In our last blog we considered Cyber Essentials and the benefits of becoming certified. We also saw that “Essentials” only means covering the necessary or extremely important aspects of your organisation. There is so much more involved in making sure your company is secure and compliant with the latest governance and regulations.

So, let’s focus on another word – “Optimum”. The meaning behind this word is to be “most conducive to a favourable outcome; or best” That’s what we’re trying to achieve. SaaSAge want to provide you with more than just the essentials, but with optimum security. Security as good as it can be balanced between risk and cost.

So, what is the next step? In this blog, we dig a little deeper into why IASME Governance. With the GDPR and Data Protection Act 2018 you may consider this a great value option.

IASME and the GDPR

The IASME Governance assessment goes above and beyond the requirements for Cyber Essentials. IASME certification, in addition to Cyber Essentials, is proof that you have considered and made efforts to meet the requirements of the General Data Protection Regulation (GDPR).

It looks at a number of topics that, when combined with Cyber Essentials, can achieve GDPR compliance. These include identifying risks, training staff, dealing with incidents and handling operational issues.

The IASME Process

IASME examines and scrutinizes areas outlined within the GDPR by taking them through the following process to ensure compliance is reached:

  1. Identify– It is important to identify what assets need to be secure. This may include hardware and software, personal records, business data or financial plans. Once you know, what needs to be kept safe, you can begin to put measures in place to protect it.
  2. Protect– Every organisation should put in place policies and controls to make sure your operations are conducted securely. Controlling who can access your information, encrypting sensitive data and making sure all staff are up to date with security policies, are just some precautions that can be taken.
  3. Detect and Deter– Having systems in place that run monitoring software which can identify Viruses and Malware can be a huge protection to a company. Early detection of an intrusion or data breach can often be the make or break.
  4. Respond and Recover – Even with the best of intentions, a business may get caught out by a Malware Intrusion or Data Breach, so having a clear procedure for reporting and handing incidents is vital. Disaster Recovery and Business Continuity Plans are essential in helping a business to work through, and recover from, a security breach.

 

IASME and SaaSAge

If you want to know more about how Cyber Essentials and IASME Governance, including GDPR requirements, can support your Data Protection obligations, then SaaSAge as a Certification Body can support you.

SaaSAge can assist with the audits and questionnaires required to become IASME Certified.

We have a number of packages available for new and old clients to ensure that you have optimum data security.

Contact us today for more information.