The Information Assurance for Small and Medium Enterprises (IASME) is one of the five companies that have the privilege to act as an Accreditation Body. Being an Accreditation Body, an institution has the right to assess and certify other organisations to see if their policies comply with the scheme laid out by the government.
IASME was initially designed over a period of several years to ensure that businesses are securing their data as much as they are equipped to. What IASME aims to achieve is to provide a cyber-security standard for both small- and medium-sized businesses. This standard is based upon ISO 27001, but more personalised for small businesses.
What is ISO 27001?
ISO 27001 is fundamentally the industry standard for effective and efficient management of information security. The latest version of this standard is currently ISO 27001:2013. These standard covers all of the aspects of your business and the way you interact with security. It provides the organisations with a model for the establishment, implementation, operation, monitoring, reviewing as well as improvement of their information security management system in a standardised and unambiguous way.
ISO 27002 contains 12 core sections:
1. Risk assessment
2. Security policy
3. Organization of information security
4. Asset management
5. Human resources security
6. Physical and environmental security
7. Communications and operations management
8. Access control
9. Information systems acquisition, development, and maintenance
10. Information security incident management
11. Business continuity management
Where Does Cyber Essentials Come In?
Cyber Essentials is an industry standard that effectively portrays that an organisation has taken the required steps to ensure that their systems and data are protected against cyber threats. In some cases, this is backed by the Government, and only organisations that possess this accreditation can conduct business with specified public sector bodies. There are mainly two levels of accreditation; Cyber Essentials and Cyber Essentials Plus. By acquiring the Cyber Essentials Plus level, your organisation will be on its way to achieving ISO 27001 compliance.
Basically, the purpose of IASME is to ensure that the organisations observe compliance with the Cyber Essentials Scheme. The scheme takes five major controls into account, which are inclusive of things such as physical security, staff awareness, and data backup. Much like Cyber Essentials, the IASME standard can provide their customers and suppliers with the validation that their information is secure.
This standard is provided along with the Cyber Essentials certification. The IASME standard comes in two variants, much like Cyber Essentials; the customary, self-assessment and the Gold standard, which requires an onsite audit.
Why Does My Company Require These?
• These standards are essential for the safety of your business. If you adhere to these, then you are highly unlikely to suffer from data loss or penalties resulting from a cyber-attack.
• It is predominantly to show your customers that you don’t take cybersecurity lightly.
• It is common for organisations to prefer companies that possess this certification when they want to conduct business.
With cyber threats looming over us more than ever, it is necessary that we take all the precautions needed to maintain the security of our cyber networks. So, getting your business the IASME accreditation from a well-renowned company is the right thing to do.