IASME Cyber Baseline
Protect your organisation, data and customers against mass automated attacks from the internet
Demonstrate that your organisation aligns with global cyber hygiene and cyber security frameworks (such as Cobit, CIS Controls v8)
Cyber security certification will open doors to procurement frameworks and allow your organisation to compete for contracts
About IASME Cyber Baseline
IASME Cyber Baseline is an international cyber hygiene certification scheme that tackles the basic, but critical, cyber security protection measures for organisations outside the UK. The standard leads the way to offer global supply chains a standardised and respected certification to show that organisations have the critical cyber hygiene measures in place.
IASME Cyber Baseline maps to a number of international cyber hygiene standards and best practices, to which there has formerly been no way of demonstrating compliance because they do not have assessments and certification associated with them.
For organisations based outside the UK, IASME Cyber Baseline can be used as a prerequisite to the next step of certifying to the comprehensive risk based and policy driven standard, IASME Cyber Assurance. If you are based in the UK, Cyber Essentials is the recommended minimum certification.
The eight themes of IASME Cyber Baseline
The IASME Cyber Baseline scheme allows every size of organisation in every sector to start their cyber security journey with simple cyber security measures set out across eight themes.
Click each icon to learn more about each of the eight themes of IASME Cyber Baseline.
Organisation
Understand and keep track of the third parties with which your organisation engages. These could be IT products, services or people. A security gap, or ‘vulnerability’ in the systems of one of your third-party suppliers, contractors or partners may undermine the security in your systems, no matter how good that is.
Identifying and protecting assets
Having a good understanding of your key information assets is essential in order to know what you need to protect. It is good practice to maintain an asset register of all your information assets, including hardware, software and cloud services. It clarifies an appreciation of your attack surface and what you've got to lose.
Secure Architecture
Systems are often not secure by default, so you need to understand how your systems fit together and how they are configured. There are a number of technical controls that need to be applied to your devices that will help reduce the chances of a cyber attack.
People
People are your greatest allies in protecting your organisation's information. Your direct colleagues and the people working as your suppliers are almost certainly going to play an important role in protecting your systems. They can also present a risk because they have privileged access to the organisation’s information.
Managing access
Give users access to all the resources and data necessary for their roles, but no more. This applies to data stored on computer equipment as well as to physical locations.
Technical intrusion
Technical configurations to your devices make up the layers of protection that prevent unauthorised access (intrusion). These will include the operating system, the firewall(s) and malware protection.
Backup and restore
Regularly backing up information and having the ability to restore the backup may be the most effective methods of protecting your business from the effects of accidental or malicious tampering, such as deleting data, hardware failure, or ransomware.
Resilience: Business continuity, incident management and disaster recovery
No security measures can be fully effective all the time so you must be ready to keep the business going and recover from the effects of deliberate attack, accidental damage, and natural disasters.
Start your cyber security journey
Implement the simple but effective cyber security measures outlined across eight themes to establish important baseline protection for your organisation.
A recognised framework of assurance
Give customers – including government procurement departments and their supply chain - a level of assurance that your organisation has implemented a core set of cyber security controls.
Demonstrate compliance with best practice
Certification proves that your organisation aligns with global cyber hygiene and cyber security frameworks* (*such as Cobit, CIS Controls v8).
Independently reviewed
An independent review by an external Assessor confirms that your organisation has implemented the core controls to help prevent mass automated attacks from the internet.
IASME Cyber Baseline will soon be available in two levels. Level One is a verified self-assessment reviewed by an independent Assessor and Level Two is a technical audit of your systems to offer a higher level of assurance.
The scheme is currently only available in Level One.
Verified Self-Assessment
Benefits Include:
- Protect your organisation, data and customers against mass automated attacks from the internet
- Demonstrate that your organisation aligns with global cyber hygiene and cyber security frameworks
Confirm your choice
IASME Cyber Baseline
IASME Cyber Baseline is an international cyber hygiene certification scheme that tackles the basic, but critical, cyber security protection measures. The certification consists of a verified self-assessment reviewed by an independent Assessor.
Level One consists of a verified self-assessment, reviewed by an independent Assessor.
The pricing structure for Level One certification is based on the size of your organisation.
Payment and Login Information
When your payment is received, we will send you login details to access the online assessment platform to begin your certification. You have 6 months to complete your assessment before your account is archived. Unfortunately we cannot issue a refund so please do not apply until you are ready for the assessment.
If you get stuck or have any questions, please give us a call on 03300 882 752 or email us on [email protected]
Price: TBC