BIS call for interest: IASME

  • Government Consultation on Information Security Standard
  • UKITA supports IASME standard as most appropriate to SME Sector
  • Make your voice heard

With March seeing the beginning of a consultancy period for the Governments Cyber Security Organisational Standards, and given the recent events at Evernote we understand that is will be an area of concern for our members and their customers- see our article here.

Here at the UK IT Association (UKITA) we want to support SME’s, particularly those in the IT sector, to get the most appropriate level of Cyber Security Standard certification. While we acknowledge that ISO 27001 is a great standard for a company to achieve in Information Security Management, we feel that it is unrealistic to expect the majority of SMEs to be able to afford and achieve this standard.

For that reason we are supporting the IASME standard as the most appropriate. It is specifically designed with SMEs in mind and offers a set of strategies which effectively reduce the risk of loss through cyber accidents or attacks. In addition the work you do towards the IASME standard can count as credit towards the ISO 27001 standard.

Here is what IASME have to say:

“BIS are calling for organisations and groups to submit evidence in support of their preferred organisational security standard. They will use this evidence to select the Government’s preferred organisational standard for cyber security. In the first instance, they are inviting industry stakeholders to express their interest in submitting evidence in support of their preferred standard by 8 April. Shortly afterwards they will publish guidance to help them prepare their evidence for submission.

Government will also be exploring what can be done to help stimulate the uptake of organisational standards for cyber security, for example Government is considering the relevance of this work to Government procurement. More details on the requirements and the background can be found at

IASME (Information Assurance for Small and Medium Business) is a cyber security standard developed especially for SMEs. Originally funded by the Technology Strategy Board, it offers a set of business practices which will reduce the risk of loss of business through cyber accident or attack. The business practices are derived from internationally recognised cyber standards, distilled into common-sense language applicable to even the smallest business.

IASME are also developing UK-wide information events for SMEs and a research-based advice centre for SMEs with a couple of top-flight universities similar to the WARP concept. IASME already has a link with an AIG-underwritten cyber insurance product brokered by Sutcliffe of Worcester – details on our site.

The likely alternative is certification to the full ISO 27001 Information Security Management Standard which has proved difficult and expensive to achieve for SMEs. We feel that IASME offers a more cost-effective solution for UKITA members and ask that UKITA contributes to the BIS consultation.”

If you wish to be part of the consultancy send your expression of interest to submit evidence in support of your preferred standard by Monday 8 April 2013. Give the name of your industry body or group of companies and the name of the standard against which you intend to submit evidence.

The BIS will then publish guidance for submitting bodies by Tuesday 30 April 2013.

The final date for submitting evidence will be Monday 14 October 2013.

And remember- the IASME standard will meet the needs of the majority of SME’s- ISO 27001 may well price some people out of business if it is made a requirement.

To keep up with the latest industry news visit the UK IT Association (UKITA).