More than ever organisations are requiring increased baseline levels of security in order to win contracts and win business with other firms. Here we look at one of those standards – the IASME Governance standard. Coined as the mini ISO 27001 we believe that this is a fantastic framework that organisations can leverage to demonstrate their commitment to cyber security whilst not spending excessive time or capital.
The IASME Governance standard was developed over several years during a government funded project to create a cyber security standard which would be an affordable and achievable alternative to the international standard, ISO 27001.
The IASME Governance standard allows the small companies in a supply chain to demonstrate their level of cyber security for a realistic cost, and indicates that they are taking good steps to properly protect their customers information.
The IASME Governance assessment includes Cyber Essentials and GDPR requirements assessments, and is available either as a self-assessment or on-site audit. The standard includes all of the 5 Cyber Essentials technical topics and adds additional topics that mostly relate to people and processes, including:
- Risk assessment and management
- Training and managing people
- Change management
- Incident response and business continuity
Who’s it for?
If you are a small business for whom ISO 27001 or ISO 9001 may not be a good fit, but you want to validate your approach to information security, quality and compliance with data protection legislation (such as the Data Protection Act and GDPR) to clients and other third parties, certification to the IASME Governance Standard is ideal
By gaining the audited IASME Governance certificate, your organisation is achieving IASME’s highest level of certification and providing assurance to customers and suppliers that your organisation’s security has been audited by a skilled, independent third party.
You may already have security accreditations in place and so not be considering IASME Governance however this standard really drives home controls in and around GDPR and, if undertaken, you can be assured that not only are you meeting robust information cyber security controls but you’ll also be highly compliant with the GDPR legislation – something that is increasingly becoming a requirement to work closely with security conscious organisations.
With that said this can be used as a really valuable addition to any existing policies and frameworks that are being used.
If you’re considering IASME Governance accreditation then please get in touch here. IP Four Digital are a certification body for IASME and are licensed to conduct various accreditation processes.
IP Four Digital are an IT & digital support organisation based in Burnley, Lancashire.