
IASME Governance Certification
The IASME Governance certification indicates to clients that you are taking appropriate steps to properly protect their information and is a cyber security standard which is an affordable and achievable alternative to the international standard, ISO 27001.
Fortis’ fixed-price solutions will help you to achieve the IASME Governance certification. The simple process is managed through Fortis’ online IASME Governance portal.

IASME GOVERNANCE CERTIFICATION
IASME Governance (can be completed concurrently alongside CE or CE+ or up to 6 months after CE).
Complete your CE & IASME Governance self-assessment questionnaire via the secure Fortis online portal
Your answers will then be marked by a Fortis, certified IASME governance assessor
If a pass then receive your certificate and move directly onto the IASME Audit assessment
If a fail, remediate any failed items and re-submit responses, Fortis offers a single review phase of remediated responses and move onto the IASME Audit assessment
Fortis conduct the audit phase (on-site or remote) where verification or policy and practice is delivered.
If a pass then receive your audited certificate
The Fortis certified assessor will audit your company and this usually involves interviews with members of staff and a review of supporting documentation and system configuration.
DO IT YOURSELF
Business who are familiar with the IASME Governance requirements and have a high degree of IT security knowledge
Access to the IASME Governance Certification Questionnaire on the Fortis Portal
On-site assessment including:
-
audit of your policies and process
-
interviews with members of staff and a review of documentation
-
provide evidence to the assessor of your system configuration as per your policy
1 Remote retest
SOME SUPPORT
Businesses who need some help understanding the scope & preparing the environment for IASME Governance compliance
Access to the IASME Governance Certification Questionnaire on the Fortis Portal
Remote Consultant-led advice 5
On-site assessment including:
-
audit of your policies and process
-
interviews with members of staff and a review of documentation
-
provide evidence to the assessor of your system configuration as per your policy
1 Remote retest
LOTS OF SUPPORT
Businesses who require a lot of support & lack experience in providing a IASME Governance compliant technical architecture
Access to the IASME Governance Certification Questionnaire on the Fortis Portal
Remote Consultant-led advice 6
On-site assessment including:
-
audit of your policies and process
-
interviews with members of staff and a review of documentation
-
provide evidence to the assessor of your system configuration as per your policy
1 Remote retest
SUITABLE FOR
INCLUDES

AUDITED IASME GOVERNANCE CERTIFICATION
The Information Assurance for Small to Medium-sized Enterprises (IASME) Governance standard was developed over several years during a government funded project to create a cyber security standard which would be an affordable and achievable alternative to the international standard, ISO 27001.
The IASME Governance standard allows small companies to demonstrate their level of cyber security for a realistic cost and indicates that they are taking positive steps to properly protect their customers’ information.
The IASME Governance assessment includes a Cyber Essentials assessment and GDPR requirements and is available either as a self-assessment or on-site audit.
By gaining the Audited IASME Governance certificate your organisation is achieving IASME’s highest level of certification and providing assurance to customers and suppliers that your organisation’s security has been audited by a skilled, independent third-party.
.png)
Figure 1 Chart to illustrate the certification process

Fortis will discuss with you the scope of the assessment and arrange a mutually convenient time to visit your organisation’s head office to carry out an audit of your policies and process.
This audit usually involves interviews with members of staff and a review of documentation and system configuration.
It does not involve a technical assessment unless you are being assessed to Cyber Essentials PLUS at the same time, although it may be helpful to have technical staff available to provide evidence to the assessor of your system configuration.
The assessor may also wish to visit branch offices or other locations in order to satisfy themselves that your good security practice is reflected across the organisation.