The IASME Cyber Assurance Standard, previously known as the IASME Governance Standard, is a risk based information security framework which has been developed for small and medium businesses. The standard is also based around risk and asset management, Cyber Essentials, privacy and data protection to name a few areas.
The Standard has been developed to not only help businesses work to protect themselves, but is also mapped against ISO 27001 to help businesses adhere to industry best practices.
Previously the IASME Governance certification came with Cyber Essentials as part of the certification, now however you must first achieve and have a valid Cyber Essentials certification before applying for IASME Cyber Assurance.
The standard comes in two levels, The level one is the self-assessed version, the level two is the audited version and is now based around 13 themes and is based across five areas of control.
IASME Cyber Assurance – Level One
The level one certification of IASME Cyber Assurance is the self-assessed version, which allows you to be set up on an online portal and you go through answering the questions. This certification is a point in time assessment.
You can download and review the standard here: https://iasme.co.uk/wp-content/uploads/2022/04/IASME-Cyber-Assurance-Standard_V6.0.pdf
You can download and review the questions you will need to answer here: https://iasme.co.uk/iasme-cyber-assurance/free-download-of-iasme-self-assessment-questions/
The pricing for the level one version is based upon the size of the business, costs are:
Micro organisations (0-9 employees) | £300 +VAT |
Small organisations (10-49 employees) | £400 +VAT |
Medium organisations (50-249 employees) | £450 +VAT |
Large organisations (250+ employees) | £500 +VAT |
If you would like to proceed and work towards the certification, please contact us and we can help you through the process.
IASME Cyber Assurance – Level Two
The level two certification of is available once you have achieved the first level. The level two consists of an audit from a certification body and assessor, like ourselves. The higher level involves an onsite audit of your business and your controls, the audit is designed to review and validate your level one answers and obtain evidence.
The assessor will look for evidence based upon your risk, asset management and look for evidence of backups, restorations, incident management to name a few. Once the audit has been completed a report will be generated.
The pricing for the level two version is based upon the size of the business, please contact us for a quotation for the audit and certification.