IASME Governance

Audited IASME Governance is an independent on-site audit measuring the level of information security provided by your organisation. It offers a similar level of assurance to the internationally recognised ISO 27001 standard, but is much simpler and often cheaper for SMEs to achieve.

The standard includes all of the five Cyber Essentials technical topics and adds additional topics that mostly relate to people and processes, for example:

  • Risk assessment and management
  • Training and managing people
  •  Change management
  •  Monitoring
  •  Backup
  •  Incident response and business continuity

By gaining the IASME Governance certificate your organisation is providing assurance to customers, suppliers and partners that your organisation’s security has been audited by an independent third-party and meets current best practice.

What is The IASME Governance Standard for?

The IASME Governance Standard is a formal information and cyber security methodology that is suitable for any organisation in any sector and SMEs in particular. It provides a working framework to assure information security against the ever changing threat landscape.

The IASME Governance Standard comprises clear guidance on good information security practices so a business knows where to start taking security measures.

What are the business drivers for applying The IASME Governance Standard?

The IASME Governance Standard enables businesses to:

  • Identify risks to their information.
  • Apply adequate barriers or controls to reduce the likelihood or impact of unwanted security breaches.
  • Keep information risk at an acceptable level.
  • Use a structured self-assessment of what they are doing to protect information.
  • Proactively verify that the security controls that you implement provide the intended level of information and cyber security.
  • Be independently reviewed by an assessor who will understand their business risk and verify their effectiveness
  • Raise the awareness of information risks in businesses their supply chain
  • Give themselves, customers, and their supply chain, a level of assurance equivalent to ISO/IEC 27001 and similar standards.

The IASME Governance Standard uses a framework to determine your risk profile which considers:

  • How are information systems used?
  • How outsourced (including cloud) services are used?
  • Whether you and the people you work with use their own equipment for business (BYOD).
  • How remote and mobile systems are used?
  • Awareness and attitude to the threat environment.
  • Estimated value of the business’ information assets.
  • Estimated value of the business’ information technology.

The IASME Governance Standard is about assessing risk to your business information and keeping that risk at an acceptable level to you, your customers and your supply chain.

IASME Governance Standard is designed to show a balance of proactive measures and the capability tobe resilient in the face of accidental or deliberate information and cyber security incidents.


Please call 01993 623 010 to find out how your company can benefit from a security position review or e–mail sales@whitehelm.com requesting more information.