The National Cyber Security Centre Launches Cyber Resilience Audit Scheme
The UK’s National Cyber Security Centre (NCSC) has officially launched a scheme designed to find auditors for a new cyber-resilience initiative. The Cyber Resilience Audit (CRA) scheme was announced at the CYBERUK conference in May, marking a significant step towards strengthening the nation’s cybersecurity defences.
“This new NCSC scheme assures providers who can conduct independent Cyber Assessment Framework (CAF) based audits, which will focus initially on supporting some nationally critical sectors,” explained Catherine H., head of assured professional schemes at the NCSC.
The aim of the CRA scheme is to ensure that suppliers meet the common requirements set by oversight bodies, ultimately enhancing the overall cyber-resilience of the country. Companies that join the scheme will have the opportunity to conduct audits in specific sectors, provided they meet additional requirements specified by the oversight body.
Previously, the NCSC had to collaborate with various oversight bodies, including government departments and regulators, to establish the necessary framework for the CRA scheme. Moving forward, the NCSC will continue to work closely with these entities to monitor and develop the scheme, with a focus on improving the nation’s cyber-resilience capabilities.
“The scheme standard and associated documentation are all available on our website,” Catherine H. stated. “We anticipate opening the scheme for business in the autumn once a sufficient number of companies have been accepted into the scheme. Information for buyers will also be published at that time.”
The CRA is open to prospective audit companies of all sizes, with a particular emphasis on encouraging diversity and representation within the industry. Companies that are addressing issues of under-representation or serving remote areas are especially encouraged to participate in the scheme.
In line with the government’s commitment to enhancing cybersecurity across all sectors, the launch of the GovAssure scheme in April 2023 underscores the importance of independent auditing in verifying government agencies’ cyber-resilience efforts based on the CAF guidelines.
Stay informed about the latest developments in cyber-resilience by following the #CYBERUK23 conference and the NCSC’s initiatives. Collaboration and continuous improvement are key to building a strong cybersecurity foundation for the future.
Read more on cyber-resilience: #CYBERUK23: NCSC Urges International Collaboration to Build Cyber Resilience
Image credit: T. Schneider / Shutterstock.com