The Information Assurance for Small & Medium Enterprise (IASME) standard was developed over several years during a Technology Strategy Board funded project to create an achievable cybersecurity standard for small companies. The international standard, ISO27001, is comprehensive but highly challenging for a small company to achieve and maintain. The IASME standard is written along the same lines as the ISO27001 but specifically for small companies. The gold standard of IASME demonstrates baseline compliance with the international standard.
The IASME standard, at a realistic cost, allows the SMEs to demonstrate their level of cybersecurity and that they are able to protect their customer’s information adequately. The IASME standard is risk-based and includes holistic aspects such as physical security, staff awareness, and data backup. The IASME standard was recently recognised as the best cybersecurity standard for small companies by the UK Government when in consultation with trade associations and industry groups.
Baigent’s Information Security Services Ltd are independent IASME assessors and can provide 3rd party information assurance audits for your business.
As part of the IASME Governance certification process, you will also be able to gain Cyber Essentials and Cyber Essentials Plus if you opt for this further enhanced option.
- Assessing the Risks
- Policy Realisation
- Physical & Environmental Protection
- Secure Business Operations
- Access Control
- Encrypting well
- Malware and Technical Intrusion
- Technical Vulnerability Scans 1
- Respond and Recover
- Backup and Restore
- Incident Management
- Business Continuity / Disaster Recovery
Costs start from £1,500
depending on the size and complexity of the business and usually require a few days to complete the process.
Please be aware that you may be required to take corrective/preventative measures, which might include but not limited to purchasing, upgrading or installing security software and equipment that your business may not already have to be able to comply with current best practices and standards. You may also need to improve internal procedures, practices, policies and other documentation for you to gain certification.
Information Security is not a one time fix. It is an ongoing process of improvement that requires full engagement from all business areas from top to bottom.
Optional Enhanced Extra ↩