Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 8 Next »

Revisions:

Date issued:

Author:

Description:

First Introduction

Certification Body Criteria

IASME Certification Bodies are companies that are authorised to offer assessment to Cyber Security standards including IASME Cyber Baseline.
In order to be a Certification Body, candidate companies must be able to demonstrate to IASME’s satisfaction that they:

  • Have good cyber security and can keep client data secure

  • Are committed to achieving an excellent and consistent client experience by using a

    quality management system

These two aims set the requirements which are the basis for the Certification Body Criteria. The requirements are detailed below.

In addition, all Certification Bodies must retain at least one IASME Cyber Baseline assessor at all times in order to retain their status as a Certification Body.

Certification Bodies must not change the organisation name to anything that infringes IASME or IASME Cyber Baseline intellectual property or would be likely to cause confusion.

Certification Bodies must use badges associated with the scheme as digital badges, if available, to enable central management of brand and authenticity.

  1. Certification Body Security Requirements

This can be demonstrated through:

  • Achieving and maintaining independently verified ISO 27001 certification

  • Achieving and maintaining audited IASME Cyber Assurance Level 2 certification

The scope of the above certifications must cover all areas of the business that will be involved in certification or that will hold data that relates to certifications.
ISO 27001 certification must be through a UKAS Accredited Certification Body or an International Accreditation Forum (IAF) recognised equivalent.

Verification of the requirements

All Certification Bodies must demonstrate they meet the security requirements before signing the Certification Body contract with IASME unless agreed otherwise with IASME.

  1. Certification Body Quality Requirements

All Certification Bodies must commit to achieving and maintaining a good quality management system.

This can be demonstrated through:

  • Achieving and maintaining independently verified ISO 9001 certification

  • Achieving and maintaining a compliant mark on all of the IASME Quality Principles as part of a successful IASME Cyber Assurance Level 2 certification

  • Achieving and maintaining the QG Quality Fundamentals+ certification

The scope of the above certifications must cover all areas of the business that will be involved in certification or that will hold data that relates to certifications.

ISO9001 certification must be through a UKAS Accredited Certification Body or an International Accreditation Forum (IAF) recognised equivalent.

Verification of the requirements

All Certification Bodies must demonstrate they meet the quality requirements before signing the Certification Body contract with IASME unless agreed otherwise with IASME.

© The IASME Consortium Ltd 2023 All rights reserved

  • No labels