Show your commitment to Cyber Security with an IASME assessment. Contact Omni Cyber Security for more information.


IASME Governance is a standard that small businesses can achieve to show that they have the necessary cybersecurity in place to protect their customer’s data. Achieving this governance is an indication to your customers, suppliers, insurers, and stakeholders that your organisation has implemented adequate security practices and standards. IASME, at a realistic cost, allows SMEs in a supply chain to demonstrate their level of cyber security and that they are able to properly protect their own and their customers’ information. Achieving IASME certification can also form a strong foundation for companies wishing to undergo certification to ISO27001 as part of a longer term security strategy. OmniCyber Security have been appointed as an independent auditor by the IASME Consortium for the IASME standard for those companies that wish to demonstrate a higher level of commitment to cyber security, rather than following the self-assessment route. IASME is a realistic and affordable way for SMEs to prove that they are following best security practice.

What is IASME accreditation?

The IASME Governance Standard has been designed for small companies. The standard has been recognised by the UK government as the top cybersecurity standard, through consultation with industry groups and trade associations. The assessment is risk-based and set against international best practices. These practices cover a wide scope of security areas such as staff awareness, data backup, incident management, business continuity, and physical security. IASME is the most cost-effective way to raise security defenses, to meet with government standards. For small companies, IASME accreditation is seen as the best route to achieve satisfactory cybersecurity defenses.

What does IASME stand for?

IASME is the name given to the Information Assurance for Small and Medium Enterprises Consortium. IASME is one of five government-appointed accrediting bodies for the Cyber Essentials standard.

IASME vs ISO27001

For many companies, the audited certification of IASMA is an acceptable alternative to ISO27001 and it indicates baseline compliance with international standards. It has been specifically developed for organisations of any size, operating within any industry. IASME provides a framework for protecting and securing sensitive and confidential data, held in the form of electronic data storage. IASME accreditation can also be seen as a good foundation for companies that wish to attain ISO27001 certification. ISO27001 is extremely comprehensive and challenging to achieve and this can be a problem for small companies. It is the complexity of ISO27001 that makes it impractical for many small businesses. IASME is a standard written on the same lines but specifically with small businesses in mind. At a realistic cost, these firms can achieve and demonstrate that they have good cybersecurity defenses in place.


CREST is an international accreditation and certification body, known as the Council of Registered Security Testers. For organisations that provide penetration testing, threat intelligence services, and cyber incident response, CREST accreditation shows that they have a competent workforce of cybersecurity specialists. Services offered by CREST certified professionals are guaranteed to be carried out by highly-skilled individuals and organisations with a competent and talented workforce. Essentially, CREST ensures that good practices are undertaken by specialists with up to date knowledge.

IASME vs Cyber Essentials

The IASME Accredited Body is one of five organisations under which cybersecurity companies are permitted to assess and certify businesses against the Cyber Essentials Scheme. The Cyber Essentials Scheme was created by the government to provide guidance and clarity on good cybersecurity practices. The Cyber Essentials Scheme has been created to cover five of the most vital technical security controls. These security controls have been identified by the UK government as those that would have prevented the majority of cyber attacks, from the past few years. IASME covers the five most vital technical security controls and it adds additional topics that are appropriate to your business and your people.


GDPR is the European Data Protection Regulation and it came into force in May of 2018. GDPR has been adopted by all EU member states and all companies that supply services or goods to EU residents must comply with the requirements laid down under GDPR. IASME governance includes GDPR requirements, along with the Cyber Essentials Scheme. it is seen a great way for firms to show customers that they meet the regulations set out in GDPR. A crucial part of GDPR requires companies to use the appropriate technical or organisational measures to appropriately secure personal data.

Why choose OmniCyber Security?

OmniCyber Security is an IASME consortium-appointed independent auditor and an accredited Cyber Essentials certification body. OmniCyber Security has the skilled knowledge to help you meet the standards set out in IASME and the Cyber Essentials Scheme. We also offer consultantion services to businesses that wish to implement ISO27001. You can contact OmniCyber Security for more information and help on (0121) 709-2526 or via email at info@omnicybersecurity.com.

Frequently Asked Questions

These are the answers to the most frequently asked questions on IASME.

Why should I have IASME certification?

IASME certification indicates that your business, company, or organisation has gained the highest level of security certification, setting your company above its competition. It further indicates that your business’s security has been audited by an independent third-party and hence offers security assurances to your suppliers and customers.

How do I achieve IASME Governance?

There are two steps that need to be completed to attain IASME Governance. The first step is the IASME Governance self-assessment and this includes the Cyber Essentials certification. The second step involves a security assessment that will be carried out by OmniCyber Security, an IASME Certification Body. Upon completion of the security assessment, OmniCyber Security will issue to you a report and a recommendation of either a pass or a fail. IASME will then confirm the assessment and issue you with a certificate and authorisation to display the IASME Governance branding and logo on your website or marketing materials.

Can penetration testing be automated?

Automated security testing of your computer systems is known as a vulnerability scan. This technique uses automated tools to search for vulnerabilities that are already known.

Which penetration testing is best?

Pen testing is preferred over a vulnerability scan because it combines human and machine-driven attack methods.

List TitleHow much does the IASME Governance Self Assessment cost?

The self assessment step in attaining IASME Governance costs £400 plus VAT and this cost includes GDPR readiness and Cyber Essentials, which must be submitted at the same time. (OSCP).

How much does the IASME Governance Audit cost?

You can apply for an individual quote from OmniCyber Security. The cost will depend upon the size and complexity of your organisation.

Where can I get help meeting the IASME Governance and Cyber Essentials requirements?

If you have simple questions then you can post these in the Cyber Essentials Advice Group on LinkedIn. If you have complex questions or need indepth help, then you can contact Certification Bodies such as OmniCyber Security.

How long does IASME and Cyber Essentials certification last?

The UK government recommends that you renew your certification on an annual basis. Companies that don’t renew their certification are removed from the certified organisations list.


Would you like to learn more?

Drop us a line to find out more about how OmniCyber Security can help your company remain secure.