The Cabinet Office and the National Cyber Security Centre collaborated to create a new cyber security assurance process for government departments.- Both DESNZ and DSIT were keen to participate, provided they could find someone to run the pilot for them.
- We worked with the Cabinet Office and senior stakeholders to manage the delivery of this important milestone.
- 1
We identified three critical systems that would form part of the cyber security assessment. - 2Working with the systems’ owners, we completed the CAF self-assessment templates and submitted supporting evidence to back up the statements made.
- 3We engaged directly with the appointed assessors and managed engagement with system owners to deliver the final artefacts required for the independent assurance review.
- Our feedback and recommendations were delivered on time, enabling the Cabinet Office to improve the process, policy, documentation and guidance.
- This exercise gave DESNZ and DSIT the opportunity to familiarise themselves with the new assurance process before formal implementation.
- We identified important lessons for other government organisations to follow when approaching this new assurance process and Cyber Assessment Framework.
Their story
DESNZ and DSIT were keen to participate in a new Cyber Assessment Framework (CAF) that The Cabinet Office and the National Cyber Security Centre had created for government departments.
A learning opportunityNew improvementsGoing live
This pilot exercise enabled DESNZ and DSIT to gather extensive feedback and identify significant process, policy, documentation, and guidance improvements.
The final report from the external assessor provided us with detailed recommendations for improvements across the critical systems.
Triad has now been retained to run the first assessment using the new framework across the Department for Energy Security and Net Zero and the Department for Science, Innovation and Technology.
