IASME Cyber Baseline

Protect your organisation, data and customers against mass automated attacks from the internet

Demonstrate that your organisation aligns with global cyber hygiene and cyber security frameworks (such as Cobit, CIS Controls v8)

Cyber security certification will open doors to procurement frameworks and allow your organisation to compete for contracts

IASME Cyber Baseline

About IASME Cyber Baseline

IASME Cyber Baseline is an international cyber hygiene certification scheme that tackles the basic, but critical, cyber security protection measures for organisations outside the UK. The standard leads the way to offer global supply chains a standardised and respected certification to show that organisations have the critical cyber hygiene measures in place.

IASME Cyber Baseline maps to a number of international cyber hygiene standards and best practices, to which there has formerly been no way of demonstrating compliance because they do not have assessments and certification associated with them.

For organisations based outside the UK, IASME Cyber Baseline can be used as a prerequisite to the next step of certifying to the comprehensive risk based and policy driven standard, IASME Cyber Assurance.  If you are based in the UK, Cyber Essentials is the recommended minimum certification.

The eight themes of IASME Cyber Baseline

The IASME Cyber Baseline scheme allows every size of organisation in every sector to start their cyber security journey with simple cyber security measures set out across eight themes.

Click each icon to learn more about each of the eight themes of IASME Cyber Baseline.

Organisation

Understand and keep track of the third parties with which your organisation engages. These could be IT products, services or people. A security gap, or ‘vulnerability’ in the systems of one of your third-party suppliers, contractors or partners may undermine the security in your systems, no matter how good that is.

Identifying and protecting assets

Having a good understanding of your key information assets is essential in order to know what you need to protect. It is good practice to maintain an asset register of all your information assets, including hardware, software and cloud services. It clarifies an appreciation of your attack surface and what you've got to lose.


Secure Architecture

Systems are often not secure by default, so you need to understand how your systems fit together and how they are configured. There are a number of technical controls that need to be applied to your devices that will help reduce the chances of a cyber attack.

People

People are your greatest allies in protecting your organisation's information. Your direct colleagues and the people working as your suppliers are almost certainly going to play an important role in protecting your systems. They can also present a risk because they have privileged access to the organisation’s information.

Managing access

Give users access to all the resources and data necessary for their roles, but no more. This applies to data stored on computer equipment as well as to physical locations.

Technical intrusion

Technical configurations to your devices make up the layers of protection that prevent unauthorised access (intrusion). These will include the operating system, the firewall(s) and malware protection.

Backup and restore

Regularly backing up information and having the ability to restore the backup may be the most effective methods of protecting your business from the effects of accidental or malicious tampering, such as deleting data, hardware failure, or ransomware.

Resilience: Business continuity, incident management and disaster recovery

No security measures can be fully effective all the time so you must be ready to keep the business going and recover from the effects of deliberate attack, accidental damage, and natural disasters.

Start Journey

Start your cyber security journey

Implement the simple but effective cyber security measures outlined across eight themes to establish important baseline protection for your organisation.

Framework

A recognised framework of assurance

Give customers – including government procurement departments and their supply chain - a level of assurance that your organisation has implemented a core set of cyber security controls.

Customer Trust

Demonstrate compliance with best practice

Certification proves that your organisation aligns with global cyber hygiene and cyber security frameworks* (*such as Cobit, CIS Controls v8).

Independently Reviewed

Independently reviewed

An independent review by an external Assessor confirms that your organisation has implemented the core controls to help prevent mass automated attacks from the internet.

IASME Cyber Baseline will soon be available in two levels. Level One is a verified self-assessment reviewed by an independent Assessor and Level Two is a technical audit of your systems to offer a higher level of assurance.

The scheme is currently only available in Level One.

Verified Self-Assessment

IASME Cyber Baseline consists of a verified self-assessment reviewed by an independent Assessor

After registering for certification, you are given access to the secure assessment platform where you will answer the verified self-assessment questions. A senior member of the board or equivalent from your organisation must e-sign a document to verify that all the answers are true and then a qualified external Assessor will mark your answers.

The pricing structure for Level One certification is based on the size of your organisation.

Benefits Include:

  •  Protect your organisation, data and customers against mass automated attacks from the internet
  • Demonstrate that your organisation aligns with global cyber hygiene and cyber security frameworks

Confirm your choice

IASME Cyber Baseline

IASME Cyber Baseline

IASME Cyber Baseline is an international cyber hygiene certification scheme that tackles the basic, but critical, cyber security protection measures. The certification consists of a verified self-assessment reviewed by an independent Assessor.

Level One consists of a verified self-assessment, reviewed by an independent Assessor.

The pricing structure for Level One certification is based on the size of your organisation.

Credit Card Logo

When your payment is received, we will send you login details to access the online assessment platform to begin your certification. You have 6 months to complete your assessment before your account is archived. Unfortunately we cannot issue a refund so please do not apply until you are ready for the assessment.

If you get stuck or have any questions, please give us a call on 03300 882 752 or email us on [email protected]

Price: TBC

BSI Logo UK Cyber Security Council We are a Living Wage Employer National Cyber Awards 2022 Winner Armed Forces Covenant Cyber First Support