IASME Governance

The IASME Governance standard enables smaller companies to prove that they have taken meaningful steps to implement robust cyber security procedures and protect their customers’ information. It aligns with the Government’s 10 Steps to Cyber Security which is used by the majority of the FTSE350.

For smaller businesses, IASME is an affordable alternative to ISO27001, the Information Security Management Standard.

The IASME Governance standard includes assessments against Cyber Essentials and the GDPR as well as looking at the role of people and processes. The 22 topics include configuration, patching, firewalls, malware, business continuity, cloud services and data protection as well as risk management, leadership, supplier assurance and incident management.

There are two types of IASME certification – Self-assessed and Audited (sometimes known as Gold).

The self-assessment form of IASME involves completing a 43-page questionnaire about company’s cyber security and data management.

The Audited (Gold) version of IASME requires you to pass an on-site audit conducted by an IASME certified assessor.  

For the majority of areas, the IASME Governance standard meets or exceeds the requirements of the NHS Digital Data Security Standards. In some areas an action, process or tool that is specific to the NHS is referenced by the NHS Digital Data Security standard and does not map directly to the IASME Governance standard. IASME Governance provides a great framework to meet the NHS requirements and, where there are gaps, our team will help to close these.

The thought of answering 160 questions about your cyber security and data protection may seem daunting but our step-by-step approach will help you achieve certification. 

We’ll begin by explaining what the certification requires. Then, with your permission, we’ll liaise with your IT and HR teams (in-house or outsourced) to gather the information needed to compare your current performance against the assessment criteria. Once we’ve performed a gap analysis, we’ll create a step-by-step action plan for you to follow. Of course, you’ll always have our support via email or phone. Once we’re satisfied that you have completed your actions, we’ll ask you to review and approve the draft IASME submission which we’ll have prepared for you.

If you’ve already failed your IASME Governance certification, don’t worry. We have a 100% success rate! Simply contact us to explore how we can help. 

If you ask us to support you through IASME Governance, we’ll make sure that you don’t just meet the requirements of the scheme but exceed them. After all, when it comes to protecting your business from cyberattack, cutting corners is a false economy. We want to ensure your business is properly protected against cyber risks and data loss.

Of course, if you choose not to work with us, you could attempt to fudge your answers. However, you would be committing fraud and putting your business at risk. There would also be a good chance that any misrepresentation would be picked up during the assessment process. The certification bodies are themselves assessed by IASME to ensure that the integrity of the certification is upheld.

Discover more in our blog on the credibility of self-assessed certifications.

We can normally help a client achieve IASME Governance within six to eight weeks. However, the actual time taken depends on various factors including the size of your business and the availability of key personnel.

We offer telephone and email support as part of our Compliance in a Service. This includes expert advice relating to cyber security, ISO, GDPR and H&S from our panel of experts.

Once your answers have been uploaded to the portal, you’ll normally hear the results within 72 hours. You will also receive a copy of your report after your assessment is complete.

Yes, you will receive an IASME Governance certificate and a Cyber Essentials certificate. The logos can be used on your website and in your marketing materials. We’ll provide you with a free copy of our Promotion Power Pack, a guide to promoting your certifications.

Your company name will also be added to the National Cyber Security Centre’s register of organisations holding the Cyber Essentials certification. 

Your IASME Governance and Cyber Essentials certificates will be valid for 12 months. We will contact you before your renewal is due and help you through re-certification. 

Absolutely. We have recognised four distinct benefits since first gaining our certification in 2015. Firstly, by ensuring we meet the requirements of IASME Governance, we continue to reduce the risk of our business being impacted by a cyberattack. Secondly, it allows us to demonstrate to the ICO that we have taken both technical and organisational measures to comply with the EU GDPR and UK DPA. It also saves us time and money by enabling us to shortcut many tedious supplier questionnaires when bidding for new business. Finally, and most importantly perhaps for us, it allows us to have informed conversations with prospective clients and differentiates us from the competition.

We know that our IASME Governance clients experience and appreciate the same benefits.

Don’t worry, this happens! IASME Governance may not be as well-known as ISO27001 but it bears up well under scrutiny. We’ve already helped many IASME Governance certified clients convince procurement teams that it’s a robust and credible alternative to ISO27001. 

IASME Governance is not mandatory, however it can help you win new business and protect your assets, making it a worthwhile investment. Achieving IASME Governance supports compliance with the technical and organisational measures necessary for GDPR compliance.

As your business expands, you may consider implementing internationally recognised ISO management standards. ISO9001, the Quality Management Standard, is one of the most popular as it ensures that your growing business remain focused on customer satisfaction. If you decide to implement ISO9001, you could replace your IASME Governance certification with ISO27001 as this will enable you to save time and money by operating the two ISO certifications as part of an integrated management system. If you handle large volumes of customer data, you could also seek certification to ISO27701, the Privacy Information Management Standard. This is an extension to ISO27001, and we suspect it’s going to become an increasingly common requirement in tenders over the next few years.

As well as helping other businesses achieve ISO, we’re certified to ISO9001, ISO27001 and ISO27701 and will happily talk to you about our experiences. Alternatively, you can read our own ISO9001, IASME/Cyber Essentials and ISO27001/ISO27701 case studies.

IASME Governance is a UK standard relevant for the SME market. In contrast, ISO27001 is a standard which is recognised globally. IASME is a self-assessment scheme whereas ISO27001 requires an external audit. The scope of the two certifications also differs, for example, IASME Governance incorporates Cyber Essentials and has a more granular requirement to achieve specific aspects of compliance with the UK Data Protection Act which ISO27001 does not. Finally, there is a difference in price with consultancy and the external audit for ISO27001 starting with a price tag of £10,000 compared to IASME Governance at less than half the price.

Achieving IASME Governance allowed us to be approximately 85% compliant with the ISO standards, smoothing our transition to ISO27001. IASME Governance therefore is a great ‘stepping-stone’ to ISO.

The cost of our support depends upon the complexity of your network. As a guide, our fixed price consultancy service starts at £3,795.

The cost of IASME Governance Self-assessed is £400+VAT. The cost of an IASME Governance Audited (Gold) assessment will depend on the size and complexity of your IT structure.

For more information, please contact us.

We have been IASME Governance certified (including Cyber Essentials) since 2015. We are also ISO27001/ISO27701 certified. 

We have a 100% success rate in supporting businesses and charities through IASME Governance certification. Our experience includes accountants, consultancies, software developers and private investigators.

Please get in touch. We’ll be delighted to explain more about the IASME Governance certification and explain how it can help your organisation.