IASME Consortium Logo.jpg

What is the IASME Governance Standard?

Information Assurance for Small and Medium Enterprises (IASME) is an Information Assurance Standard managed by the IASME Consortium. The IASME Governance Standard was developed over several years during a government funded project to create a cyber security standard which would be an affordable and achievable alternative to the international standard, ISO 27001.

This IASME Governance Standard is a risk-based standard covering the following areas:

  • Organisation

  • Risk Management

  • Policy & Compliance

  • Asset Management

  • Monitoring

  • Access Control

  • People

  • Physical & Environmental

  • Operations & Management

  • Malware & Technical Intrusion

  • Incident Management

  • Backup and Restore

  • Business Continuity & Disaster Recovery

There are two levels of Certification, IASME Governance Self-Assessed and IASME Governance Audit (GOLD-Certified).

We are a Certification Body, trained and licensed to certify for the IASME Governance Standard. We also offer consulting services to help you achieve either IASME Governance Self-Assessed or IASME Governance Audited (IASME Gold) certification.

IASME Governance FAQ

How much does IASME Governance certification cost?

The cost of the self-assessed IASME Governance certification is £400 + VAT. The cost of the audited IASME Governance Standard (also known as IASME Gold) will depend on the size and complexity of your company. For an estimate or quote, please get in touch via our Contact page.

Do IASME Governance certificates expire?

The self-assessed version requires an annual renewal as it does for Cyber Essentials. Note: An organisation receives certificates showing their compliance to both IASME Governance and Cyber Essentials on passing the self-assessment. The assessment also demonstrates achievement against the requirements of GDPR. The audited certification is renewed at the end of years 1 and 2 by simply renewing the online IASME Governance assessment. At the end of year 3 a full audit is required again to renew the certification.

Does the IASME Governance Standard include Cyber Essentials?

The IASME Governance assessment includes both a Cyber Essentials assessment and GDPR requirements. Achieving IASME Governance certification will include Cyber Essentials certification.

Where can I find additional help and advice?

Right here! We will be more than happy to assist you on your IASME Governance Standard journey. Please get in touch.

What is the difference between Cyber Essentials and the IASME Governance Standard?

Cyber Essentials is a Government scheme that helps organisations to guard against the most common cyber threats from the internet and demonstrate a commitment to cyber security. For more details on Cyber Essentials, please see our dedicated Cyber Essentials page. The IASME Governance Standard certification is aligned to the Government’s Ten Steps to Cyber Security and includes Cyber Essentials certification as well as controls around people and processes. It also covers the General Data Protection Regulation (GDPR) requirements. IASME Governance is aligned to a similar set of controls to ISO 27001 but is more affordable and achievable for small and medium sized organisations to implement.

Where is the Audited IASME Governance standard used?

The procurement teams of many large companies will accept the IASME Governance Audited standard as independent confirmation of good information and cyber security practice. This is extremely useful when trying to win tenders and renew contracts, particularly where supplier requirements mention information security standards such as ISO 27001.