Skip to main content

Beta What do you think of this service? Your feedback will help us to improve it.

  5. How to prepare

Author: Local Digital

How to prepare

Make sure your council is ready to start the Cyber Assessment Framework (CAF) for local government.

For councils starting the CAF for local government, this guide will help you to:

  • prioritise actions to prepare for the self-assessment
  • plan internal collaboration and timescales

1. Understand what the CAF involves for your council

Take time to understand:

2. Identify key roles and responsibilities

Think about who needs to be involved across your council.

The CAF self-assessment requires the support of roles and governance groups across your organisation. We strongly recommend proactive engagement with your:

  • senior leadership and management team
  • service leads
  • system owners
  • commercial (third-party) providers

Think about the resources available in your council and any external factors that might affect completing your self-assessment. If you need extra resources to complete parts of the CAF, make sure these are in place before you start.

3. Create your CAF schedule

You should be confident that your council has the resources, skills and time to complete your self-assessment.

Creating a schedule can be a useful tool for planning. It can help you to:

  • plan how long the CAF will take
  • note any external activities that might affect your council’s schedule
  • decide on a suitable time to start the CAF in your council’s calendar year

Download a template to plan your CAF schedule (.xlsx, 22KB).

4. Book in time for your team to collaborate

The CAF is a council-wide effort and should not be seen as the sole responsibility of your cyber security team.

To support collaboration, we recommend that you:

  • communicate that you are starting the CAF with your organisation
  • identify who needs to be involved at each stage
  • engage with system owners as early as possible
  • book in workshops and collaboration time
  • set up a designated channel for communication, such as on Microsoft Teams or Slack

5. Contact your independent assurer

It is important to engage with an independent assurer throughout the CAF process. Contact your independent assurer while you are preparing and setting the scope to make a plan for your assurance review.

Find out about the independent assurance process.

6. Set up a location to store and share your self-assessment and evidence

It is important you have a way to store your self-assessment workbook and evidence securely and can manage access to it – including for collaborators and your independent assurer.

Find out how to share documents with your independent assurer securely.

Roles and responsibilities

Contact the CAF for local government team

Email us to ask a question or share feedback.

Sign up to UK Government Security

Subscribe to our newsletters to receive notifications when changes to strategy, policy, standards, and guidance are published on the website.

Sign up now