UK Cyber Essentials and IASME Certification
Cyber Essentials aims to help organisations implement basic levels of protection against cyber attack, demonstrating to their customers that they take cyber security seriously. The Cyber Essentials certificate is an independently verified self assessment. Organisations assess themselves against five basic security controls and a qualified assessor verifies the information provided. The five basic controls within Cyber Essentials were chosen because, when properly implemented, they will help to protect against unskilled internet-based attackers using commodity capabilities – which are freely available on the internet.
Organisations that undertake Cyber Essentials are encouraged to recertify at least once a year and, where appropriate, progress their security.
The IASME Governance standard, based on international best practice, is risk-based and includes aspects such as physical security, staff awareness, and data backup. The IASME standard was recently recognised as the best cyber security standard for small companies by the UK Government when in consultation with trade associations and industry groups. The IASME governance self assessment includes the Cyber Essentials assessment within it.