Introduction

In a world of increasing risk to information assets, a robust security posture is essential. Many organisations are choosing to ensure systems and data are protected through the implementation of an Information Security Systems Management (ISMS), with associated organisational, technical, people and physical controls. With IASME Cyber Assurance referenced as a “cost effective alternative to ISO 27001”, what is it and how can it help organisations? Let’s shine a light on this topic, with a view to inform, enlighten and empower.

What Is IASME Cyber Assurance?

IASME Cyber Assurance is positioned as a comprehensive and affordable information security systems management. It provides assurance that an organisation has leadership, risk management, controls and a mindset of continuous improvement. It was developed in the UK by IASME, is aimed at small to medium sized organisations and has additional focus on data protection / privacy. It also has two levels: a verified self assessment (level one) and audited (level two). A prerequisite for IASME Cyber Assurance is that organisations are required to hold either Cyber Essentials level one or IASME Cyber Baseline certification.

Can you summarise IASME Cyber Assurance in a few bullet points?

What are the key benefits of IASME Cyber Assurance?

What are the 13 themes of IASME Cyber Assurance?

  1. Understand your key Assets, so you know what to protect
  2. Be aware of your Legal Landscape and contractual obligations
  3. Have an acceptable level of Risk Assessment, management and treatment
  4. Setup your Organisation for effective and successful security
  5. Train People, empower and meet security responsibilities for their role
  6. Protect information from Physical threats, such as theft and environmental damage
  7. Consider security when Planning projects, procurement, suppliers and interested parties
  8. Have Policies and Procedures in place to specify the rules, guidelines and regulations
  9. Manage Access via ‘least privilege’, so users only access necessary resources 
  10. Have Technical Intrusion controls to prevent unauthorised access and usage
  11. Ensure Backups and Restores to offer protection from accidents and malicious activity
  12. Track and Monitor information systems to detect threats and act accordingly
  13. Resilience to support business continuity, incident management and disaster recovery

How can RB Consultancy Ltd help with IASME Cyber Assurance?

RB Consultancy Ltd are experts in IASME Cyber Assurance. With IASME Assessor and Certification Body credentials we assess and certify organisations for Level One and Level Two. We also provide consultancy to guide organisations through the process of implementing all 13 themes. Our expertise in Cyber Essentials means we can also support the pre-requisite requirements. We also leverage ISO 27001 lead implementer expertise to support any implementation requirements. Call us to discuss your requirements and explore how we can support you.

Conclusion

IASME Cyber Assurance is a comprehensive security standard that can benefit organisations significantly. It can demonstrate an organisation has put a wide range of measures in place to protect customer and organisational data. It focuses on information security management, compliance with regulations and provides companies with a wide variety of technical, organisational, people and physical controls. With IASME Cyber Assurance services, organisations can demonstrate their commitment to cybersecurity.

FAQs

Why introduce IASME Cyber Assurance, when ISO 27001 already exists?

To provide small and medium sized organisations with a cost effective alternative to ISO 27001.

Which Is Best… ISO 27001 or IASME Cyber Assurance?

Both are excellent! They protect customer and organisational data, and demonstrate a mature level of information security for any organisation. ISO 27001 may be favoured by those preferring a more traditional international standard. 

How can I find out more about IASME Cyber Assurance?

IASME has lots of information relating to Cyber Assurance on their website, including a downloadable standard, helpful templates and a detailed mapping that shows how IASME Cyber Assurance compares with ISO 27001 and ISO 27002 controls.

How long does it take to implement IASME Cyber Assurance?

This varies considerably, as no two organisations are the same. Key factors include a) existing information security posture b) organisational goals and priorities c) senior leadership engagement d) available resources 

How does IASME Cyber Assurance compare with Cyber Essentials?

Cyber Essentials focuses on just five technical controls aimed at protecting organisations from common threats associated with internet connected devices. IASME Cyber Assurance relates to the much wider aspect of information security and covers management of systems, technical, organisational, people and physical controls.

Leave a Reply

Your email address will not be published. Required fields are marked *