IASME Cyber Assurance Certification
The IASME Cyber Assurance certification indicates to clients that you are taking appropriate steps to properly protect their information and is a cyber security standard which is an affordable and achievable alternative to the international standard, ISO 27001.
Fortis’ fixed-price solutions will help you to achieve the IASME Cyber Assurance certification. The simple process is managed through Fortis’ online IASME Cyber Assurance portal.
IASME CYBER ASSURANCE CERTIFICATION
IASME Cyber Assurance (can be completed concurrently alongside CE or CE+ or up to 6 months after CE).
Complete your CE & IASME Cyber Assurance self-assessment questionnaire via the secure Fortis online portal
Your answers will then be marked by a Fortis, certified IASME Cyber Assurance assessor
If a pass then receive your certificate and move directly onto the IASME Audit assessment
If a fail, remediate any failed items and re-submit responses, Fortis offers a single review phase of remediated responses and move onto the IASME Audit assessment
Fortis conduct the audit phase (on-site or remote) where verification or policy and practice is delivered.
If a pass then receive your audited certificate
The Fortis certified assessor will audit your company and this usually involves interviews with members of staff and a review of supporting documentation and system configuration.
DO IT YOURSELF
Business who are familiar with the IASME Governance requirements and have a high degree of IT security knowledge
Access to the IASME Governance Certification Questionnaire on the Fortis Portal
On-site assessment including:
-
audit of your policies and process
-
interviews with members of staff and a review of documentation
-
provide evidence to the assessor of your system configuration as per your policy
1 Remote retest
SOME SUPPORT
Businesses who need some help understanding the scope & preparing the environment for IASME Governance compliance
Access to the IASME Governance Certification Questionnaire on the Fortis Portal
Remote Consultant-led advice 5
On-site assessment including:
-
audit of your policies and process
-
interviews with members of staff and a review of documentation
-
provide evidence to the assessor of your system configuration as per your policy
1 Remote retest
LOTS OF SUPPORT
Businesses who require a lot of support & lack experience in providing a IASME Governance compliant technical architecture
Access to the IASME Governance Certification Questionnaire on the Fortis Portal
Remote Consultant-led advice 6
On-site assessment including:
-
audit of your policies and process
-
interviews with members of staff and a review of documentation
-
provide evidence to the assessor of your system configuration as per your policy
1 Remote retest
SUITABLE FOR
INCLUDES
AUDITED IASME CYBER ASSURANCE CERTIFICATION
The Information Assurance for Small to Medium-sized Enterprises (IASME) Cyber Assurance standard was developed over several years during a government funded project to create a cyber security standard which would be an affordable and achievable alternative to the international standard, ISO 27001.
The IASME Cyber Assurance standard allows small companies to demonstrate their level of cyber security for a realistic cost and indicates that they are taking positive steps to properly protect their customers’ information.
The IASME Cyber Assurance assessment includes a Cyber Essentials assessment and GDPR requirements and is available either as a self-assessment or on-site audit.
By gaining the Audited IASME Cyber Assurance certificate your organisation is achieving IASME’s highest level of certification and providing assurance to customers and suppliers that your organisation’s security has been audited by a skilled, independent third-party.
.png)
Figure 1 Chart to illustrate the certification process
Fortis will discuss with you the scope of the assessment and arrange a mutually convenient time to visit your organisation’s head office to carry out an audit of your policies and process.
This audit usually involves interviews with members of staff and a review of documentation and system configuration.
It does not involve a technical assessment unless you are being assessed to Cyber Essentials PLUS at the same time, although it may be helpful to have technical staff available to provide evidence to the assessor of your system configuration.
The assessor may also wish to visit branch offices or other locations in order to satisfy themselves that your good security practice is reflected across the organisation.
