This website uses cookies. View our cookie policy
United Kingdom
Select regional store:

A Cyber Resilience Strategy for Scotland: Public Sector Action Plan 2017–2018

The importance of cyber resilience in Scotland’s public bodies has never been greater. Digital technologies bring enormous opportunities for Scottish public services, but they also bring new threats and vulnerabilities that need to be managed.

The Public Sector Action Plan has been developed in partnership by the Scottish government and the National Cyber Resilience Leaders’ Board (NCRLB). It sets out the key actions that the Scottish government, public bodies and key partners will take up to the end of 2018 to enhance cyber resilience in Scotland’s public sector. Although there are already strong foundations in place, the plan’s aim is to ensure that Scotland’s public bodies work towards becoming exemplars in respect of cyber resilience, and are well on their way to achieving this by the end of 2018.

The action plan focuses on public bodies. Delivery of the plan will be coordinated and led by the Scottish government’s Cyber Resilience Unit, working in partnership with the NCRLB and Scottish public bodies. Wherever possible, the Scottish government will work with key partners in the wider public sector, including local authorities, universities and colleges, to promote an aligned approach to work on cyber resilience.

Download the Scottish Public-Sector Action Plan 2017–18: Summary and compliance guidance green paper >>

Cyber Essentials plays a key role in the Cyber Resilience Strategy for Scotland

  • The Cyber Essentials scheme
  • New Scottish Cyber Resilience Strategy
  • The certification process
  • Key benefits of the scheme
  • Why use IT Governance

Register today >>


Cyber Essentials certification is a key requirement

The plan sets out 11 key actions that the Scottish government and its partners will take during 2017–18 to help address these issues and ensure confidence in standards of cyber resilience in Scotland’s public bodies. Two of these actions relate specifically to achieving Cyber Essentials certification.

Download the full Cyber Resilience Strategy for Scotland >>

Key action 4: The Scottish government will support Scottish public bodies to ensure they have appropriate independent assurance that critical technical controls are in place to protect against the most common cyber threats by the end of October 2018. Funding will be made available to support all public bodies to undergo a Cyber Essentials “pre-assessment” by the end of March 2018, with a view to:

  • Promote a common approach wherever possible; and
  • Ensure well-founded senior-level decisions are made on the most appropriate way of achieving assurance that critical controls are in place.

End of March 2018: Undergo the Cyber Essentials “pre-assessment” funded (to defined limits) by the Scottish government.

End of April 2018: Take a board/senior management-level decision on whether to pursue Cyber Essentials or Cyber Essentials Plus certification.

End of October 2018: Achieve Cyber Essentials or Cyber Essentials Plus certification.

Key action 11: The Scottish government will put in place an effective monitoring and evaluation framework to help assess progress against this action plan and, once developed, the Scottish public sector Cyber Resilience Strategy.

End of June 2018: Provide one-off written assurance at board/senior management level confirming that you have:

  • Undergone a Cyber Essentials pre-assessment;
  • Taken a decision on whether to seek Cyber Essentials or Cyber Essentials Plus; and
  • An expected time frame for achieving this.

End of October 2018: Provide one-off written confirmation that Cyber Essentials or Cyber Essentials Plus certification (or, exceptionally, alternative independent assurance) has been achieved.


Why choose IT Governance for Cyber Essentials certification?

IT Governance is the leading CREST-accredited certification body and has awarded hundreds of certifications, with many more companies achieving certification every day. Our Cyber Essentials clients include Vodafone, Airbus Defence and Space Ltd, Action for Children, NHS Professionals and Lockheed Martin. See the full list of organisations we’ve certified to the Cyber Essentials scheme >>



Speak to an expert

Get cyber resilient today with comprehensive solutions aligned to international best practice.