IASME Cyber Baseline
The IASME Cyber Baseline certification is a risk based information security certification designed especially for non-UK registered businesses. As this certification is purely aimed at businesses which are registered outside of the UK, any UK registered businesses will not be able to achieve this certification. However, UK businesses can look at the IASME Cyber Assurance certification, which the IASME Cyber Baseline certification is based upon.
So why is this new certification an ideal fit for non-UK based companies?
Well, the IASME Cyber Baseline standard is a risk-based framework that is designed to tackle not only the basic cyber security controls, but also to look at the more important cyber security protection measures which are usually not considered.
The standard is based around 8 themes from the IASME Cyber Assurance certification, which are.
- Theme 2 – Organisation
- Theme 3 – Assets
- Theme 5 – Secure architecture
- Theme 7 – People
- Theme 9 – Managing access
- Theme 10 – Technical intrusion
- Theme 11 – Backup and restoration
- Theme 13 – Resilience: business continuity, incident management and disaster recovery
In future blogs we’ll be going through these themes and discussing them in more detail and talking about what you as a business need to do, to become compliant.
Once you have completed the certification, if required, you could look at continuing your development of the information security framework and look at the remaining themes from the IASME cyber Assurance standard, thereby giving you more compliance against other standards.
The certification is based around a point in time self-assessment questionnaire that you will complete in an online portal, then, once completed, we will review and assess your certification. If successful you will be awarded a certification. If for any reason you are not successful we will detail the areas which need improvement and you can try again for a re-sit.
This risk based certification only lasts the year and must be renewed every 12 months as part of keeping the certification active.
Once you have achieved certification you will also receive a digital logo that you can use in your marketing materials.
The standard will allow your business to show their suppliers, partners, and customers that they have critical cyber hygiene measures in place. Thereby helping to protect their information, comply with GDPR related controls.
It has also been designed to map to several international cyber hygiene standards and best practices, to which there has formerly been no way of demonstrating compliance because they do not have assessments and certification associated with them. Such as ISO 27001 and NIST.
This standard can play an important part for a business, in helping you develop and implement an information security management system, that not only deals with technology, but also looks at others of the business such as people and paper-based systems.
The standard will help businesses look at their business more from a cyber security risk-based approach instead of a business risk. So this means that businesses will be looking at their assets, how they are protected, bother internally as well from an external point of view.
If you are considering this certification, you are able to download the standard and the questions for the self-assessment from the IASME website which can be found here: https://iasme.co.uk/iasme-cyber-baseline/free-download-of-iasme-cyber-baseline-questions/
One of the questions you may be asking is, how long does it take to complete the assessment, this can depend upon several factors, such as your understanding of English. Unfortunately the portal is only available in English at this point in time. Other factors will depend upon whether you have all the requirements in place, such as the necessary polies and procedures.
From experience I would say you need at least a day to work on the assessment and possibly some additional time for updating necessary documents.
The big question that people will be asking is, how much does this certification cost? At the most the costs will be charged in pound sterling, however this may change in the future, depending upon which country you are from. The costs are based around a company size tier, these being:
- Micro, 1 – 9 people in the business, is £300
- Small, 10 – 29 people in the business, £400
- Medium, 50 -2 249 people in the business, £450
- Large, 250 and above, will be £500
If you would like support to complete the self-assessment, this service is available at an additional cost to the certification, if you would like support to complete the assessment, please get in touch with us via our website and we’d be happy to discuss your requirements.