The UK’s National Cyber Security Centre (NCSC) has officially launched a scheme designed to find auditors for a new cyber-resilience initiative.
The Cyber Resilience Audit (CRA) scheme was announced at the CYBERUK conference in May.
“This new NCSC scheme assures providers who can conduct independent Cyber Assessment Framework (CAF) based audits, which will focus initially on supporting some nationally critical sectors,” explained the agency’s head of assured professional schemes, industry assurance, Catherine H.
“The CRA scheme’s focus is squarely on the common requirements of all the oversight bodies and providing assurance that suppliers meet them. Once suppliers are on the scheme, they are then eligible to put themselves forward to conduct audits in specific sectors – as long as they meet any additional requirements laid down by the oversight body.”
Until now, the NCSC had to work with these bodies, which include lead government departments and regulators, to put all of the pieces in place.
They will continue to do so as the CRA begins in order to monitor and develop the scheme to better understand the nation’s cyber-resilience.
“The scheme standard and associated documentation are all available from our website,” Catherine H. continued. “Once we have accepted enough companies into the scheme, we will announce that the scheme is open for business and publish information for buyers. We expect that to be towards the autumn.”
The CRA is open to prospective audit companies of all sizes, especially those working hard to address “issues of under-representation” in the industry or those “serving geographically remote or under-represented areas.”
In April 2023, the government launched GovAssure, a new scheme which will focus on independent auditing of government agencies’ cyber-resilience, based on the guidelines set out in the CAF.
Image credit: T. Schneider / Shutterstock.com