CAF for Local Government - Help is at hand!

The Cyber Assessment Framework (CAF) for Local Government provides a systematic approach to assessing how well a local authority is managing the cyber risks associated with its essential functions that is managing the security risks, protecting against cyber attacks, detecting cyber attacks and minimising their impact should they occur.

The CAF has been developed to meet a range of requirements that include:

• Providing a framework that assists in carrying out cyber resilience assessments.
• An outcome-focused approach based on the NCSC’s cyber security and resilience principles.
• Retaining compatibility with appropriate existing cyber security guidance and standards.
• Enabling the identification of effective cyber security and resilience improvement activities.

Thumbs up… but lots to do 

Feedback from organisations that have been working with the framework has been positive. There is also however a recognition that getting onboard with the CAF introduces a considerable workload for participating councils, so resourcing for this exercise should be thought through in advance.

Help is at hand

The team at Protocol Policy Systems (PPS) have recently conducted a project to align the best practice policy content of Policy Management as a Service with the CAF requirements. Therefore when conducting a framework assessment exercise our customers will be able to quickly and easily demonstrate that they have evidence in the form of tailored IT policies and indicators of good practice (IGP’s) in place across all 4 sections of the framework – a) Managing security risk, b) Protecting against cyber attack, c) Detecting cyber security events and d) Minimising the impact of cyber security incidents.

Fast and effective 

In short, PPS take care of the heavy lifting for organisations that have limited IT policy content in place and/or policies that are no longer fit for purpose. Policy Management as a Service provides a cost-effective fast track means to getting policy content in place that is tailored to a client’s business requirements and then keeps it up to date thereafter. The policies currently available via the service are mapped to standards such as ISO 27002 and PCI-DSS, the addition of support for the CAF for Local Government makes Policy Management as Service a fantastic resource for the sector.

Click here to download the infographic

Policy Management as a Service: FAQs - About the Service

Attending the Information Security for London Conference?

Protocol Policy Systems are exhibiting at the Information Security for London (ISfL) on 6th March at Queen Elizabeth II Centre, Broad Sanctuary, London. For more details and register, click here.