The IASME governance standard was originally developed by SMEs for SMEs, supported initially by the Technology Strategy Board (now Innovate UK), leading to the founding of the IASME Consortium in 2012. It was built to bridge a gap — existing information security standards were either overly complex or too prescriptive for smaller organisations.

The standard remains the only cyber security certification scheme designed to be both affordable and achievable for small organisations.

IASME Cyber Assurance is described as a comprehensive, flexible and affordable cyber security standard covering cyber security, privacy, and data protection measures. It aligns with the UK Government's 10 Steps to Cyber Security and adds Data Privacy controls. Cyber Essentials certification is now a prerequisite.

Enabling SMEs to Compete: The Government's Procurement Bill 2022 aims to reform public procurement toward greater fairness and transparency, specifically encouraging SME participation in public contracts. Over 95% of UK organisations are SMEs. Several sectors — including the Ministry of Justice and the Government of Jersey — now accept audited IASME Cyber Assurance as an alternative to ISO 27001 for smaller companies.

Restructured Standard — 13 Themes: The standard has been reorganised into 13 themes including identifying and protecting assets, risk assessment and management, training and managing people, access control and physical security, policies and procedures, backing up data, security monitoring and review, and business continuity planning and incident response.

Forti5 Technologies is an IASME-certified assessor that takes the time to explain the assessment so that the company understands what is expected and why it is necessary.