This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.
The IASME (Information Assurance for Small and Medium Enterprises) is a UK-based organisation that provides cybersecurity certification and assessment services to small and medium-sized enterprises (SMEs). The IASME Governance standard is a set of security principles and guidelines that are designed to help SMEs improve their cybersecurity posture and protect against potential threats.
The IASME Governance standard is based on eight high-level principles:
- Governance: This principle involves establishing clear policies, procedures, and roles and responsibilities for cybersecurity within an organisation. It also involves establishing a culture of cybersecurity awareness and compliance.
- Risk assessment and management: This principle involves identifying, evaluating, and managing potential cybersecurity risks to the organisation’s assets and systems. It includes conducting regular risk assessments, implementing controls to mitigate identified risks, and monitoring and reviewing risk management processes.
- Asset management: This principle involves identifying, classifying, and protecting the organisation’s assets, including both physical and digital assets. It includes implementing controls to prevent unauthorised access to or disclosure of sensitive assets.
- Access control: This principle involves establishing and enforcing policies and procedures to control access to the organisation’s assets and systems. It includes measures such as user authentication, access controls, and privileges.
- Cryptography: This principle involves using cryptography to secure sensitive information and communications. It includes implementing secure communication protocols, such as SSL/TLS, and using strong cryptographic keys and algorithms.
- Physical and environmental security: This principle involves protecting the organisation’s assets and systems from physical threats, such as theft, vandalism, or damage from environmental factors. It includes measures such as secure facilities, access controls, and backup power systems.
- Operations security: This principle involves establishing and maintaining secure processes and procedures for operating and maintaining the organisation’s assets and systems. It includes measures such as change management, incident management, and disaster recovery.
- Compliance: This principle involves ensuring that the organisation is compliant with relevant laws, regulations, and standards related to cybersecurity. It includes maintaining documentation and records
Compliance: This principle involves ensuring that the organisation is compliant with relevant laws, regulations, and standards related to cybersecurity. It includes maintaining documentation and records to