The 8 Themes of IASME Cyber Baseline – People

Apr 30, 2024 | IASME Cyber Baseline

IASME Cyber Baseline is a new international cyber hygiene certification scheme available to organisations outside the UK. It tackles the basic, but critical, cyber security protection measures and leads the way to offer global supply chains a standardised and respected certification demonstrating robust cyber hygiene.

The IASME Cyber Baseline scheme allows every size of organisation in every sector to start their cyber security journey with simple cyber security measures across 8 themes.  



Secure architecture


Managing access

Technical intrusion

Backup and restore

Resilience: business continuity, incident management, and disaster recovery

In this blog, we explore the theme, People.


What is this theme about? 

This theme is about making sure your staff are aware of your cyber security policies and processes and know what to do to keep your organisational systems and data safe.

Staff security awareness

You need to provide awareness training to all permanent and temporary staff, whether full or part time, on contract, paid or unpaid. If you use contractors/third parties, ensuring awareness should be included within your contractual agreements.

The awareness training you provide can be delivered by live or pre-recorded courses or workshops – in person or online, using ‘how to’ documents or good practice guides.

Appropriate training should be given to all staff during induction and upon changes to company policies and processes.  Staff awareness activities must be conducted at least annually

 Ensure staff are trained on secure password creation

  • The importance of using unique passwords for each system

  • How to create passwords that are difficult to guess and are a minimum of 12 characters

  • Information about using three random words and password management applications

It is recommended that you take these steps: 

  • Carry out security awareness activities at least annually

  • Include company security policies and processes and password creation