Stratia Consulting specialise in Information Assurance and Risk Management.

We have years of experience in providing information assurance and information risk management services to all kinds of businesses. It does not matter whether you run a small start-up company or a large corporation, we will ensure your assets are protected and maintained efficiently. Our aim is to find the best form of protection for your business and provide you with the means to manage risks effectively in order to minimise financial costs and prevent damage to your reputation.

Cookie Policy

A cookie is a small file which asks permission to be placed on your computer’s hard drive. Once you agree, the file is added and the cookie helps analyse web traffic or lets you know when you visit a particular site. Cookies allow web applications to respond to you as an individual. The web application can tailor its operations to your needs, likes and dislikes by gathering and remembering information about your preferences.

We use traffic log cookies to identify which pages are being used. This helps us analyse data about web page traffic and improve our website in order to tailor it to customer needs. We only use this information for statistical analysis purposes and then the data is removed from the system.

Overall, cookies help us provide you with a better website by enabling us to monitor which pages you find useful and which you do not. A cookie in no way gives us access to your computer or any information about you, other than the data you choose to share with us.

You can choose to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. This may prevent you from taking full advantage of the website.

Contact Info

IASME Governance and GDPR

IASME Governance Standard including General Data Protection Regulation (GDPR) Assessment

ISO 27001 and IASME comparison

Download PDF:
ISO 27001 and IASME comparison

The IASME Governance standard was developed over several years during a government funded project to create a cyber security standard which would be an affordable and achievable alternative to the international information security management system standard, ISO27001.

The IASME Governance standard allows the small companies in a supply chain to demonstrate their level of cyber security for a realistic cost and indicates that they are taking good steps to properly protect their customers information. It builds Information Security in to the way your company works, and grows as you grow. It can also offer a pathway to ISO27001 if that is later required.

The standard includes all of the five Cyber Essentials technical topics and adds additional topics that mostly relate to people and processes, for example:

  • Risk assessment and management
  • Training and managing people
  • Change management
  • Monitoring
  • Backup
  • Incident response and business continuity

By gaining the Audited IASME Governance certificate your organisation is achieving IASME’s highest level of certification and providing assurance to customers and suppliers that your organisation’s security has been audited by a skilled, independent third-party

The IASME Governance assessment, includes an assessment against the GDPR requirements, due to come in to force in 2018. GDPR has specific impact on the way that you handle personal data and breaches of this law can mean serious fines and consequences for your business.

The GDPR, or General Data Protection Regulations are new EU regulations which will make the current Data Protection regulations much stronger. The GDPR comes into force in May 2018 and, if breached, could result in a fine of up to 4% of global turnover. The regulations will still affect UK organisations despite Brexit. The UK government and the Information Commissioners Office (ICO) have indicated that, even if they don’t continue with GDPR after Brexit, they will be looking for something equally as robust. Similarly, if you are processing the information of EU nationals or trading across the EU, then you will need to abide by its regulations.

Every organisation processing personal data must carry out safeguards against loss, theft and unauthorised access. Respect for privacy, security of data and awareness of breaches will be key. There is a duty to report a breach within 72 hours. If that breach is potentially of high privacy risk, then affected individuals should also be advised of the data breach. This is a significant change to the current Data Protection regime in the UK.
The definition of personal data has been extended and includes anything that could be used to identify an individual. This includes, for example, genetic data and even IP addresses. The GDPR will be more robust in its protection of data than anything we have previously seen and businesses will be more accountable.

More detailed information can be found on the Information Commissioners Office website

Stratia Consulting has IASME trained GDPR assessors that can help you identify potential liabilities around the information you hold, and the best way to protect your organisation in this regard. Contact us for details.
You can download a free copy of the IASME Governance Standard here.