IASME – IT Security for SMEs

An information assurance standard certification for small and medium-sized businesses

iasme, sme

IASME (Information Assurance for SMEs) is a national programme that provides qualifying SMEs (less than 250 staff) with certification that has been specifically designed with the small business in mind.

The programme is well grounded in international standards and has flexibility, credibility and affordability built in.
Good information security is an asset that is as valuable as more tangible resources such as your staff, hardware, software, manufacturing plant, or other materials. A lack of information security is a liability for you and a risk that your customers and supply/demand chain partners may not want to take. Coupled with potential fines of six-figures or more – on top of the damage to your reputation and the cost to sort out an incident – the financial impact can be catastrophic.

IASME is all about helping you develop or improve the security of your business information. We do this by building on what you do already and provide templates where you need more assistance. Our assessors provide careful guidance during the assessment process whilst making sure that you pick up the skills to manage information security independently.

How your information security measures are implemented will depend on the complexity, size, and risk profile of your business.

What does IASME look at?


What information does your business rely on? Where does it come from? How is it handled?


What are the risks to your business information?


Know your assets; acquire and dispose of them securely.

People security

Know your people and educate them in security.

Physical and environmental security

Protect your assets from physical and environmental harm.


Control who and what can access your information.

Planning and acquisition

Build security and privacy in at the start – make sure you have the right-sized information systems.


Manage and monitor your IT systems effectively, including prevention and detection of malicious code – defending against malware – and be ready to recover from infection.

Incident management

Ensure threats to your business are detected and dealt with – learn the lessons!


With legal, statutory, regulatory and contractual obligations and security requirements – know what is required and demonstrate compliance.

To get more information

Please contact us using the form below

Your Name (required)

Your Email (required)


Your Message


Are you a real person?


Please enter the code above in the box below.