Brian Sims

IASME Cyber Assurance Standard safeguards SMEs in supply chain

IASME – THE certification specialist when it comes to cyber security and information assurance – has just relaunched its flagship information security standard, namely the IASME Cyber Assurance Standard (formerly known as the IASME Governance Standard). It’s badged as “a comprehensive, flexible and affordable” cyber security standard providing the necessary assurance that an organisation has put into practice a range of important cyber security, privacy and data protection-centred measures.

The Government’s Procurement Bill 2022 is currently passing through the Houses of Parliament and is due to be made law next year. The Bill seeks to reform the UK’s public procurement regime to create a fairer and more transparent system. It also aims to support businesses by making public procurement more accessible to smaller organisations along with voluntary, charitable and social enterprises by enabling them to compete for public contracts.

The Procurement Bill will enshrine the objectives of public procurement in law, including the delivery of value for money, maximising public benefit and acting – as well as being seen to act – with integrity.

Over 95% of all organisations in the UK are SMEs, many of whom are the most innovative organisations in their sector. The new Procurement Bill is a positive sign that SMEs are being welcomed and encouraged into supply chains and allowed to compete with larger organisations for business.

Security requirements

Supply chains often mandate security requirements such as ISO 27001 in Service Level Agreements and contracts. However, they can be difficult to implement for micro/small business to compete with. This is where IASME’s Cyber Assurance Standard plays its part.

The Cyber Assurance Standard aligns directly on all topics when it comes to the UK Government’s 10 Steps to Cyber Security in addition to data privacy controls, duly offering smaller companies within a supply chain a ‘right-sized’ approach to show their level of information security for a realistic cost.

A wide range of industry sectors now accept the audited IASME Cyber Assurance Standard certification instead of ISO 27001 for small companies. The Ministry of Justice and the Government of Jersey are both on board. This is a significant step towards reducing barriers to entry for smaller organisations in a given supply chain. In essence, the IASME Cyber Assurance Standard affords SMEs a legitimate way in which to prove their compliance within a supply chain.

Important measures

Important cyber security measures are set out in the Cyber Assurance Standard. These include assessing and managing risk, training people and setting practical policies as well as resilience strategies such as backing-up data, business continuity planning and incident response.

Legal and regulatory requirements are also addressed, including the implementation of the General Data Protection Regulation (with the Data Protection Act being the relevant legislation here in the UK).

The certification is available at Level 1 (verified assessed) and Level 2 (audited).

Certification manager Samantha Alexander brings a wealth of experience in leading and developing information assurance schemes and has worked closely with membership organisations. Alexander commented: “IASME’s Cyber Assurance Standard is a well-established and unique certification scheme that’s starting to play a key role in securing supply chains in the UK and abroad.”

Timely updates

IASME wanted to update the Cyber Assurance Standard to ensure that it remains relevant to recent changes in technology. These changes include the move that many businesses have made from on-premise infrastructure to the cloud. There have also been huge changes to business practices such as working from home and the increased use of mobile and personal devices.

Over the years, IASME has received helpful feedback about the Cyber Assurance Standard from businesses and assessors alike incorporated all of points made within the new version. Given that it’s a living and evolving piece of work, there will continue to be future updates.

Established in 2012, IASME works in partnership with the UK Government as the sole delivery partner for Cyber Essentials, the Government-backed scheme that helps businesses protect themselves from the most common cyber attacks.

Additional certification schemes

IASME runs other certification schemes to help organisations protect themselves from fraud and cyber crime. These include Counter Fraud Fundamentals (run in partnership with The Open Banking Implementation Entity), which covers the basic counter fraud controls for organisations of all sizes. The Internet of Things Security Assured programme certifies Internet-connected devices against the most important security controls and demonstrates commitment to Best Practice security.

Maritime Cyber Baseline, which is supported by RINA, helps to protect shipping operators and vessel owners from cyber attack.

Further, IASME works with the Civil Aviation Authority’s ASSURE scheme to deliver the former’s third party cyber security audit model.

*Further detail is available online at

Company Info

The IASME Consortium Ltd

Wyche Innovation Centre
Walwyn Road
Upper Colwall
WR13 6PL

03300 882752

Login / Sign up