Need to know the difference between Cyber Essentials, IASME and ISO 27001? Want to know which is suitable for your organisation? Read on..

As a socially conscious organisation in today’s cyber landscape keeping a handle on your cyber security is vital. A customer recently pointed out to me that it can be a bit daunting getting from ground zero to having confidence that your organisation are meeting the basic requirements. Thankfully, there are some simple ways to structure your journey via three different certification standards. Here’re the 3 best ones and, how they differ and some ideas on how to choose the right one for your organisation.

Cyber Essentials is a UK government backed scheme which was created to make it easy for businesses to reach basic levels of cyber security. It comes in two versions – self assessment for the Cyber Essentials accreditation or Cyber Essentials Plus which requires an on site audit. It’s a basic requirement for supplying to any UK Government organisations.

IASME – Information Assurance for Small and Medium Enterprises – often incorporates Cyber Essentials as part of its assessment but is its own standard. It is more in depth than the Cyber Essentials accreditation and is based on the ISO 27001 standard. It also comes in two versions – self assessment or the Gold Standard which requires an onsite audit.

The most in depth standard, and therefore the most highly regarded, is ISO 27001. It’s the industry standard for information security and covers all aspects of operations. Stakeholder support is essential for success and it won’t happen overnight but the rewards are giving your customers and staff confidence that data security is at the heart of your operation.

Here at Blue Sky, we’d already obtained  the ISO 9001 so ISO 27001 fitted well. If your organisation already has another ISO standard then ISO 27001 is the obvious choice. The barrier to entry for the Cyber Essentials is very low and, with a little help, most organisations should be able to obtain it. From our experience both internally and via our customers the benefits are often surprisingly good!

This post comes with a warning; getting certified can be addictive!

Matthew McCloskey

Commerical Director