Cyber & Data Security
IT Management, Policies & Certifications

Are there any substitutes to ISO 27001 suitable for my business?

This article was updated on:
Jan 22nd, 2009

ISO certifications are known across the world as a way of demonstrating best practice in a number of disciplines, the 27001 is for Information Security.

Though ISO 27001 for a small business may be overly formal, costly and complex, so what are the alternatives if you know you need to take your information security seriously and demonstrate this to your clients?

Cyber Essentials

The Governments Cyber Essentials Accreditation is the perfect starting point for a small business that doesn’t know where to start. It’s 5 areas of compliance cover:

* Boundary firewalls and internet gateways

* Secure configuration

* Access control

* Malware protection

* Patch management

Don’t get me wrong, Cyber Essentials is a world apart from ISO 27001 accreditation, but as a starting point it’s great. It’s not overwhelming or particularly complex, although if you have no IT expertise to call on you will need a little help.

As a Self-Certification this can start from as little as £300, but you can have an independently audited version, Cyber Essentials Plus, which holds more weight as a certification and is a necessary requirement for some Government and Local Authority work.

IASME Governance Standard

IASME (Information Assurance for Small & Medium Enterprise) are a Certification Authority that not only deliver the Cyber Essentials Accreditation Scheme on behalf of the Government, but they have also designed an independent on-site audit of the level of information security provided by your organisation. It offers a similar level of assurance to the internationally recognised ISO 27001 standard but is simpler and often cheaper for small and medium-sized organisations to implement.

This standard builds upon the primarily technical focus of Cyber Essentials certification (and includes the CE certificate as well) and adds in more policy and procedural elements for businesses. IASME have mapped their standard to:

* NCSC – 10 Steps to Cyber Security

* NIS Directive – Cyber Assessment Framework

* MoD – Defence Cyber Protection Partnership

Southern IT are a certification body for IASME and can deliver certification to the Cyber Essentials, Cyber Essentials Plus and IASME Governance standards.

If you’d like a chat to see if any of these standards will suit your business, feel free to give us a call.

Contact Us

Contact Us
Knowledge Centre Categories
Cyber & Data Security
IT Management, Policies & Certifications
Microsoft 365
Telecoms & Connectivity
Latest Related Article
Password ‘Sextortion’ and Ransomware
Continue reading...
Keen to learn more? Explore our other related resources below:
December 13, 2025
Password ‘Sextortion’ and Ransomware
Cyber & Data Security
August 1, 2025
Thinking About Buying Second-Hand Tech for Your Small Business? Read This First...
Telecoms & Connectivity
IT Management, Policies & Certifications
July 1, 2025
How Might Hackers Exploit My Cyber Security? 7 Tricks Small Business Owners Need-To-Know!
Cyber & Data Security
June 1, 2025
Microsoft 365 Apps: A Small Business Owner’s Toolkit!
Microsoft 365
IT Management, Policies & Certifications
May 1, 2025
MFA Isn’t Optional Anymore: Here’s Why
Cyber & Data Security
IT Management, Policies & Certifications
April 1, 2025
Why Digital Offboarding Needs to Be on Your Radar!
Cyber & Data Security
March 1, 2025
Backup Essentials for Small Businesses: Have you explored the options?
IT Management, Policies & Certifications
February 12, 2025
Upgrading to Windows 11: It’s ESSENTIAL, Let us explain why!
Cyber & Data Security
February 1, 2025
11 Simple Steps to Keep Your Microsoft 365 Data Safe
Cyber & Data Security
Microsoft 365
November 12, 2024
7 IT Policies Your Small Business Needs
IT Management, Policies & Certifications
July 5, 2022
4 Tell-Tale Signs You Need an IT Support Partner
Microsoft 365
IT Management, Policies & Certifications
May 23, 2022
The 5 Benefits of Outsourcing IT Support
IT Management, Policies & Certifications
Cyber & Data Security
October 11, 2021
The Business Benefits of an IT Partner
IT Management, Policies & Certifications
July 28, 2021
Buyer's Guide: How To Choose An IT Partner
IT Management, Policies & Certifications
June 10, 2021
Microsoft Azure Migration: How Can it Benefit Your Business?
IT Management, Policies & Certifications
May 12, 2021
Cyber Essentials Toolkit
Cyber & Data Security
April 19, 2021
Why your Business needs Microsoft 365 Backup
IT Management, Policies & Certifications
Cyber & Data Security
March 4, 2021
Is Microsoft 365 Secure? Our 5 Essential Tips to Stay Safe
Microsoft 365
Cyber & Data Security
February 1, 2021
Free Cyber Security Awareness Training!
Cyber & Data Security
December 20, 2020
Why Do Businesses Only Care About Cyber Security Once They Get Hacked?
Cyber & Data Security
October 17, 2019
Ransomware – Should You Be Worried? 
Cyber & Data Security
August 12, 2019
Identity Fraud - Easier Than Ever
Cyber & Data Security
March 28, 2019
Invoice Diversion Scenario
Cyber & Data Security
March 26, 2019
Phishing/Ransom Attack Scenario, What Would You Do?
Cyber & Data Security
March 20, 2019
How do I pick the Right Support Company for my Business?
IT Management, Policies & Certifications
March 13, 2019
The difference between Cyber Essentials and Cyber Essentials PLUS
Cyber & Data Security
December 4, 2018
What is the Difference Between Penetration Testing and Vulnerability Scanning?
IT Management, Policies & Certifications
Cyber & Data Security
November 28, 2018
How Secure is My Password?
Cyber & Data Security
November 2, 2018
How much help do I need to get Cyber Essentials Certified?
Cyber & Data Security
October 23, 2018
What is an SSL certificate and why do I need one?
IT Management, Policies & Certifications
Cyber & Data Security
October 3, 2018
Defining the Scope for Cyber Essentials
Cyber & Data Security
October 1, 2018
Is it time to switch your IT partner?
Cyber & Data Security
October 1, 2018
The Facebook Breach: This is What You Need to do NOW...
Cyber & Data Security
September 20, 2018
Email Spoofing Scenario
IT Management, Policies & Certifications
Cyber & Data Security
September 7, 2018
The difference between Disaster Recovery and Business Continuity
IT Management, Policies & Certifications
August 31, 2018
Office Move - IT Checklist
IT Management, Policies & Certifications
August 28, 2018
7 Signs you’ve outgrown your IT support partner
IT Management, Policies & Certifications
August 24, 2018
What is OneDrive and why should my business be using it? 
Telecoms & Connectivity
Cyber & Data Security
August 21, 2018
What types of IT Support are there?
IT Management, Policies & Certifications
August 20, 2018
What is GDPR?
Cyber & Data Security
August 20, 2018
Principles of GDPR compliance and the Rights of Data Subjects
IT Management, Policies & Certifications
August 16, 2018
How to Budget for Your IT as a Business Owner (Plus Free Template)
IT Management, Policies & Certifications
August 15, 2018
Server VS Cloud - Which is best for your business?
Telecoms & Connectivity
Cyber & Data Security
August 14, 2018
Does my small business really need a server? 
IT Management, Policies & Certifications
Telecoms & Connectivity
August 14, 2018
Why Should I get my business Cyber Essentials certified?
Cyber & Data Security
August 14, 2018
How Much Does Outsourced IT Support Cost in 2023?
IT Management, Policies & Certifications
Cyber & Data Security
May 1, 2018
The Difference between NCSC Small Business Guide & Cyber Essentials
Cyber & Data Security
December 2, 2017
Cyber Essentials Certification: Everything You Need to Know
Cyber & Data Security
October 12, 0202
A Beginner’s Guide to Azure Active Directory
IT Management, Policies & Certifications