The IASME Cyber Assurance Standard (formerly known as IASME Governance) - Cribb Cyber Security

CRIBB was recently (re-)certified with the IASME Cyber Assurance Standard. Formerly known as IASME Governance, this standard is “a way of verifying an organisation’s good practice in information assurance.” Here then we take a closer look at this important tool in the world of cyber security.

What is the IASME Cyber Assurance Standard?

It is a standard that was developed during a government funded project to create an affordable, achievable cyber security standard. Designed as an alternative to other international standards, it is hugely beneficial to small and medium enterprises in a supply chain. IASME Cyber Assurance allows them to demonstrate their level of cyber security at a reasonable cost. It also then highlights the fact that they are taking robust steps to protect customer information.

The Level 2 audited IASME Cyber Assurance certification was previously known as ‘IASME Standard Gold Level 2’. CRIBB achieved this a few years back and it is now more widely accepted by UK and International industry sectors. As per the official IASME website: “Examples [of these] are the UK Ministry of Justice and the Government of Jersey.” The certification includes GDPR requirements and there are 2 levels available:

  • Level One Verified Assessment
  • Level Two Audited

It is important to note that to apply for IASME Cyber Assurance, you must hold a valid Cyber Essentials certificate. This must then run throughout the duration of the IASME Cyber Assurance certification.

Level One

This is the first step towards gaining certification in IASME Cyber Assurance. The risk based standard includes key aspects of security, including incident response, asset management, people management, physical controls and then also GDPR compliance.

To achieve Level One certification, organisations receive access to a secure portal. They must then complete their application by providing details against the question set. Pricing is based upon the size of the organisation applying.

Level 2

Before progressing to the Level 2 audit, an organisation must complete the IASME Cyber Assurance Level One certification. Level 2 involves an independent audit of all processes, procedures and controls required by the standard. The audit is conducted by an IASME Certification Body and Assessor, with the former able to provide a quote. The standard covers 13 themes across 5 areas of control:

  • Planning
  • Organisation
  • Assets
  • Legal and regulatory landscape
  • Assessing and treating risks
  • Physical and environmental protection
  • People
  • Policy realisation
  • Managing access
  • Technical intrusion
  • Back up and restore
  • Secure business operations: Monitoring, review, change management
  • Resilience: Business continuity, incident management, disaster recovery

For more information including pricing, visit the IASME website.

CRIBB Cyber Security: IASME Cyber Assurance Level 2

We’re delighted to confirm that CRIBB has once again successfully completed the Level 2 audit. IASME’s moderation team were satisfied that we still meet with all the key criteria of the IASME Cyber Assurance Standard. As an official certification body ourselves, we recognise the huge importance of achieving this having done so on multiple occasions. Congratulations to our cyber security professionals for their continued hard work!