Data Governance: Because Chaos Is Not a Strategy In 2025

The PTC team has completed the final part of our annual re-certification obligations & Data Governance Objectives. This investment will help enable us to continue providing Cyber Essentials and IASME CA L1 & 2 certification body services to our global clientele through to 2027. ICAL2 provides reassurance to our DORA clients as part of their supply chains, helps maintain our CREST member company (Penetration Testing) status and many other benefits.

IASME Cyber Assurance Level 2 provides an audited version of the Level 1 self-assessment-based standard. It offers an in-depth evaluation of current policies and procedures, with a special focus on a total of 13 individual themes. These cover a variety of topics in the IT governance space, such as the following:

• Risk Assessment and Management
• Monitoring
• Change Control
• Training and Managing People
• Backup Management
• Incident Response and Business Continuity

Prospective applicants must hold a valid Cyber Essentials certificate in order to pursue IASME Cyber Assurance. Download a copy of the latest standard below.

IASME Cyber Assurance Standard

This offering provides an affordable option for organizations that want to implement key requirements of ISO 27001 without the tens of thousands of pounds in overhead costs it can take to implement and maintain. Organizations seeking the accreditation would be subject to an annual self-assessment and an audited evaluation of their answers by an evidence-based assessment every three years.

By choosing IASME Cyber Assurance Level 2, organizations demonstrate their commitment to cybersecurity and IT governance. Not only does it strengthen internal processes, but it also enhances reputations with clients and partners. It showcases a proactive approach to risk management, ensuring that systems and processes are robust enough to handle ever-evolving cyber threats.

The standard has a similar level of maturity to the Cyber Essentials scheme. There appears to be growing interest in the standard from public bodies in Wales, which has led to an increase in the number of queries PTC receives looking for further information. A potential additional but limiting factor for this trend is the implementation of the Procurement Act 2023, which comes into effect in February 2025. The Act is aimed at making public procurement more accessible to small businesses by enabling them to compete for public contracts. Certifications like IASME Cyber Assurance can serve as an alternative to ISO 27001, providing a practical pathway for organizations aiming to meet the Act’s requirements.

The Procurement Act 2023’s focus on inclusivity underscores the importance of manageable yet effective certifications. This creates an exciting opportunity for SMEs to showcase their capabilities while staying compliant with high industry standards. PTC has observed that many organizations seeking to remain competitive are taking steps to adopt IASME Cyber Assurance Level 2 as a trusted credential for their operations.

It’s been a bright start to 2025, with important milestones being met. Looking ahead, PTC’s efforts remain focused on supporting our clients in our journey toward better cybersecurity. By investing in certifications, we can position ourselves as leaders in our industries, ready to tackle the challenges of today’s digital landscape.

Is data governance part of your organization’s strategy to combat cyber threats this year? Why not get in touch and find out how we can help you integrate this into your daily business operations? Whether you’re aiming to meet new procurement standards, ensure compliance with industry best practices, or simply bolster your internal defences, PTC is here to guide you every step of the way.