Information Assurance for Small & Medium Enterprise (IASME)
IASME Governance Standard
The IASME Governance standard, based on international best practice, is risk-based and includes aspects such as physical security, staff awareness, and data backup. The IASME standard was recently recognised as the best cyber security standard for small companies by the UK Government when in consultation with trade associations and industry groups. The audited IASME certification is also seen as showing compliance to ISO27001 by an increasing number of large multinational companies.
The IASME standard was developed over several years during a Technology Strategy Board funded project to create an achievable cyber security standard for small companies. The international standard, ISO27001, is comprehensive but extremely challenging for a small company to achieve and maintain. The IASME standard is written along the same lines as the ISO27001 but specifically for small companies. The gold standard of IASME demonstrates baseline compliance with the international standard.
The IASME standard, at a realistic cost, allows the SMEs in a supply chain to demonstrate their level of cyber security and that they are able to properly protect their customer’s information. This standard is inclusive of the security controls that are required for Cyber Essentials and is the next step up in hardening your cyber protection.