Information Security certification

A business that becomes certified to the Cyber Essentials, IASME or ISO27001 standard shows it is serious about protecting client information and their own information. The benefits of becoming certified include:

  • Promoting good practices across the business to protect information
  • Ensuring  contractual and regulatory compliance
  • Meeting minimum security requirements when bidding for work
  • Reducing the time to answer security related questions during the procurement process. Having certification can reduce the time by more than 50%
  • Reducing insurance premiums

Cyber Essentials

Cyber Essentials focuses on cyber security hygiene for all sizes and types of businesses. It is mandatory for many UK public sector contracts that involve handling personal information and providing ICT products and services.

There are two options. Cyber Essentials is obtained by completing a self-assessment questionnaire, with responses independently reviewed by an external certifying body. The second option is Cyber Essentials Plus. This requires tests of systems by an external certifying body using a range of tools and techniques. Certification for either option automatically provides £25,000 of cyber liability insurance.

IASME

The Information Assurance for Small & Medium sized Enterprises (IASME) cyber security standard is aimed at SMEs. It is written along the same lines as the ISO27001 standard (see below), but reflects the needs and more informal structure of SMEs with simple processes over heavily structured ones. It covers more areas than Cyber Essentials and provides additional levels of assurance about the ability of a business to protect information in a supply chain.

Certification automatically provides £25,000 of cyber liability insurance.

ISO27001

ISO 27001 is the internationally recognised standard for information security (which includes cyber security) management. The current version is ISO27001:2013, where 2013 specifies the year the version was introduced.  It covers more areas than IASME and is aimed a larger businesses, or smaller ones working with sensitive information or wanting to work with larger ones that process sensitive information.

Contact us to discuss which certification option would be relevant for your business.