IASME Cyber Assurance
IASME are the current certified partner for providing the UK government backed Cyber Essentials certification within the UK, however they also have their own risk based standard called IASME Cyber Assurance which requires companies to have a valid Cyber Essentials basic self-assessment certification before they can start the process.
The IASME Cyber Assurance standard is a risk-based framework that is designed to tackle not only the basic cyber security controls that are included with Cyber Essentials. But, to also to look at the more important cyber security protection measures which are usually not considered within the business.
The IASME Cyber Assurance standard is based around 12 themes which are as follows:
- Theme 1 – Planning information security
- Theme 2 – Organisation
- Theme 3 – Assets
- Theme 4 – Legal and regulatory landscape
- Theme 5 – Secure architecture
- Theme 6 – Physical and environment protection
- Theme 7 – People
- Theme 8 – Policy Realisation
- Theme 9 – Managing access
- Theme 10 – Technical intrusion
- Theme 11 – Backup and restoration
- Theme 12 – Secure business operations: monitoring, review, and change management
- Theme 13 – Resilience: business continuity, incident management and disaster recovery
In future blogs we’ll be going through these themes and discuss them in more detail and talking about what you as a business need to do, to become compliant against the scheme.
The certification is based around a point in time self-assessment questionnaire that you will complete in an online portal, then, once completed, we will review and assess your certification. If successful, you will be awarded a certification. If for any reason you are not successful, we will detail the areas which need improvement, and you can try again for a re-sit.
The certification only lasts the year and must be renewed every 12 months as part of keeping the certification active.
Once you have achieved certification you will also receive a digital logo that you can use in your marketing materials.
The standard has also been designed to map to several standards and best practices, to which there has formerly been no way of demonstrating compliance because they do not have assessments and certification associated with them. Such as ISO 27001 and NIST.
This standard can play an important part for a business, in helping you to develop and implement an information security management system (ISMS), that not only deals with technology, but also looks at others of the business such as people and paper-based systems, backup and continuity and incident management.
The standard will help businesses look at their business more from a cyber security risk-based approach instead of a business risk. So, this means that businesses will be looking at their assets to see how they are protected, both internally as well from an external point of view.
If you are considering this certification, you can download the standard and the questions for the self-assessment from the IASME website which can be found here https://iasme.co.uk/iasme-cyber-assurance/free-download-of-iasme-self-assessment-questions/
One of the questions you may be asking is, how long does it take to complete the assessment, this can depend upon several factors, such as your understanding of the standard, how many policies and procedures you already have in place, from experience I would say you need at least a day to work on the assessment and possibly some additional time for updating necessary documents.
The big question that people will be asking is, how much does this certification cost? The costs are based around a company size tier, these being:
- Micro, 1 – 9 people in the business, is £300
- Small, 10 – 29 people in the business, £400
- Medium, 50 -2 249 people in the business, £450
- Large, 250 and above, will be £500
If you would like support to complete the self-assessment, this service is available at an additional cost to the certification, if you would like support to complete the assessment, please get in touch with us via our website and we’d be happy to discuss your requirements.