What the independent assurance review involves
Once you have completed the CAF for local government self-assessment of your organisation or critical system, an independent assurer will review it.
The independent assurer will look at your submission and your supporting evidence to:
- confirm which outcomes your organisation meets
- highlight areas of good practice within your organisation
- recommend areas for improvement to make sure your council has appropriate resilience and associated risk
Why assurance is important
The independent assurance review gives you an external view of how resilient your organisation currently is. It confirms that your assessment reflects how you are protecting your critical systems and organisation.
The assurance process:
- confirms where you are making appropriate efforts to mitigate against common cyber attacks
- identifies areas for improvement that you can then prioritise
- helps you communicate to your senior leaders, so everyone can understand your cyber risk
When your self-assessment is ready for the assurance review
You are ready for the independent assurance review once:
- your organisation has completed your self-assessment
- you have collated relevant evidence and documentation to support your assessment
- your quality assurer and CAF approver have agreed internally that you are ready for review
When we will publish more information on assurance
We plan to launch guidance on how the independent assurance review of the organisation self-assessment will work in winter 2024. This will include information on the assurance support that MHCLG plans to provide to councils.
We plan to launch guidance on how the independent assurance review of the critical systems self-assessment will work in spring 2025.