IASME

The IASME (Information Assurance for Small and Medium Enterprises) is a UK-based organisation that provides cybersecurity certification and assessment services to small and medium-sized enterprises (SMEs). The IASME Governance standard is a set of security principles and guidelines that are designed to help SMEs improve their cybersecurity posture and protect against potential threats.

The IASME Governance standard is based on eight high-level principles:

  1. Governance: This principle involves establishing clear policies, procedures, and roles and responsibilities for cybersecurity within an organisation. It also involves establishing a culture of cybersecurity awareness and compliance.
  2. Risk assessment and management: This principle involves identifying, evaluating, and managing potential cybersecurity risks to the organisation’s assets and systems. It includes conducting regular risk assessments, implementing controls to mitigate identified risks, and monitoring and reviewing risk management processes.
  3. Asset management: This principle involves identifying, classifying, and protecting the organisation’s assets, including both physical and digital assets. It includes implementing controls to prevent unauthorised access to or disclosure of sensitive assets.
  4. Access control: This principle involves establishing and enforcing policies and procedures to control access to the organisation’s assets and systems. It includes measures such as user authentication, access controls, and privileges.
  5. Cryptography: This principle involves using cryptography to secure sensitive information and communications. It includes implementing secure communication protocols, such as SSL/TLS, and using strong cryptographic keys and algorithms.
  6. Physical and environmental security: This principle involves protecting the organisation’s assets and systems from physical threats, such as theft, vandalism, or damage from environmental factors. It includes measures such as secure facilities, access controls, and backup power systems.
  7. Operations security: This principle involves establishing and maintaining secure processes and procedures for operating and maintaining the organisation’s assets and systems. It includes measures such as change management, incident management, and disaster recovery.
  8. Compliance: This principle involves ensuring that the organisation is compliant with relevant laws, regulations, and standards related to cybersecurity. It includes maintaining documentation and records

Compliance: This principle involves ensuring that the organisation is compliant with relevant laws, regulations, and standards related to cybersecurity. It includes maintaining documentation and records to

Share this post:

Other posts you may be interested in

Cyber Essentials is evolving

Cyber threats are evolving, and so is Cyber Essentials   Cyber threats are not slowing down. Neither is regulation. Cyber Essentials is changing in April to reflect the reality that cybersecurity [...]
Read more

Book a FREE 1 to 1 call with one of our experts. 

Got questions about pen testing, 24/7 protection, or staying cyber compliant? Our friendly team is here to help - no jargon, no pressure.

Drop us a message today and let’s chat about how we can keep your business safe from cyber threats.
Fill in the form below and we'll get in touch.