Advent IM Ltd, the UKs leading independent holistic security consultants, has announced their successful certification to both Cyber Essentials, the UK Government’s cyber security assurance scheme and IASME Self Certification the Information Assurance scheme for SME’s.
Operations Director, Julia McCarron said, “We are delighted to have gained these two worthwhile certifications. It was a natural step for Advent IM as we already have ISO27001 and were keen to embrace the UK Government’s schemes. It is a great way of continuing to assure our supply chain partners of how seriously we take Information Security and having ISO27001 meant we were already very well placed for success. We walk the walk as well as talk the talk! We are already helping our clients through Cyber Essentials with great success.”
Cyber Essentials Scheme
The UK government’s Cyber Essentials scheme was developed earlier this year with the IASME Consortium, a local Malvern company, representing small companies on the drafting panel. The development of this scheme resulted from a review of the successful cyber attacks over the last few years. They found that the majority would not have been successful if 5 simple technical controls had been implemented. These controls are quite detailed and so plenty of companies who have the international cyber standard, ISO27001, may not actually have all these technical controls in place. Cyber Essentials is also available as a self assessment or audited version, called Cyber Essentials PLUS.
The Government has announcement that, from 1st October 2014, all new Government contracts associated with personal or sensitive data will only go to companies with Cyber Essentials certification. Large companies will also be encouraged to enforce this down through their supply chains.
A recent call for evidence by the UK Government concluded that the best governance standard for small companies was the IASME standard developed and run by a local small Malvern company. The standard itself was developed using government funding with the aim of finding a small company alternative to the international standard (ISO27001). The IASME standard focuses on both governance and technical security. It includes aspects like a security policy, staff awareness, risk assessments, business continuity plans and back-up processes. These ensure that you understand your risk and are managing your security effectively. Accreditation is available either as a self assessment or a fully audited assessment