The Journey to CAF 2027 – How Energy Companies Can Prepare banner image

The Journey to CAF 2027 – How Energy Companies Can Prepare

20 July 2023 | 11:00 am
45 mins
Join Craig Moores and Thomas Chappelow as they advise energy sector organisations on the differences between the basic and new enhanced CAF profiles.

The NCSC’s Cyber Assessment Framework (CAF) is a collection of principles and guidance to achieve a level of cyber resilience, particularly focused at those organisations that play a vital role in the day-to-day life of the UK, such as those designated as forming part of the Critical National Infrastructure (CNI). With a specific set of profiles targeted at Operator of Essential Services (OES) within the UK’s energy sector, it is essential for those within scope of the NIS regulation to demonstrate their cyber posture in alignment with the CAF. 

However, for many organisations, understanding the scope of what this applies to and aligning existing controls with the framework can be a challenging and resource intensive process given the CAF’s focus on ‘contributing outcomes’ and somewhat lack of prescriptive controls within the CAF to clearly direct improvements within existing cyber security controls. 

Further challenges have been introduced through the recent publication of an enhanced CAF profile for the energy sector by its regulator, Ofgem. This introduces additional requirements for energy sector organisations to achieve a greater level of cyber security maturity and align with all CAF principles by 2027. 

This webinar advises energy sector organisations on the differences between the basic and enhanced CAF profiles, how they can drive improvements in their cyber security programs to align with the CAF principles, and more effectively secure technical environments and operational technology (OT) within their business. 

Webinar Highlights: 

  • What the requirements in the CAF enhanced profile are, and how it differs from the baseline profile 

  • How your organisation can build a roadmap to align with the enhanced CAF profile 

  • How to create efficiency when assessing against the CAF 

  • How to take a system-based approach to assessing cyber maturity and linking this to remediation priorities 

  • How to create a strategic approach to embed the CAF in your organisation 

Who is This Event Suitable For? 

Organisations operating within the energy sector who are regulated by Ofgem and thus subject to the CAF, who are looking to gain an early understanding of what the roadmap to 2027 looks like, and how they can effectively plan to achieve it.

Watch On Demand


Craig Moores

Craig Moores

Principal Lead Consultant


Thomas Chappelow

Thomas Chappelow

Principal Consultant


Register to Watch