IASME
The Information Assurance for Small to Medium-sized Enterprises (IASME) provides a more thorough level of data protection than Cyber Essentials by focusing on the complete management of information through a continuous development process.
In addition it also covers the requirements for becoming compliant with the GDPR, currently the only certification to do so.
Recognising that the smaller, more agile businesses are significantly different from larger, more structured organisations; considerable research was carried out prior to unveiling this standard. The Technology Board responsible for this identified that SMEs are extremely sensitive to cost, work well with simpler processes and prefer an informal culture and designed the standard based on this.
Why choose IASME?
- It was created after research identified that the international standard ISO27001 was too convoluted for the SME market.
- It includes Cyber Essentials entry level.
- Following the standard ensures your data governance processes are more robust.
- It places businesses in a strong position if they wish to certify to the international standard ISO27001 in the future.
- The standard demonstrates your commitment to security and protection of data.
What does it assess?
IASME recognises that cyber crime is continually evolving. It maintains a continuous annual assessment with re-certification every 3 years. This is a risk-based standard that includes a greater number of elements covered in 13 categories:
› Organisation
› Risk
› Policy & compliance
› Assets
› Monitoring
› Access control
› People
› Physical & environmental
› Operations & management
› Malware & technical intrusion
› Incident management
› Back up and restore
› Business continuity & DR
The process
Useful links
The IASME Standard aligned to ISO27001
