Revisions: | ||
Date issued: | Author: | Description: |
| First Introduction | |
Introduction
1.1 This schedule sets out
1.1.1 IASME’s requirements for the provision of Management Information (MI) from the IASME Cyber Baseline Certification Bodies; and
1.1.2 the Key Performance Indicators (KPIs) to be met by the IASME Cyber Baseline Certification Bodies.
Management Information (MI)
2.1 IASME shall ensure that appropriate records and management information relating to the operation and delivery of the IASME Cyber Baseline Scheme are gathered and maintained in an industry recognised format, where applicable delegating responsibilities to the Certification Body. These records should include but may not be limited to the following:
2.2 Application Information: IASME shall collect, maintain and report on information obtained from its Certification Bodies relating to applications from Organisations for Certification Services, including but not limited to:
Unique Business ID;
the company name (aligned with Companies House or Charity Registration);
the business sector;
the number of employees in the company (denoting size);
Country/Town/City/Region & Postcode;
Applicant Role;
Certification Level;
Certification Type (1st time/renewal);
Application Status (Pass/Fail/Pending);
Certification Body;
Scope of system to be certified
2.3 Certification Information: IASME shall collect, maintain and report on information obtained from its Certification Bodies relating to the certification of Organisations, including but not limited to:
Unique Business ID;
the company name (aligned with Companies House or Charity Registration);
the business sector;
the number of employees in the company (denoting size);
Country/Town/City/Region & Postcode;
Applicant Role;
Certification Level;
Certification Type;
Unique Certification ID;
Certification Body;
Scope of system certified;
Recommended renewal date.
2.4 Customer Satisfaction Information: IASME shall collect, maintain and report on customer satisfaction information obtained from Organisations, including but not limited to:
unique Business ID
the company name (aligned with Companies House or Charity Registration);
the business sector;
where they heard about the IASME Cyber Baseline Scheme;
why did they decide to engage with the IASME Cyber Baseline Scheme;
cost of Certification;
feedback on how easy and intuitive they found the consumer journey;
comments on their experience in applying for IASME Cyber Baseline;
comments on their experience in using the IASME Cyber Baseline Scheme.
2.5 Reasons for Failure: IASME shall collect information on 'reasons for failure' of Organisations to achieve IASME Cyber Baseline certification.
2.6 Additional Feedback: IASME shall collect, maintain and report on the following information obtained from its Certification Bodies:
Common vulnerabilities;
Common attacks.
Organisations that haven’t chosen to renew
2.7 Web Stats: IASME shall collect, maintain and report on the following information obtained from its website statistics, including but not limited to:
Sessions;
Bounce rate/time spent on site;
Site content;
Dwell time analytics;
How many people are going through to use the Certification Search function;
How many people are clicking through to “Getting Certified”;
Where traffic to the website has arrived from.
3. Key Performance Indicators (KPIs)
3.1 IASME shall agree appropriate KPIs and/or service levels to be used to monitor the performance of the IASME Cyber Baseline Certification Bodies. Such KPIs and service levels may include measures of performance relating to:
Management of Certification Body Relationships
Improvements to the Service;
Resolution of complaints;
Timeliness and quality of monthly reporting
© The IASME Consortium Ltd 2023 All rights reserved