What is Audited IASME Governance?
Audited IASME Governance (sometimes known as IASME Gold) is an independent on-site audit of the level of information security provided by your organisation. It offers a similar level of assurance to the internationally recognised ISO 27001 standard but is simpler and often cheaper for small and medium-sized organisation to implement.
The standard includes all of the five Cyber Essentials technical topics and adds additional topics that mostly relate to people and processes, for example:
- Risk assessment and management
- Training and managing people
- Change management
- Incident response and business continuity
By gaining the Audited IASME Governance certificate your organisation is achieving IASME’s highest level of certification and providing assurance to customers and suppliers that your organisation’s security has been audited by a skilled, independent third-party.
Where is the Audited IASME Governance standard used?
The procurement teams of many large companies will accept the IASME Governance Audited standard as independent confirmation of good information and cyber security practice. This is extremely useful when trying to win tenders and renew contracts, particularly where supplier requirements mention ISO 27001.
For example, The Government of Jersey is one organisation that has specified IASME Governance Standard within its security standards document
How is the assessment carried out?
In order to achieve IASME Governance Audited standard, you must first pass the IASME Governance self-assessment. The next step is to discuss with you the scope of the assessment and arrange a mutually convenient time to visit your organisation’s head office to carry out an audit of your policies and process. This audit usually involves interviews with members of staff and a review of documentation and system configuration. It does not involve a technical assessment unless you are being assessed to Cyber Essentials PLUS at the same time, although it may be helpful to have technical staff available to provide evidence to the assessor of your system configuration. The assessor may also wish to visit branch offices or other locations in order to satisfy themselves that your good security practice is reflected across the organisation.
Once the audit has been completed, we will provide you with a written report of their findings and a recommendation of a pass or fail, which will then be ratified by IASME.
If you have passed the assessment, you will then be awarded a certificate and be authorised to display the Audited IASME Governance logo in association with your business (for example on your website, in correspondence and in marketing materials).