Information Security

What is Information Security?

Information Security is the process by which an organisation comprehensively identifies risks to its information, e.g. a data breach by hackers, and then undertakes steps to minimise or neutralise those risks.

The steps undertaken can be technical, e.g. buying anti-virus, administrative, e.g. introducing an acceptable use policy, or physical, e.g. locking the server room to prevent unauthorised entry.

An organisation then manages these steps by monitoring them to ensure they remain effective in addressing the risks they are meant to control.

An organisation can undertake this whole process by itself, but many prefer to implement Information Security through adopting an international standard. International standards give organisations a significantly better chance of successfully managing Information security since they supply a management framework upon which an organisaion can base its endeavours.

There are two standards which organisations can adopt - ISO 27001 or IASME Governance.

What is ISO 27001?

ISO 27001 is the most well-known standard and is aimed at organisations of any size or function. which brings together many best practices aimed at helping organisations plan, respond, and recover from disruptive events.

It implements a "Management System" to help organisations manage business continuity from beginning to end in a systematic, holistic manner.

This systematic approach is a business enabler since it allows your organisation to effectively minimise risks, creating a more robust and resilient organisation, providing better insight into how your organisation functions, and allowing you to plan for the future with more confidence.

It also provides reassurance to customers, suppliers, staff, and other stakeholders that your organisation has effective governance by taking proactive steps to remaining viable in the face of threats.

It puts you at a competitive advantage over rivals, since many organisations do not have any business continuity plans, and can only react to disruptive events.

What is IASME Governance?

IASME Governance is a standard developed by IASME as part of a UK Government backed project to create an information security standard that would be much cheaper and less complex to implement than ISO27001.

IASME Governance is aimed at SMEs so they can demonstrate their commitment to protecting their own information and that of their customers. Its especially beneficial for organisations involved in supply chains where due diligence into suppliers is carried out.

There are two levels of IASME Governance - Self-Assessed and Audited.

IASME Self-Assessed Governance IASME Self-Assessed

IASME Self-Assessed involves completing a series of questions at the same time as the Cyber Essentials questionnaire, and asks about the following processes within your organisation:

Risk Assessments
Incident Management
Data Protection
Operational Management

The questions assess how well an organisation manages information security risks in a non-technical manner, that is to say how does the organisation manage risks though managerial (administrative) measures, e.g. staff policies, and through physical measures, e.g. CCTV. Technical solutions to risks are great, but for an organisation to manage risk effectively there must be a combination of managerial, technical, and physical measures in place.

IASME Audited Governance IASME Audited Governance

IASME Audited Governance is a step up from the requirements of IASME Self-Assessed certification. It requires an organisation to successfully complete the following stages:

An in-date Cyber Essentials or Cyber Essentials Plus certification
An in-date IASME Self-Assessed Governance certification
A review of the organisaion's information security documentation
An onsite audit from an IASME Governance assessor
The completion of any feedback from the IASME Governance moderator

The entire IASME Audited Governance is designed so that the applying organisation works with an IASME Governance assessor who will guide them through the entire process. Bergerode Consulting have guided companies both within the UK and beyond through this process, so you will be in safe hands from beginning to end.

How Bergerode Consulting can help

Informaton Security may seem a very imposing undertaking, but it delivers real benefits to those organisations that do take this step. Bergerode Consulting can help you through the entire process from beginning to end.

Bergerode Consulting are ISO 27001 Lead Implementers and ISO 27001 Lead Auditors and a BSI Associate Consultant and we can help your organisation implement ISO 27001.
BSI Associate Consultant

Bergerode Consulting are IASME Governance Assessors and we can help your organisation through IASME Self-Assessed Governance and IASME Audited Governance.
IASME Gold Governance


The price for ISO 27001 Implementation is dependent on the size and complexity of your organisation, and we are confident that we can offer this at a competitive price, so get in touch today.

The price for IASME Self-Assessed Governance is £400 ex. VAT (£480 inc.VAT), which includes 1 free hour of consultancy and help from Bergerode Consulting. Should you require more assistance this can be provided at a competitive price.

The price for IASME Audited Governance is dependent on the size and complexity of your organisation, and we are confident that we can offer a competitive price, so get in touch today.