For more information on the cyber assessment framework, or an obligation-free quote, please contact our NIS Regulations team today.
The NCSC (National Cyber Security Centre) has published 14 high-level security principles with which all OES (operators of essential services) must implement, in the form of the CAF (Cyber Assessment Framework).
OES’ compliance with the NIS Regulations (Network and Information Systems Regulations) is monitored through audits conducted by designated competent authorities.
The CAF breaks each principle down into specific outcomes, which are then further broken down into IGPs (indicators of good practice). An auditor will use these IGPs to determine if the organisation has correctly applied the principle.
Find out how to get started and what steps you should take with an NIS Regulations gap analysis
View our compliance framework
The CAF consists of the following compliance elements:
Get a true picture of how your current cyber security arrangements measure up against the requirements of the Network and Information Systems Regulations 2018 with our NIS Regulations gap analysis service.
The NIS Regulations Gap Analysis is suitable for both operators of essential services (OES) and digital service providers (DSPs), and will assess your organisation’s current level of compliance against the NIS Regulations’ requirements.