Bridewell offers expert guidance on aligning your organisation with NCSC’s Cyber Assessment Framework (CAF). As an NSCS assured cyber security provider, we’re here to help you meet regulatory requirements in your industry.
The importance of the Cyber Assessment Framework
Our consultants work across a range of sectors, supporting organisations to understand, apply and meet the requirements of the Cyber Assessment Framework.
The Cyber Assessment Framework (CAF) has been developed by NCSC to support organisations working across critical national infrastructure (including organisations subject to the Network and Information Systems Regulations), public sector organisations, and others that want to align to a recognised, UK-developed framework.
For many organisations alignment to the requirements established in the CAF is a regulatory requirement. For others, alignment is a voluntary activity. In either case, applying the CAF can be a challenging process which requires expert judgment and support.
What to Expect from our Cyber Assessment Framework Service
Our consultants are deeply experienced in guiding organisations to CAF compliance and can provide tailored remediation programs to suit your needs.
Extensive cross-sector experience
We support clients to navigate the CAF in many critical infrastructure sectors, including transport and aviation, energy, telecoms, finance, health, and central and local government. Our consultants understand how the application of the CAF varies across sectors.
Deep technical expertise
Our consultants are experts across IT infrastructure, public and private cloud and operational technology (OT), enabling them to assess and implement controls that support your organisation to meet the CAF requirements.
A Strategic, Business Driven Approach
We prioritise understanding your priorities and business goals in order to ensure that the application of the CAF goes beyond regulatory ‘box ticking’, and adds real value to your organisation.
What are the benefits of our CAF service?
Business focus
Meeting the CAF requirements is not an end in itself. We pride ourselves on establishing trusted, strategic relationships with our clients and understanding your organisational priorities.
Access to end-to-end support
We can help your organization to meet the full range of CAF Objectives, drawing on our vast pool of NCSC-accredited specialists and cyber capabilities.
Regulatory understanding
We understand not only what the CAF says, but what regulators expect to see. We can apply this knowledge to help you meet the right requirements at the right time.
Customer Stories
Start Your NCSC CAF Journey
Speak with our team to see how we can help you implement the NCSC's CAF.
How we deliver our CAF service?
Our approach begins by understanding your requirements, organisational context and operating environment, and – where relevant – your regulatory obligations.
Based on your requirements we can provide the right support to help you throughout your CAF journey, including:
- Conducting audits and assessments – we can support you to identify your critical systems and assess their alignment to the Cyber Assessment Framework requirements. Alternatively, we can independently audit the findings of your own self-assessments.
- Implementing improvements – we can deliver improvements to your organisational posture against the CAF, whether this involves technical, policy or organisational controls
- Designing and delivering remediation programmes – for organisations facing more stretching requirements, such as meeting Enhanced Profile expectations, we can design, manage and deliver strategic, business-wide cyber improvement programmes.
- Regulatory submission and engagement – we can help you to understand the expectations and requirements of relevant regulators (‘Competent Authorities’), and help you to prepare for relevant engagements or reporting requirements. Our consultants have extensive experience working with – or for – many of the UK’s Competent Authorities.
FAQ's
The Cyber Assessment Framework (CAF) is the UK NCSC's developed outcomes-based framework for assessing how well an organisation is managing cyber risk to its essential functions. It focuses on four objectives: managing security risk, protecting against cyber attack, detecting cyber security events and minimising the impacts of cyber incidents.
It is designed for organisations supporting critical national infrastructure and essential services and it uses principles, contributing outcomes and indicators of good practice rather than a simple checklist. A self-assessment can be done by the organisation and in most cases assured by an external assessor.Why Us?
.svg?sfvrsn=428a1942_1){kind=icon}
Awards
Our team have won numerous industry awards, including 'Cyber Business of the Year' at the National Cyber Awards 2024 and 'Best Cyber Security Company of the Year' at the Cyber Security Awards 2023.
Certifications
Our people and services are highly accredited by leading industry bodies including CREST, the NCSC, and more. Our SOC holds extensive accreditations from CREST (including for CSIR and SOC2) and works closely with our cyber consultancy services.
Partnerships
As a Microsoft Partner, we also hold advanced specialisms in Cloud Security and Threat Protection. We’ve also implemented some of the UK’s largest deployments of the Microsoft Security stack, inc. Sentinel, Defender, Purview and more.
