00:00:00:00 - 00:00:03:33
In this video,we're going to go through How to Navigate

00:00:03:33 - 00:00:06:13
Self-Assessment workbook with a cyber

00:00:06:13 - 00:00:09:00
assessment framework for local government.

00:00:09:00 - 00:00:12:20
So the workbook is usually completed by your CAF

00:00:12:20 - 00:00:16:10
lead using information from your captain.

00:00:16:10 - 00:00:18:34
And it's shared with your independent,the Shire,

00:00:18:34 - 00:00:22:43
who use it to producean assurance report for your council.

00:00:22:43 - 00:00:27:00
So let's go ahead and open

00:00:27:00 - 00:00:29:37
the organizational self-assessment.

00:00:29:37 - 00:00:32:51
So this is for objectives A and D.

00:00:32:51 - 00:00:36:13
First thing you're going to seeis the contents tab.

00:00:36:13 - 00:00:38:53
And this lists each section of the workbook

00:00:38:53 - 00:00:41:53
gives you an idea of what each section contains.

00:00:42:51 - 00:00:47:19
And then after that you have the how to tab.

00:00:47:19 - 00:00:48:33
So this has useful

00:00:48:33 - 00:00:51:58
pointers on what you should familiarize yourself

00:00:51:58 - 00:00:55:45
with before completing the self-assessment.

00:00:55:45 - 00:01:00:00
The next tabthere is the CAF for Local Government Profile.

00:01:00:00 - 00:01:03:42
The profile showsthe contributing outcomes for each objective.

00:01:03:42 - 00:01:06:52
What council should aim to achieve over time?

00:01:06:52 - 00:01:11:12
So we're not expecting councilsto achieve all of these during the assessment.

00:01:11:12 - 00:01:14:35
The point is for councilto use the self assessment

00:01:14:35 - 00:01:19:36
to understandthe current level of cyber resilience.

00:01:19:36 - 00:01:23:35
And then the next tab afterthat is the progress tracker.

00:01:23:35 - 00:01:26:34
So this is a useful way

00:01:26:34 - 00:01:27:20
for you

00:01:27:20 - 00:01:30:29
to divvy up tasks between your collaborators.

00:01:30:29 - 00:01:33:40
But it's really up to youwhether you want to use it or not.

00:01:33:40 - 00:01:37:27
For example, you might prefer to usea project management tool.

00:01:37:27 - 00:01:40:16
You commonly use.

00:01:40:16 - 00:01:41:30
Then there's the self-assessment

00:01:41:30 - 00:01:44:46
tabs, which I'll come back to in a moment.

00:01:44:46 - 00:01:50:01
First, I want to show you the EvidenceTracker template, which is the last tab.

00:01:50:01 - 00:01:54:18
So when you come to do your self-assessment,you need to provide evidence

00:01:54:18 - 00:01:59:53
for each indicator of good practice in the CAFthat you think your councils met.

00:01:59:53 - 00:02:01:50
And the evidence tracker will help you

00:02:01:50 - 00:02:05:44
provide the right evidence in the right format

00:02:05:44 - 00:02:06:34
to help you show.

00:02:06:34 - 00:02:10:14
When they come to review your self-assessment.

00:02:10:14 - 00:02:13:32
And this could help, say,reduce the amounts of back and forth.

00:02:13:32 - 00:02:17:10
Should they have any questions?

00:02:17:10 - 00:02:20:58
Now let'stake a look at the self-assessment itself.

00:02:20:58 - 00:02:23:06
So I'm going to go to

00:02:23:06 - 00:02:26:44
the tab for objective eight.

00:02:26:44 - 00:02:29:03
And this is what it looks like when you open it.

00:02:29:03 - 00:02:33:42
I think it's important to say it's the samestructure and format for all objectives.

00:02:33:42 - 00:02:35:24
These tabs.

00:02:35:24 - 00:02:37:39
So at the top you can find quick

00:02:37:39 - 00:02:40:59
links to each principalthat make up the objective.

00:02:40:59 - 00:02:46:34
And you can also find guidanceon how to complete

00:02:46:34 - 00:02:48:00
the self-assessment workbook.

00:02:48:00 - 00:02:53:33
So if I go back up I'm goingto click the quick link for governance.

00:02:53:33 - 00:02:57:16
So this is taking me down to governance.

00:02:57:16 - 00:02:59:51
And you can see all of the contributing outcomes

00:02:59:51 - 00:03:04:07
that make up that principal.

00:03:04:07 - 00:03:06:08
And the indicators of good practice.

00:03:06:08 - 00:03:09:04
So here they are for board direction.

00:03:09:04 - 00:03:12:50
So we have the achieved ones.If I keep scrolling down

00:03:12:50 - 00:03:15:36
you can see the not achieved ones.

00:03:15:36 - 00:03:18:36
And the format repeats.

00:03:18:36 - 00:03:22:48
So here we have the contributing outcomefor those responsibilities.

00:03:22:48 - 00:03:26:44
And the associated Etps.

00:03:26:44 - 00:03:28:57
So with your team work

00:03:28:57 - 00:03:32:31
through each of these outcomes.

00:03:32:31 - 00:03:35:32
So let's go back up to board directionas an example.

00:03:35:32 - 00:03:39:02
And I'm just going to scroll up here.

00:03:39:02 - 00:03:43:07
Here here's the contributing outcomefor all the direction.

00:03:43:07 - 00:03:46:10
So for this you would look at each IGP

00:03:46:10 - 00:03:49:39
and decide whether you're council meets.

00:03:49:39 - 00:03:52:46
It doesn't meet it isn't applicable.

00:03:52:46 - 00:03:56:30
Or you have alternative controls in place.

00:03:56:30 - 00:03:58:52
It's also the column

00:03:58:52 - 00:04:05:13
to explain why you have chosen your response.

00:04:05:13 - 00:04:07:45
And if you see column B, the.

00:04:07:45 - 00:04:12:24
We've includedtips on how to interpret some of the igp's.

00:04:12:24 - 00:04:14:51
So for this

00:04:14:51 - 00:04:18:16
IGP, the first one on the board direction,

00:04:18:16 - 00:04:22:34
we imagine that I have workedwith colleagues at Council.

00:04:22:34 - 00:04:26:39
And I'm going to say I believe

00:04:26:39 - 00:04:29:10
we have met this

00:04:29:10 - 00:04:32:10
IGP. So I agree

00:04:32:12 - 00:04:34:59
that we meet it.

00:04:34:59 - 00:04:35:55
And then here

00:04:35:55 - 00:04:39:58
I've already pasted it in, but there's a summary

00:04:39:58 - 00:04:41:06
response.

00:04:41:06 - 00:04:44:49
So I'm saying cyber riskis periodically discussed

00:04:44:49 - 00:04:50:04
at council board meetingsand how those outcomes are disseminated.

00:04:50:04 - 00:04:53:28
And perhaps I know this becauseI've collaborated with the relevant roles

00:04:53:28 - 00:04:57:24
at council,and I've been able to source the relevant

00:04:57:24 - 00:05:00:06
evidence.

00:05:00:06 - 00:05:01:43
So after you've been through

00:05:01:43 - 00:05:07:30
all of the igp's for an outcome.

00:05:07:30 - 00:05:09:01
Go to the outcome itself.

00:05:09:01 - 00:05:16:25
So if I scroll back up, I'mgoing to go to board direction and.

00:05:16:25 - 00:05:18:11
In this example

00:05:18:11 - 00:05:23:44
as a councilwe believe we've achieved this outcome.

00:05:23:44 - 00:05:25:43
So in this column C

00:05:25:43 - 00:05:30:36
I'm going to change it to shift.

00:05:30:36 - 00:05:37:12
And here we havea summary that I've already pasted in.

00:05:37:12 - 00:05:39:06
Saying how the council

00:05:39:06 - 00:05:42:54
board reviews this.

00:05:42:54 - 00:05:45:58
And then there's also two columns.

00:05:45:58 - 00:05:50:31
The next to it the column E have the date

00:05:50:31 - 00:05:53:30
it was reviewed by the CAF quality issue

00:05:53:30 - 00:05:57:38
and F the date reviewed by the CAF approver.

00:05:57:38 - 00:06:00:20
So after I've completed

00:06:00:20 - 00:06:04:19
this contributing outcome, perhaps I'mgoing to go to the evidence tracker template.

00:06:04:23 - 00:06:07:48
The last tab.

00:06:07:48 - 00:06:13:45
And for the contributing outcome board direction

00:06:13:45 - 00:06:16:00
indicating the indicates a good practice.

00:06:16:00 - 00:06:18:09
My evidence

00:06:18:09 - 00:06:23:04
applies to I'm listing the document names

00:06:23:04 - 00:06:25:34
here in column D,

00:06:25:34 - 00:06:28:34
I've included who

00:06:28:41 - 00:06:30:25
approved the evidence for release.

00:06:30:25 - 00:06:33:22
So in this example the governance lead.

00:06:33:22 - 00:06:39:02
Then I've included a hyperlink to the documents,

00:06:39:02 - 00:06:40:01
to the shared space.

00:06:40:01 - 00:06:44:01
You've agreed with the issuer.

00:06:44:01 - 00:06:48:38
So once you have completed

00:06:48:38 - 00:06:51:38
both tabs, the objectives.

00:06:53:22 - 00:06:57:56
Ask a quality assurerto review your self-assessment.

00:06:57:56 - 00:07:01:59
Ask your approver to sign off self-assessment

00:07:01:59 - 00:07:04:09
and then share the self-assessment

00:07:04:09 - 00:07:07:50
with your independent issuer.

00:07:07:50 - 00:07:11:28
So finally, you can find lots of guidance

00:07:11:28 - 00:07:16:39
on how to complete self-assessmenton our website

00:07:16:39 - 00:07:21:43
in the Assure Your self-assessment section.

00:07:21:43 - 00:07:23:04
And this also includes

00:07:23:04 - 00:07:28:28
downloads and templates that you can usenot only for the self-assessment,