Options to choose from
While having any independently verified certificate of information assurance can provide benefits to your business, different certifications will be appropriate for different types of organisation.
The UK Government Cyber Essentials scheme is aimed at small businesses with limited resources to dedicate to cybersecurity. It requires simple controls designed to mitigate the vast majority of automated cyberattacks. Cyber Essentials is certified via a self-assessment form and is a cost-effective first step into Information Assurance Accreditation.
Cyber Essentials Plus
Cyber Essentials Plus covers the same requirements as Cyber Essentials but adds the requirement that the systems must be tested by an external certifying body. This external validation can boost confidence in your business and many companies which achieve self-certification will then want to move on to get Cyber Essentials Plus.
IASME Self Certified
Information Assurance for Small and Medium-sized Enterprises (IASME) is a middle ground between Cyber Essentials and ISO 27001. It provides a high enough level of security for small and medium sized enterprises without introducing the additional complexity of ISO 27001. IASME covers all of the requirements needed to be compliant with GDPR and can mitigate the fines associated with a data breach.
Like Cyber Essentials, IASME starts out with a self-certification which can then be upgraded following an external audit. We will help you to achieve Gold Certification which is the highest level of audit result.
Free cyber liability insurance up to £25,000 is provided by AIG for all Cyber Essentials and IASME certified entities. Higher limits of indemnity and extensions to the cover are available on request.
ISO 27001 covers all aspects of information security and is more suitable for larger organisations or those which need to demonstrate an extremely high level of information security. This does not mean that smaller companies should not look at the benefits ISO27001 can offer.
An ISO 27001 certification is a highly marketable asset for any company which would benefit from showing that it takes information security seriously.