testing
    • Vulnerability Assessment
    • Phishing & Training
    • Strategy & Maturity
    • Information Assurance
    • Cyber Essentials
  • Resources
  • British Data Awards
  • Contact
  • Get a Quote
  • 27.01.2021
  • | Michael Fotis
  • Tags: IASME Governance

IASME Governance Certification Guide

The IASME Governance standard is a government-backed information assurance framework that helps SMEs implement an effective GDPR-compliant information assurance program. It was developed as an affordable and achievable alternative to the international standard, ISO 27001 which may be out of reach for many small organisations.

In this article we’ll take a deep dive into the IASME Governance standard. We’ll look at what the IASME Governance standard is, who it is for, what it involves, and how it compares to Cyber Essentials.

What does the IASME Governance standard involve?

The IASME Governance certification was designed to help smaller organisations improve their information security posture. It provides an affordable way to demonstrate a good level of cyber security and information governance to clients and other stakeholders. Organisations will be assessed on a number of information assurance controls such as risk assessment, incident management, policies, data protection and operational management. On passing the assessment, the organisation will receive certificates showing their compliance to both IASME Governance and Cyber Essentials.

Is IASME Governance better than Cyber Essentials?

The IASME Governance standard includes Cyber Essentials certification so it shouldn’t be viewed as an alternative. While Cyber Essentials checks technical controls, IASME Governance builds upon this by also including checks against key governance elements such as risk assessment management and business continuity. It also includes a GDPR requirements assessment which can demonstrate that you have taken into account the requirements of the General Data Protection Regulation (GDPR).

What steps are involved to achieve IASME Governance certification?

> Before any engagement can begin, your chosen IASME certification Body (such as Predatech), will need to ask a few questions to understand the scope of the assessment. This is also an opportunity for you to ask any questions you may have and to agree target timelines. For example, if you need to achieve the IASME Governance standard by a set date, make sure to discuss this with your Certification Body. And if you believe that your organisation may need some support with completing the questionnaire, make sure to ask your Certification Body what guidance they can provide.

> When an engagement formally begins an organisation is granted access to IASME’s online portal which presents around 160 short questions, including all the Cyber Essentials assessment questions.

> Once these questions have been answered, your Certification Body will review and provide a pass or fail. Some Certification Bodies will offer a free retest should your organisation fail at the first attempt.

Self-Assessment or Audited (Gold)?

The IASME Governance certification comes in two forms, the self-assessed and audited (Gold) version. The audited certification asks the same questions as the self-assessed version. The key difference is that it also typically involves an onsite audit that may include interviews with staff as well as review of key documentation and system configurations.

IASME Governance Gold

What does it cost?

IASME Governance standard (self-assessed) costs £400. This includes the cost of the Cyber Essentials certification. The audited version will cost more as it requires an IASME accredited Certification Body (such as Predatech) to audit the assessment. This normally involves an onsite audit, but during coronavirus, these are being carried out remotely.

Who are IASME?

IASME (Information Assurance for Small and Medium Enterprises) was formed in 2010 through a Government funded project that aimed to create an ‘affordable and achievable’ alternative to ISO 27001. Since 2010 IASME has played an important role in promoting cyber security best practice. More recently, the National Cyber Security Centre (NCSC) has chosen IASME to take over full responsibility for Cyber Essentials delivery from April 2020. This means that all Cyber Essentials certification bodies now have to be accredited by IASME.

Why does information assurance really matter?

Information assurance (IA) focuses on protecting and managing risks related to the use, processing, storage and transmission of information and is built upon five pillars: availability, integrity, authentication, confidentiality and non-repudiation. Adopting a formal information security standard can help to ensure that security becomes part of your organisation’s culture and ultimately will help to strengthen your resilience to cyber incidents.

Want to find out more?

If you’d like to find out more about the IASME Governance standard, please contact Predatech for a free consultation.

Latest Posts

Blind SQL Injection Exploitation Using Burp Suite

Currently regarded as the one of the greatest risks to web application security (and listed in third place in the OWASP Top 10 for 2021),…
  • Jason Johnson|
  • 14.06.2022|
READ MORE
Cyber Essentials

250 Cyber Essentials Certificates Issued

We’re delighted to announce that Predatech has successfully issued two hundred and fifty Cyber Essentials & Cyber Essentials Plus certificates! Reaching this milestone so quickly…
  • Michael Fotis|
  • 07.06.2022|
READ MORE

British Data Awards 2022 Winners Announced

It’s been quite a year for our quest to discover and celebrate data success stories. With 158 nominations received, competition to be named a Finalist…
  • Michael Fotis|
  • 20.05.2022|
READ MORE

Blind SQL Injection Exploitation Using Burp Suite

Currently regarded as the one of the greatest risks to web application security (and listed in third place in the OWASP Top 10 for 2021),…
  • Jason Johnson|
  • 14.06.2022|
READ MORE
Cyber Essentials

250 Cyber Essentials Certificates Issued

We’re delighted to announce that Predatech has successfully issued two hundred and fifty Cyber Essentials & Cyber Essentials Plus certificates! Reaching this milestone so quickly…
  • Michael Fotis|
  • 07.06.2022|
READ MORE

British Data Awards 2022 Winners Announced

It’s been quite a year for our quest to discover and celebrate data success stories. With 158 nominations received, competition to be named a Finalist…
  • Michael Fotis|
  • 20.05.2022|
READ MORE

Securing Your Software Development Life Cycle

It’s been three decades since the advent of the World Wide Web and since then, web content has transformed from serving simple HTML files to…
  • Jason Johnson|
  • 22.04.2022|
READ MORE
SEE ALL ARTICLES
Quick Links
  • About Us
  • Resources
  • British Data Awards
  • Contact
Services
  • Penetration Testing
  • Vulnerability Assessment
  • Phishing Simulation & Training
  • Strategy & Maturity
  • Information Assurance
  • Cyber Essentials

Contact

  • [email protected]
  • 0161 706 0720

© 2021 Predatech Limited

Privacy Policy
We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept”, you consent to the use of ALL the cookies. Find out more by reading our Privacy Policy.
Cookie settingsACCEPT
Manage consent

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may have an effect on your browsing experience.
Necessary
Always Enabled

Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.

Non-necessary

Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.

SAVE & ACCEPT
Get a Quote
  • *