The Information Assurance for Small to Medium-sized Enterprises (IASME) provides a more thorough level of data protection than Cyber Essentials by focusing on the complete management of information through a continuous development process.

In addition it also covers the requirements for becoming compliant with the GDPR, currently the only certification to do so.

Recognising that the smaller, more agile businesses are significantly different from larger, more structured organisations; considerable research was carried out prior to unveiling this standard. The Technology Board responsible for this identified that SMEs are extremely sensitive to cost, work well with simpler processes and prefer an informal culture and designed the standard based on this.

Why choose IASME?
  1. It was created after research identified that the international standard ISO27001 was too convoluted for the SME market.
  2. It includes Cyber Essentials entry level.
  3. Following the standard ensures your data governance processes are more robust.
  4. It places businesses in a strong position if they wish to certify to the international standard ISO27001 in the future.
  5. The standard demonstrates your commitment to security and protection of data.
What does it assess?

IASME recognises that cyber crime is continually evolving. It maintains a continuous annual assessment with re-certification every 3 years. This is a risk-based standard that includes a greater number of elements covered in 13 categories:



 Policy & compliance



 Access control


 Physical & environmental

 Operations & management

 Malware & technical intrusion

 Incident management

 Back up and restore

 Business continuity & DR

The process


Useful links

The IASME Standard v5.0

The IASME Standard aligned to ISO27001

Quick Enquiry

If you would like to speak to us about the IASME certification, please call us or complete the details below and we will get in touch.