What is Audited IASME Governance?
Audited IASME Governance (can be awarded as a Bronze, Silver, Gold certification depending upon compliance) is an independent on-site audit of the business against what has been entered in the self-assessment version of IASME Governance. The audited version offers a similar level of assurance to the internationally recognised ISO 27001 standard but is simpler and often cheaper for small and medium-sized organisation to implement.
The standard includes all of the five Cyber Essentials technical topics as standard as well as additional topics that mostly relate to people and processes, for example:
- Risk assessment and management
- Training and managing people
- Change Management
- Monitoring
- Backup
- Incident response and business continuity
By gaining the Audited IASME Governance certificate your organisation is achieving IASME’s highest level of certification and providing assurance to customers and suppliers that your organisation’s security has been audited by a skilled, independent third-party.
Who acknowledges the Audited IASME Governance?
Many large companies will accept the IASME Governance Audited standard as independent confirmation of good information and cyber security practice. This is extremely useful when trying to win tenders and renew contracts, particularly where supplier requirements mention ISO 27001.
How do I achieve Audited IASME Governance?
To achieve the IASME Governance Audited standard, you must first pass the IASME Governance self-assessment. The cost for this starts at £400 + VAT if you complete it yourself, with this certification you also receive the basic Cyber Essentials certification.
If you are interested in the certification contact us to discuss the scope of the assessment and arrange a mutually convenient time to visit your organisation’s head office to carry out an audit of your policies and process. This audit usually involves interviews with members of staff and a review of documentation and system configuration. It does not involve a technical assessment unless you are being assessed to Cyber Essentials PLUS at the same time, although it may be helpful to have technical staff available to provide evidence to the assessor of your system configuration. The assessor may also wish to visit branch offices or other locations in order to satisfy themselves that your good security practice is reflected across the organisation.
Once the audit has been completed, InfoSec Governance will provide you with a written report of their findings and a recommendation of a pass or fail, which will then be ratified by IASME.
If you have passed the assessment, you will then be awarded a certificate and be authorised to display the Audited IASME Governance logo in association with your business (for example on your website, in correspondence and in marketing materials).
