Find out how the IASME Governance based Supplier Cyber Security Questionnaire may help you protect your business
Who should use this IASME Governance based supplier Cyber Security Questionnaire
This Cyber Security questionnaire allows organisations in a supply chain to demonstrate their level of cyber security and their information security practices. With increasing threats of cyber-terrorism, malware and data theft, the prioritisation of good information security practices within a business is key to avoiding fines, reputational damage and loss of business. A common weakness to a business is often from their supply chain or third parties which, given a wide spread of risk, makes it useful to have a risk-proportional questionnaire approach in this area. Organisations that wish to avoid dealing with non-compliant businesses and minimise exposure to high-risk data practices can use this Standard Assessment within Rizikon Assurance. This comprehensive assessment will assist with ensuring an acceptable level of information security within an organisation, especially where the risk and impact of a data breach is considered to be high.
How the IASME Governance based Supplier Questionnaire was developed
This Cyber Security questionnaire is based on the government-funded IASME Governance standard, which is designed to help cover the breadth of information security. This questionnaire is aligned to a similar set of controls to ISO 27001 but is more affordable and achievable for small and medium sized organisations to implement. The questions in this Standard Questionnaire are derived from the questions an organisation will answer when being assessed for IASME Governance. Request a copy of this questionnaire to be sent to you.
IASME Governance based Supplier Questionnaire structure, sections and scoring
The structure of the Cyber Security (IASME Governance based) Questionnaire includes sections on information assets, cloud services, risk management and data protection, incident management, backup and restoration, and more, in addition to those topics found in Cyber Essentials. There are 21 of these sections, ensuring an in-depth questionnaire of information security. The questions are scored on a tiered basis – answers can be provided that are either scored Minor, Major or Fail. These scores listed indicate that organisation is potentially not operating within a pass mark of the IASME governance standard, whereas compliant answers will remain un-highlighted. The overall questionnaire score will be inherited from the most severe question score provided, highlighting their score of least compliance. The content of this questionnaire covers the most basic cyber-security practices than an organisation can adopt, as covered by Cyber Essentials, and also further, more detailed GDPR requirements.