Triad help the Department for Business, Energy and Industrial Strategy (BEIS) assess their cyber security capability
Triad were commissioned by BEIS to manage the delivery of a pilot to test the new assurance process for government cyber security developed by the Cabinet Office. Our feedback and recommendations were delivered on time, enabling the Cabinet Office to improve the process, policy, documentation, and guidance. Triad have been retained to run the first assessment using the Cyber Assessment Framework (CAF) across the Department for Energy Security and Net Zero and the Department for Science, Innovation and Technology.
About the client
Our client was the Department for Business, Energy and Industrial Strategy (BEIS). BEIS existed until 2023, when it was split to form the Department for Business and Trade (DBT), the Department for Energy Security and Net Zero (DESNZ) and the Department for Science, Innovation and Technology (DSIT). Responsibility for national security and investment policy went to the Cabinet Office.
The challenge
Recognising the importance of cyber security, BEIS volunteered to test a new cyber security assurance process developed by the Cabinet Office and the National Cyber Security Centre. Our brief was to work with the Cabinet Office and senior BEIS stakeholders and manage the delivery of this important pilot test.
The solution
We identified three critical systems that would fall part of the cyber security assessment. Working with the owners of the system, we completed the CAF self-assessment templates, submitting supporting evidence to back up the statements made. We engaged directly with the appointed assessors and managed engagement with the system owners to deliver the final artefacts required for the independent assurance review.
The result
This pilot exercise enabled us to gather extensive feedback and identify significant process, policy, documentation, and guidance improvements. We also identified important lessons for other government organisations to follow when approaching the new assurance process and Cyber Assessment Framework.
The assessment was completed on schedule, and the subsequent final report from the external assessor provided BEIS with detailed recommendations for improvements across the critical systems that were in scope for the pilot exercise. It also enabled BEIS to familiarise themselves with the new assurance process before formal implementation.
Triad has now been retained to run the first assessment using the new framework across the Department for Energy Security and Net Zero and the Department for Science, Innovation and Technology.
