IASME: A Government Backed Governance Scheme for Cyber Essentials Certification

Are you looking for a way to secure your small business’ data from cyber hackers? Are you in need of a budget-friendly security option? IASME is an accreditation body that offers security measures and Cyber Essentials certification for small, medium and non-technical business ventures.

Cyber Essentials is a government-backed scheme to assure everyone that the business, with this certification, is conscious about its and their customer’s security and privacy. To get certified, you need to select an accreditation body, which will help you to get in contact with a certification body for further certification.

There are mainly five accreditation bodies: CREST, APMG International, IRM, QG and IASME. The first step toward certification is selecting the accreditation body,and you should select it according to the business type and level of security you need. Once selected the accreditation body, next you can visit their website and select one of their certification body from their directory. This certification body will provide you with further steps for certification.

Duties of Accreditation Bodies

  • They recruit many Certification Bodies and manage them to make sure that all standards for Cyber Essentials Certification are met.
  • They provide the Certification Body with the questionnaire for the applicant to complete for the certification
  • They audit these recruited certification bodies.
  • They verify whether these certification bodies meet all technical requirements for meeting the latest security needs.

The accreditation bodies are regularly audited and verified by NCSC.

IASME Standard

IASME standards are issued by IASME consortium, which is a government appointed accreditation body. They recruit around 80 certification bodies who are licensed to get the applicant certified. These standards are usually suitable for small, medium and non-technical business organisations. These standards and certification benefit mainly bodies that are part of the supply chain and government tenders.

There are two types of standards available.  

Verified self-assessment or Cyber Essentials scheme

In this type, the organisation checks the 5 technical controls,

  • Firewall
  • Secure Configuration
  • User Access Control
  • Malware Protection
  • Patch Management

The organisation itself thoroughly verifies these technical controls,andthey answer a questionnaire. The questionnaireis provided by the certification body and produced by IASME consortium. The certification body verifies this answered questionnaire,and if the applicant achieves the requirement needs, they get certified with this scheme. For verification, the body may ask for certain proofs and evidence to show that they can handle all the answered security techniques.

Audited or IASME Gold or IASME Governance Standard.

This type of standard is mostly based on risk management and physical security as well. They are an advanced form of security checks and verification process. The certification body themselves verify the technical controls using advanced tools and techniques. This assessment helps the organisation to get ensured that their data is being protected from serious issues and the body provide with many possible security enhancements, awareness, etc. if needed.

IASME standards are considered the most appropriate form of certification standard and most trusted one as well.