Skip to main content

Beta What do you think of this service? Your feedback will help us to improve it.

  5. Set your scope

Author: Local Digital

Set your scope

Before you start your CAF for local government self-assessment, discuss and agree on the scope of your assessment with your whole team.

This is where you identify and prioritise your critical systems. Consider your whole IT network during scoping.

What setting your scope involves

During scoping you need to:

  1. Download the CAF scoping workbook (.xlsx, 81KB) – use this to document your scoping decisions
  2. Discuss and document your organisational context – this includes your council’s mission, objectives and priorities
  3. Identify your essential services – these services support your council’s priorities
  4. Identify your critical systems – these are the infrastructure, network and information systems that underpin your essential services. We recommend using the five lens approach to identify these
  5. Finalise your scoping workbook for review
  6. Share your scoping workbook with your independent assurer for feedback

Who should be involved in scoping

Your CAF lead and approver should collaborate with:

  • service leads
  • business system owners
  • IT and cyber security teams
  • other relevant roles identified

You may find it helpful to set up workshop sessions to collaborate on your council’s scoping workbook.

Your quality assurer and CAF approver will need to review and confirm your scoping workbook before you share it.

Timescales

We recommend planning approximately 35 to 40 hours across your CAF team to set your scope. This will vary depending on the size of your organisation.

Why setting your scope is important

It is important your independent assurers and MHCLG understand your organisational context when reviewing your self-assessment.

Knowing your council’s mission, priorities and risk appetite provides a better understanding of:

  • your council’s level of risk exposure
  • whether the security controls you have in place are proportionate

Scoping of your essential services and the critical systems that underpin them is vital for the next stages of the CAF. The systems you identify and prioritise determine what you will focus on during the:

  • architecture mapping of your critical systems
  • self-assessment of your critical systems

Identify your essential services

Contact the CAF for local government team

Email us to ask a question or share feedback.

Sign up to UK Government Security

Subscribe to our newsletters to receive notifications when changes to strategy, policy, standards, and guidance are published on the website.

Sign up now