IASME have mapped the IASME Governance Standard to other standards.

Scroll down to see more details or click one of the following to jump straight to a particular standard

10 Steps to Cyber Security

NCSC 10 Steps to Cyber Security.JPG

Results Summary

IASME Governance aligns directly with 10 Steps to Cyber Security on all topics

10 Steps to Cyber Security

The 10 Steps to Cyber Security is guidance produced by the National Cyber Security Centre (NCSC) on how organisations can protect themselves in cyberspace. NCSC believes that adopting an approach aligned with the10 Steps is an effective means to help protect your organisation from attacks. More information https://www.ncsc.gov.uk/guidance/10-steps-cyber-security

Notes on the mapping: Topics shown with a green background indicate full alignment, topics with an orange background indicate partial alignment and topics with a red background are not aligned with the IASME Governance standard

NHS Digital Data Security and Protection Toolkit

Results summary

For the majority of topics, the IASME Governance standard meets or exceeds the requirements of the NHS Digital Data Security Standards.

In some areas an action, process or tool that is specific to the NHS is referenced by the standard which does not map directly to the IASME Governance standard

NHS Digital Data Security and Protection Toolkit

The Data Security and Protection Toolkit is an online self-assessment tool that all organisations must use if they have access to NHS patient data and systems. https://digital.nhs.uk/data-and-information/looking-after-information/data-security-and-information-governance/data-security-and-protection-toolkit

Notes on the mapping: As the IASME question set is considerably more detailed and specific than the approach taken by the NHS Digital standards, it was often not possible to map IASME questions to specific NHS Digital standard requirements and audit guides. Therefore, we adopted a simpler approach that has mapped the sections of the IASME question set to the relevant NHS Digital Standards or parts thereof. However, where it was possible to map a question to a specific NHS requirement that is indicated in the spreadsheet.

  • All sections of the IASME question set that meet the requirements of the NHS Digital standards are shaded green.

  • Green indicates direct correlation between IASME and NHS, Amber indicates partial, or implied correlation.

  • Purple indicates where the IASME standard exceeds the NHS requirements and/or an NHS applicant might/could fail IASME/CE certification. E.g Unsupported software.

  • Red indicates where there is no correlation between the two

The Cyber Assessment Framework and the NIS Directive

Results summary

IASME Governance aligns with all CAF requirements at either Achieved or Partially Achieved level

The Cyber Assessment Framework and the NIS Directive

The EU directive on the security of Networks and Information Systems (NIS Directive) requires operators of essential services and certain information providers (cloud services) to have measures in place to manage security risks. The UK government has created the Cyber Assessment Framework (CAF) to which sets out the indicators of good security practice that operators can use to ensure they are in compliance with NIS https://www.ncsc.gov.uk/collection/nis-directive?curPage=/collection/nis-directive/cyber-assessment-framework

Notes on the mapping:

  • The traffic light colours (cells coloured in column G) correspond to the CAF Achieved, Partially Achieved and Not Achieved grades.

  • Where the IASME standard addresses a CAF requirement but there is no corresponding direct question, the item is marked partially achieved.

  • These entries might also be tagged as 'Not specified' or 'Implicit'.

  • Where there is no direct mapping between the IASME standard questions and the CAF requirements, the relevant reference from the IASME standard is included. This is done to show where the standard covers the requirement but does not necessarily attract a specific question.

  • Requirements that cannot be considered to be covered by the IASME Standard in any way are marked Not Achieved.