Is there any alternative to ISO 27001 for my small business?
ISO certifications are known across the world as a way of demonstrating best practice in a number of disciplines, the 27001 is for Information Security.
Though ISO 27001 for a small business may be overly formal, costly and complex, so what are the alternatives if you know you need to take your information security seriously and demonstrate this to your clients?
The Governments Cyber Essentials Accreditation is the perfect starting point for a small business that doesn’t know where to start. It’s 5 areas of compliance cover:
* Boundary firewalls and internet gateways
* Secure configuration
* Access control
* Malware protection
* Patch management
Don’t get me wrong, Cyber Essentials is a world apart from ISO 27001 accreditation, but as a starting point it’s great. It’s not overwhelming or particularly complex, although if you have no IT expertise to call on you will need a little help.
As a Self-Certification this can start from as little as £300, but you can have an independently audited version, Cyber Essentials Plus, which holds more weight as a certification and is a necessary requirement for some Government and Local Authority work.
IASME Governance Standard
IASME (Information Assurance for Small & Medium Enterprise) are a Certification Authority that not only deliver the Cyber Essentials Accreditation Scheme on behalf of the Government, but they have also designed an independent on-site audit of the level of information security provided by your organisation. It offers a similar level of assurance to the internationally recognised ISO 27001 standard but is simpler and often cheaper for small and medium-sized organisations to implement.
This standard builds upon the primarily technical focus of Cyber Essentials certification (and includes the CE certificate as well) and adds in more policy and procedural elements for businesses. IASME have mapped their standard to:
* NCSC – 10 Steps to Cyber Security
* NIS Directive – Cyber Assessment Framework
* MoD – Defence Cyber Protection Partnership
Southern IT are a certification body for IASME and can deliver certification to the Cyber Essentials, Cyber Essentials Plus and IASME Governance standards.
If you’d like a chat to see if any of these standards will suit your business, feel free to give us a call.