We are delighted to announce that recently, CRIBB Cyber Security sailed through its 3-year Gold IASME Governance (with Cyber Essentials & GDPR) audit, thus ensuring the highest levels of compliance with this most renowned of organisations. Today, we take a closer look at this CRIBB IASME Gold audit success and the IASME Consortium. We also ponder exactly what this latest achievement means for us and for our many clients…

Who are CRIBB Cyber Security?

We are part of theICEway ecosystem of companies. The experts at CRIBB help clients in Healthcare, Cruise and Travel with their cyber security needs. We adopt a ‘security by design’ approach wherever possible. Our goal then is to ensure that you have all the required frameworks in place to attain compliance in this technologically advanced world. Digital transformation in cruise in particular has enabled our cyber security professionals to hone their skills. They then fuse them together with a constantly evolving understanding of what it takes to be truly cyber resilient.

Cyber-attacks have been growing in both number and type. It is our job to assist our clients in the detection and prevention of these, with the following being perhaps the most common (listed alphabetically):

Data leakage

When sensitive data is exposed, cyber-criminals have the ability to gain access without a great deal of effort. This exposure can be physical, for example through leaked documents, or it can happen on the internet or via devices or other computer hardware.


The process whereby hackers target passwords and codes to access computer systems, in an effort to gain access to sensitive data.

Insider threat

A malicious threat to the inside information held by a company from people within, such as employees or former employees, business associates or contractors.


A social engineering attack that is often used to obtain data such as login credentials or credit card numbers. When an attacker adopts a phishing technique, they generally pretend to be a trusted figure in order to trick victims into opening emails or messages.


A form of malware in which malicious software is used to infect a computer or system, with messages displayed demanding a fee be paid so that the system will work again. A criminal moneymaking scheme, ransomware can be installed via links on websites, in emails or in messages.

See our ‘Top Tips’ below for some pointers on how to avoid falling victim to such attacks!

Who are IASME?

Much like CRIBB, IASME is a cyber security organisation that is dedicated towards ensuring the safety of individuals and businesses against all forms of cyber-attack.

Founded on the principle that a basic level of cyber security was essential in all supply chains, IASME began with the creation of the IASME Governance standard as an alternative to ISO27001 for small companies. This was born out of a UK Government funded project, and when the Government ran a ‘call for evidence’ to unveil the best governance standard for all companies in 2013, the IASME Governance standard was considered the best standard for small organisations out of the 26 that were in the running.

As a result of this, IASME was then invited to help write Cyber Essentials and became one of two pilot Accreditation Bodies to develop it further. After more than 5 years and following a commercial tender process, the NCSC selected IASME to become their sole partner as of April 2020, taking full responsibility for the delivery of Cyber Essentials.

What is the 3-year Gold IASME Governance (with Cyber Essentials & GDPR) audit?

Simply put, this is IASME’s highest level of certification. It provides assurance that your level of cyber security has been audited by a highly skilled, independent third-party.

The audit typically involves interviews with staff and a review of all documents and system configuration. The auditor often visits an office to ensure that a robust level of security is present across the entire business.


ISO27001 – An information security standard

Cyber Essentials – A UK government scheme with five basic security controls in place. These controls are designed to protect companies against ~80% of common cyber-attacks:

1. Use a firewall

2. Use secure settings for software & devices

3. Control access levels

4. Protect yourself against viruses

5. Keep software & devices up to date

NCSC – The National Cyber Security Council

Top Tip

As we have seen, there are many forms of cyber-attack. By following some very simple rules, you can then markedly improve your defences:

  • Beware of phishing (do not open unknown emails or links)
  • Implement a robust password policy across the entire organisation
  • Implement firewall protection in all offices and at home (remote working)