Revisions: | ||
Date issued: | Author: | Description: |
| First Introduction | |
The CB shall meet the contractual requirements and such other Scheme requirements as IASME shall specify from time to time
Organisation |
The Certification Body shall hold a Cyber Baseline certificate to the level to which it delivers Certification Services. This certification must be obtained from another Certification Body. |
The Certification Body shall ensure that all its Assessors have attended the required assessor training course, as well as any updates and development activities as specified by IASME. |
The Certification Body shall document and operate a quality assurance process, in accordance with the principles and guidance of ISO9001. |
Certification Services |
The Certification Body shall work with IASME to have a consistent impartial process for awarding certificates to Organisations (including guidance for pass/fail guidelines) whose assessment or test has been successful against the IASME Cyber Baseline Standard. |
The Certification Body shall adhere to the Certification Process when carrying out certifications, in accordance with the IASME Cyber Baseline Documentation as stipulated by IASME. |
The Certification Body shall administer a consistent impartial process for providing appropriate feedback to an Organisation where assessment or testing has not been successful. |
The Certification Body shall work with IASME to develop a consistent process for recording and storing the results of its assessments and tests against the IASME Cyber Baseline Standard. |
The Certification Body shall have and document a complaints and appeals process for Organisations, including an escalation process allowing Organisations to escalate complaints or appeals to IASME. |
The Certification Body shall work with IASME to design and develop a process for the consistent, impartial assessment of applicants to be an IASME Cyber Baseline Assessor against the agreed Assessor Criteria, the process shall include providing guidance on pass or fail criteria. |
The Certification Body shall ensure that Assessors who are assessing information systems have an appropriate level of Cyber Security/IA competence as stipulated by IASME. |
The Certification Body shall ensure that the administration of Certification Services are delivered digitally. |
The Certification Body shall provide Organisations with standardised terms and conditions for the provision of Certification Services ensuring that the language is tailored appropriately to audience segments. |
The Certification Body shall work with IASME to design for Organisations a standardised, personalised report, considering audience segmentation, advising (should they fail) on how they can address any outstanding issues to improve their security ("Feedback Report"). |
The Certification Body shall provide each Organisation which fails a certification with a Feedback Report. |
The Certification Body shall request that Organisations complete a standardised customer satisfaction survey after it has undergone assessment and/or certification. |
The Certification Body shall implement and maintain a process for identifying and addressing any conflicts of interest, however arising, in relation to the provision of IASME Cyber Baseline Services. |
The Certification Body and their Assessors shall adhere to the principles and guidance of ISO/IEC 27002:2013 or IASME Cyber Assurance when carrying out Certification Services. |
The Certification Body should perform a spot check on an Organisation's usage of the relevant Certification Mark, immediately after the Organisation's renewal of certification date, should an Organisation choose to not renew. |
Branding |
The Certification Body shall supervise the use of the IASME Cyber Baseline Certification Marks by Organisations in accordance with the relevant Certification Mark Regulations. |
Marketing and Communications |
The Certification Body shall ensure that the language and content of its website are aligned and consistent with the IASME Cyber Baseline standard (including not making any misleading statements or misrepresentations of its role in and/or of the operation of the Scheme), |
The Certification Body shall take account of audience segmentation in developing marketing and promotional activities and events, including location and timing. |
The Certification Body shall present marketing and promotional material in diverse formats with language and level pitched appropriately for the relevant audience. |
Audit |
The Certification Body shall allow IASME to perform ad-hoc audits to assess whether the Certification Body is meeting the requirements as set out in the Supplier Agreement. |
Service Standards:
The IASME Cyber Baseline CB shall perform its obligations under the Agreement at all times:
in compliance with the Security Policy;
in accordance with the Quality Plans;
in accordance with the IASME Cyber Baseline Documentation;
subject to Clause 1.3 (Order of precedence) in the main Agreement in accordance with the Proposal;
by adequate numbers of appropriately experienced, knowledgeable, qualified, professional and trained personnel, by reference to their role and level of responsibility;
with all due care, skill and diligence;
in a good, safe and professional manner;
in a manner not likely to be injurious to health or to cause damage to property or the environment;
in compliance with all applicable Laws, guidance and consents, and so as not to prejudice renewal of any consents, or put IASME in breach of any Law, guidance or consents;
so as not to embarrass IASME or bring IASME or the IASME Cyber Baseline standard into disrepute or damage IASME's operations, standing, public image, reputation or goodwill and so as not to attract adverse publicity to IASME or the IASME Cyber Baseline standard.
IASME Cyber Baseline standard improvements:
The CB shall have an ongoing obligation throughout the Term:
to identify new or potential improvements to the IASME Cyber Baseline standard, the Certification Services and the IASME Cyber Baseline Services;
to notify those improvements to IASME.
© The IASME Consortium Ltd 2023 All rights reserved