Skip to main content

What do you think of this service? Your feedback will help us to improve it.

Author: Local Digital

Set your scope

Before you start your CAF for local government self-assessment, discuss and agree on the scope of your assessment with your whole team.

Considering your council’s mission, objectives and priorities will give you a clear understanding of:

  • the essential services that support your council’s priorities
  • the core infrastructure, network and information systems that underpin these
  • the critical systems to prioritise for your assessment

You should consider the entirety of your organisation’s IT network during scoping.

What setting your scope involves

During scoping you will need to:

  1. Download the CAF scoping workbook (.xlsx, 74KB) – use this to document your scoping decisions
  2. Discuss and document your organisational context
  3. Identify your essential services
  4. Identify your critical systems – we recommend you use the five lens approach to identify and prioritise your critical systems
  5. Finalise your scoping workbook for review
  6. Share your scoping workbook with your independent assurer for feedback

Who should be involved in scoping

Your CAF lead and approver should collaborate with:

  • service leads
  • business system owners
  • IT and cyber security teams
  • other relevant roles identified

You may find it helpful to set up workshop sessions to collaborate on your council’s scoping workbook.

Your quality assurer and CAF approver will need to review and confirm your scoping workbook before you share it.

Timescales

We recommend planning approximately 30 to 35 hours across your CAF team to set your scope. This will vary depending on the size of your organisation.

Why setting your scope is important

It is important your independent assurers and MHCLG understand your organisational context when reviewing your self-assessment.

Knowing your council’s mission, priorities and risk appetite provides a better understanding of:

  • your council’s level of risk exposure
  • whether the security controls you have in place are proportionate

Scoping of your essential services and the critical systems that underpin them is vital for the next stages of the CAF. The systems you identify and prioritise determine what you will focus on during the:

  • architecture mapping of your critical systems
  • self-assessment of your critical systems

Identify your essential services

Contact the CAF for local government team

Email us to ask a question or share feedback.

Sign up to UK Government Security

Subscribe to our newsletters to receive notifications when changes to strategy, policy, standards, and guidance are published on the website.

Sign up now