Skip to main content

Beta What do you think of this service? Your feedback will help us to improve it.

  5. Submit your progress to MHCLG

Author: Local Digital

Last updated: 2025-03-20

Submit your progress to MHCLG

We want to understand cyber security risks and issues within the sector, so that we can consider how to further support the sector in addressing these risks.

By submitting your CAF progress to MHCLG, you will help us achieve this goal.

What to submit to MHCLG

You should submit your finalised assurance report and improvement and implementation plan.

Your independent assurer will let you and MHCLG know when this workbook is ready to submit.

You should submit the workbook in the same file format that you received it in from your independent assurer.

How to submit your workbook to MHCLG

Documents are submitted to MHCLG using Egress – a secure file transfer software.

After your assurer confirms your workbook is ready for submission, we will send you a secure file upload link. Use this link to upload your workbook to Egress.

Once you have uploaded your workbook to Egress, we will transfer it to our systems to be securely stored. If there are any problems with the uploaded workbook, we will contact you.

How long MHCLG keeps the information

Documents are stored on Egress for up to 6 months.

We will keep your workbook on our systems for 7 years. After this time we will delete it.

Only people that need understand cyber security risks and issues within the sector will have access.

We will review the information stored annually to:

  • make sure it is still required to help us understand cyber security risks and issues within the sector
  • delete any information that is no longer required
  • check that only the relevant people have access

How MHCLG uses this information

We will look at your assurance report and implementation and improvement plan to understand cyber security risks and issues across the sector as a whole, and consider how we can best provide support.

This is in line with the ambitions set out in the Government Cyber Security Strategy 2022-2030.

Submissions to MHCLG will not be made publicly available but MHCLG will share sector-wide insights with councils.

Read more about the standards you can expect us to meet when we ask for, do something with or continue to hold, your personal information in the MHCLG personal information charter and privacy notice.

Sign up to UK Government Security

Subscribe to our newsletters to receive notifications when changes to strategy, policy, standards, and guidance are published on the website.

Sign up now