Skip to main content

What do you think of this service? Your feedback will help us to improve it.

Author: Local Digital

Prioritise your critical systems

How to prioritise the critical systems you have identified as part of your CAF for local government self-assessment.

Once you’ve applied the five lens model – or an equivalent methodology of your choice – review the systems you have identified.

The five lens method is a useful model to create a shortlist, but you must use your team’s expertise and knowledge of your council to decide which three are of highest priority to you.

Decide which ones are of greatest priority to determine:

  • which systems have potential to be in scope for your Cyber Assessment Framework (CAF)
  • which are additional systems which could be considered in scope, or included in the future

Your prioritised critical systems are likely to be systems which would have a significant effect on your council if a cyber attack took place.

Make sure you can explain the rationale behind your choice.

Review your shortlist as a team

Prioritising your critical systems collaboratively is important. Use your shortlist of critical systems to discuss as a team which are most critical to your council.

Your CAF lead should collaborate with:

  • service leads
  • business system owners
  • IT and cyber team members who have architecture mapping skills

We recommend booking workshops, meetings or creating a channel on Teams or Slack to undertake this activity as a team

Activities that can support prioritising your critical systems

Finalise and share your scoping workbook

Share your draft scoping workbook with your internal CAF quality assurer. They will need to make sure it accurately reflects your organisational context, and that the team has agreed on your chosen critical systems.

Work with them to discuss feedback before getting final sign off from your CAF approver.

Once the workbook has been signed-off, you need to securely share the final version with your independent assurer. Then, submit it to MHCLG.

Find out how to share your self-assessment securely.

How to submit to MHCLG

MHCLG needs to understand which systems are in scope so that we can better understand any risks or issues within the sector, and consider how to further support the sector in addressing these risks.

We plan to publish more information on how to securely submit these documents, and how your information will be used, in spring 2025.

Complete your self-assessment

Contact the CAF for local government team

Email us to ask a question or share feedback.

Sign up to UK Government Security

Subscribe to our newsletters to receive notifications when changes to strategy, policy, standards, and guidance are published on the website.

Sign up now