Last updated:

30th December 2024

See answers to previous information requests

How to search

  • Select a year and/or a month from the drop down list
  • Type a subject into the 'Subject keyword(s):' search (Optional)
  • Click 'Search' button
     

Alternatively click 'View' to browse through all received requests. 

This search is for our information requests from September 2020 onward. 

Cyber Assessment Framework

Request ID
21799
Date Received
Date Resolved
Details

See notes

Resolution
See notes
Notes

I am writing to request information under the Freedom of Information Act 2000 regarding the Council’s current status and plans regarding the National Cyber Security Centre (NCSC) Cyber Assessment Framework (CAF).

1. Adoption Status
• Has the Council formally adopted the Cyber Assessment Framework (CAF) as its primary cyber security assurance model: No
• If yes, on what date was the framework adopted, and what is the current progress of its implementation (e.g., pilot stage, partial rollout, or fully implemented): N/A
• If the Council has not adopted the CAF, is there a formal plan or timeline to do so in the 2026/27 financial year (or beyond): Project to commence Q3 26/27

2. Alternative Frameworks
• If the Council has decided not to adopt the CAF, please state the primary reason for this decision (e.g., lack of resources, preference for other standards, or awaiting further central government guidance): N/A
• Please list any other cyber security or risk management frameworks currently in use by the Council outside of PSN (e.g., ISO 27001, Cyber Essentials/Cyber Essentials Plus, NIST): N/A

3. Manpower and Personnel
• How many Full-Time Equivalent (FTE) staff members are currently allocated to the implementation, assessment, or ongoing maintenance of the CAF: N/A
• Has the Council recruited new staff specifically to handle the requirements of the CAF, or has the workload been absorbed by existing IT/security teams: N/A
• Have external consultants or third-party service providers been contracted to assist with the CAF assessment: N/A
• How are you planning to select systems to be prioritised during the CAF implementation: Corporate & Service Business Impact Assessments

4. Financial Cost
• What is the total estimated cost to date of adopting/implementing the CAF framework within the Council? (Please include costs for staff time, software/tools, and external consultancy): N/A
• What is the projected annual budget for maintaining compliance with the CAF over the next three financial years: N/A

5. Governance
• Which department or senior leadership role (e.g., SIRO, CISO, or Head of IT) is ultimately responsible for the Council’s CAF compliance and reporting: Service Director - DDaT

Give website feedback

Happy face Neutral face Sad face