Who should use this standard assessment

With increasing threats of cyber-terrorism, malware and data theft, the prioritisation of good information security practices within a business is key to avoiding fines, reputational damage and loss of business. Common weak are often from the supply chain or third parties which, given a wide spread of risk, makes it useful to have a risk-proportional approach to assessment in this area.

Organisations that wish to avoid dealing with non-compliant businesses and minimise exposure to high-risk data practices can use this Standard Assessment within Rizikon Assurance. This comprehensive assessment will assist with ensuring an acceptable level of information security within an organisation, especially where the risk and impact of a data breach is considered to be high.


How this Standard Assessment was developed

This assessment is based on the government-funded ISAME Governance standard, designed to help cover a baseline of information security and be an affordable and achievable alternative to the international standard, ISO27001.

The content of the scheme covers some of the most basic cyber-security practices than an organisation can adopt, as covered by Cyber Essentials, and also further, more detailed GDPR requirements. The questions in this Standard Assessment in Rizikon Assurance are derived from the questions an organisation will answer when being assessed for IASME governance.


Questions, sections and scoring

The structure of the Security (High Risk) assessment covers a comprehensive list of areas, including sections on information assets, cloud services, risk management and data protection, incident management, backup and restoration, and more, in addition to those topics found in Cyber Essentials. There are 21 of these sections, ensuring an in-depth assessment of information security.

The questions are scored on a tiered basis – answers can be provided that are either scored Minor, Major or Fail. These scores listed indicate that organisation is potentially not operating within a pass mark of the IASME governance standard, whereas compliant answers will remain unhighlighted. The overall assessment score will be inherited from the most severe question score provided, highlighting their score of least compliance.