Does anyone know of any well recognised industry standard for certification of IT security standards, for a small company of say 5 employees, without money to spend. ISO I believe is out of the question cos to takes oceans of time. I am looking for something more appropriate to scale. We have a few servers on our network and desktops.