IASME Governance

The Information Assurance for Small & Medium Enterprise (IASME) standard was developed over several years during a Technology Strategy Board funded project to create an achievable cyber security standard for small companies.  The international standard, ISO27001, is comprehensive but extremely challenging for a small company to achieve and maintain.  The IASME standard is written along the same lines as the ISO27001 but specifically for small companies. The gold standard of IASME demonstrates baseline compliance with the international standard

IASMElogotransThe IASME standard, at a realistic cost, allows the SMEs to demonstrate their level of cyber security and that they are able to properly protect their customers information. The IASME standard is risk-based and includes holistic aspects such as physical security, staff awareness, and data backup. The IASME standard was recently recognised as the best cyber security standard for small companies by the UK Government when in consultation with trade associations and industry groups.

Baigent’s Information Security Services Ltd are independent IASME assessors and can provide 3rd party information assurance audits for your business.

As part of the IASME Governance certification process you will be also able to gain Cyber Essentials and Cyber Essentials Plus if you opt for this further enhanced option.

Cyber Essentials to IASME GoldAreas Covered

  • Identify
    • Organisation
    • Assessing the Risks
    • Assets
    • People
  • Protect
    • Policy Realisation
    • Physical & Environmental Protection
    • Secure Business Operations
    • Access Control
    • Encrypting well
  • Detect
    • Malware and Technical Intrusion
    • Monitoring
    • Technical Vulnerability Scans*
  • Respond and Recover
    • Backup and Restore
    • Incident Management
    • Business Continuity / Disaster Recovery

Costs start from £1,500 depending on the size and complexity of business and usually require a few days on site to complete the process.

Contact us for more information

Please be aware that you may be required to take corrective/preventative measures which might include but not limited to, purchasing, upgrading or installing security software and equipment that your business may not already have to be able to comply with current best practices and standards. You may also need to improve internal procedures, practices, policies and other documentation  in order for you to gain certification.

Information Security is not a one time fix, it is an ongoing process of improvement that requires full engagement from all areas of a business from the top to the bottom.

*Optional Enhanced Extra