IASME

IASME

IASME

The IASME Governance standard was developed over several years during a government funded project to create a cyber security standard which would be an affordable and achievable alternative to the international standard, ISO27001.
1

Achievable

The IASME Governance standard allows the small companies in a supply chain to demonstrate their level of cyber security for a realistic cost and indicates that they are taking good steps to properly protect their customers information.

2

Optimized for Small to Medium Busiess

The IASME Governance assessment includes a Cyber Essentials assessment and GDPR requirements and is available either as a self assessment or on-site audit.

3

Data Security in Health

The health sector handles some of the most sensitive personal data. Data security incidents can lead to extensive detriment and high levels of distress for the data subjects affected. One of the key roles of NHS Digital, formerly Health & Social Care Information Centre, is to provide support and advice to health and care organisations on information and cyber security.

In July 2016 the UK Government Department of Health, National Data Guardian (NDG) published  “Review of data security, consent and opt-outs”  IASME, with our growing experience of certifying health care organisations, contributed to this report.

4

Data Security in Defence

From 1st January 2016 all companies bidding for new contracts with the UK Ministry of Defence (MoD) must be certified to Cyber Essentials.

From April 2016 all companies bidding for new contracts with the MoD (and their supply chain) will need to comply with the Cyber Security Model (CSM).

The CSM requires Cyber Essentials as a minimum and many companies will need Cyber Essentials PLUS. The CSM also includes governance requirements.

Although the MoD questions on governance have not been finalised, these will be mapped to the IASME governance questions. The MoD have confirmed that any organisation with the IASME governance self assessment certification will, in due course, be able to bypass any CSM questions which cover the same ground.