Intro to Governance Services
IASME Governance Standard
The IASME (Information Assurance for Small and Medium Enterprises) Governance Standard was developed for smaller businesses as an appropriate and cost-effective alternative to the international standard ISO/IEC 27001. IASME goes further than Cyber Essentials testing for basic information security governance and an assessment against GDPR requirements.
IASME is risk-based and provides a highly credible security management standard. If you supply to Government Cyber Essentials is a mandatory requirement but IASME (which includes CE) allows your company to demonstrate a more rigorous approach.
Successful assessments are issued with an IASME certificate alongside the relevant CE certificate and Cyber Security Insurance of up to £25,000 of cover.
As well as audit and certification, Tycom offer an advisory service where an accredited assessor visits you to produce a risk assessment, a capability gap analysis and an implementation plan. You would then carry out the implementation activities before the Assessor returns to complete the formal assessment, which if successful will lead to certification.
Cyber Essentials Plus
Cyber Essentials Plus is a more rigorous test of your organisation’s cyber security systems than Cyber Essentials. Our cyber security experts carry out vulnerability tests to make sure that your organisation is protected against basic hacking and phishing attacks.
Cyber Essentials certification also includes automatic cyber liability insurance for any UK organisation that certifies their whole organisation and have less than £20m annual turnover (terms apply).
Cyber Essentials is a government backed scheme that helps businesses protect themselves from cyber attacks. This certification allows your organization to show that it is responsible and secure when it comes to cyber security.
Cyber Essentials is mandatory for businesses looking for specific government contracts. Unless your business achieves Cyber Essentials, you will not be able to bid for such contracts at all.
Business Continuity – ISO 22301
The ISO 22301 BCM standard is designed to ensure that a robust business continuity management system has been established in your organisation and that internal staff members are fully aware of their role within the system should an incident occur.
Implementing a strong Business Continuity Management System (BCMS) will aid your organisation in quickly recovering from a disaster or disruption. The BCMS can also safeguard an organisation against the reputational damage which can occur from missed deadlines, data leakages, operational, IT outages, industrial actions, disappointed clients or direct financial losses due to the disruption.
Information Security – ISO 27001
ISO 27001 is an international standard for information security. It specifies the necessary requirements to establish, implement, maintain and improve an information security management system.
As organizations look at ways to manage their risk Tycom can help you to meet the requirement to become ISO 27001 compliant. This will look at identifying information security risks, managing compliance with rules and regulations and create a system for implementation and management of controls.
This can lead on to Certification for ISO 27001.
The Data Protection Act (2018) and the GDPR set out how organisations must look after [personal data. All businesses need to understand what data they control and have the appropriate policies, processes and system to meet with these regulations.
Tycom can help you to meet your Data Protection/GDPR obligations. This process starts with a Data Audit and carries on until a full suite of processes and procedures are adopted. Training forms a votal part of this process.