Mapping to other Standards

The IASME Governance standard maps closely to a number of widely recognised cyber security and assurance standards and guides. This means it can be used to demonstrate compliance to many of these standards.

The IASME team has mapped the standard and assessment question set to the standards listed below. The mapping comparisons are free for you to download. Although we have discussed the mapping with a number of experts in the field, it can always be improved upon and we would welcome your feedback. Please do contact us with any comments or suggestions on these mappings.

The 10 Steps Guidance was designed for organisations looking to protect themselves in cyberspace. The 10 Steps to Cyber Security was originally published in 2012 and is now used by a majority of the FTSE350

Results Summary: IASME Governance aligns directly with 10 Steps to Cyber Security on all topics

Download the mapping between IASME Governance and the 10 Steps Guidance here

One of the key objectives of the NIS Directive is to ensure that Operators of Essential Services (OES) take appropriate and proportionate technical and organisational measures to manage the risks to the security of network and information systems which support the delivery of essential services. The Cyber Assessment Framework (CAF) is intended to assist in achieving effective security assessments

Results summary: IASME Governance aligns with all CAF requirements at either Achieved or Partially Achieved level

Download the mapping between IASME Governance and the CAF here

ISO27001 / ISO27002 – This International Standard specifies the requirements for establishing, implementing, maintaining and continually improving an information security management system within the context of the organisation.

Results summary: IASME Governance maps to the majority of the ISO2700x controls at achieved or partially achieved level

Download the mapping between IASME Governance and ISO27001 here

The NHS Data Security and Protection Toolkit is an online self-assessment tool that allows organisations to measure their performance against the National Data Guardian’s 10 data security standards. All organisations that have access to NHS patient data and systems must use this toolkit to provide assurance that they are practising good data security and that personal information is handled correctly.

Results summary: For the majority of topics, the IASME Governance standard meets or exceeds the requirements of the NHS Digital Data Security Standards. In some areas an action, process or tool that is specific to the NHS is referenced by the standard which does not map directly to the IASME Governance standard

Download the mapping between IASME Governance and the NHS Digital Data Security and Protection Toolkit here

The UK General Data Protection Regulation (GDPR) sets out seven key principles that should lie at the heart of an approach to processing personal data. Accountability is the seventh principle and the one that demonstrates that businesses are doing the right thing.

Results Summary: IASME Governance aligns with the vast majority of the ICO’s Accountability Framework.

Download the mapping between IASME Governance and the ICO’s Accountability Framework here

Find Out More

Have a look at our Frequently Asked Questions or speak to our team

FAQs

Cookie	Type	Duration	Description
cookielawinfo-checkbox-analytics		1 year	This cookies is set by GDPR Cookie Consent WordPress Plugin. The cookie is used to remember the user consent for the cookies under the category "Analytics".
cookielawinfo-checkbox-analytics	persistent	1 year	This cookies is set by GDPR Cookie Consent WordPress Plugin. The cookie is used to remember the user consent for the cookies under the category "Analytics".
cookielawinfo-checkbox-necessary		1 year	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-necessary	persistent	1 year	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-non-necessary		1 year	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Non-necessary".
cookielawinfo-checkbox-non-necessary	persistent	1 year	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Non-necessary".
CookieLawInfoConsent		1 year	CookieYes sets this cookie to record the default button state of the corresponding category and the status of CCPA. It works only in coordination with the primary cookie.
geot_country		1 year 1 month 4 days	Used to define what country is attributed to you to aid showing the correct content.
PHPSESSID		session	This cookie is native to PHP applications. The cookie stores and identifies a user's unique session ID to manage user sessions on the website. The cookie is a session cookie and will be deleted when all the browser windows are closed.
viewed_cookie_policy		1 year	The GDPR Cookie Consent plugin sets the cookie to store whether or not the user has consented to use cookies. It does not store any personal data.

Cookie	Type	Duration	Description
__cfduid		1 month	The cookie is used by cdn services like CloudFare to identify individual clients behind a shared IP address and apply security settings on a per-client basis. It does not correspond to any user ID in the web application and does not store any personally identifiable information.
__cfduid	persistent	1 month	The cookie is used by cdn services like CloudFare to identify individual clients behind a shared IP address and apply security settings on a per-client basis. It does not correspond to any user ID in the web application and does not store any personally identifiable information.
_ga		2 years	This cookie is installed by Google Analytics. The cookie is used to calculate visitor, session, campaign data and keep track of site usage for the site's analytics report. The cookies store information anonymously and assign a randomly generated number to identify unique visitors.
_ga	persistent	2 years	This cookie is installed by Google Analytics. The cookie is used to calculate visitor, session, campaign data and keep track of site usage for the site's analytics report. The cookies store information anonymously and assign a randomly generated number to identify unique visitors.
_gat_gtag		1 minute	Used to throttle too many requests from being issued within a short time. This is part of the Google Analytics suite of services.
_gat_gtag	persistent	1 minute	Used to throttle too many requests from being issued within a short time. This is part of the Google Analytics suite of services.
_gid		1 day	This cookie is installed by Google Analytics. The cookie is used to store information of how visitors use a website and helps in creating an analytics report of how the website is doing. The data collected including the number visitors, the source where they have come from, and the pages visited in an anonymous form.
_gid	persistent	1 day	This cookie is installed by Google Analytics. The cookie is used to store information of how visitors use a website and helps in creating an analytics report of how the website is doing. The data collected including the number visitors, the source where they have come from, and the pages visited in an anonymous form.
_hjAbsoluteSessionInProgress	persistent	30 minutes	This cookie is used to detect the first pageview session of a user. This is a True/False flag set by the cookie.
_hjFirstSeen	Session	1 year	This is set to identify a new user’s first session. It stores a true/false value, indicating whether this was the first time Hotjar saw this user. It is used by Recording filters to identify new user sessions.
_hjid	persistent	365 days	Hotjar cookie that is set when the customer first lands on a page with the Hotjar script. It is used to persist the Hotjar User ID, unique to that site on the browser. This ensures that behavior in subsequent visits to the same site will be attributed to the same user ID.
ajs_anonymous_id	persistent	365 days	This cookie is set by Segment as a randomly generated ID for anonymous users.

Cookie	Duration	Description
_ga_*	1 year 1 month 4 days	Google Analytics sets this cookie to store and count page views.
_gat_gtag_UA_*	1 minute	Google Analytics sets this cookie to store a unique user ID.
_hjSession_*	30 minutes	Hotjar sets this cookie to ensure data from subsequent visits to the same site is attributed to the same user ID, which persists in the Hotjar User ID, which is unique to that site.
_hjSessionUser_*	1 year	Hotjar sets this cookie to ensure data from subsequent visits to the same site is attributed to the same user ID, which persists in the Hotjar User ID, which is unique to that site.

Find Out More

Cyber First

Living Wage

Cyber Scheme

National Cyber Awards 2022

Armed Forces Covenant

BSI