The National Cyber Security Centre (NCSC) has said that organisations can now begin to buy services under its Cyber Resilience Audit (CRA) scheme.
It has now made a list of assured providers available for conducting audits based on its Cyber Assessment Framework (CAF). Most are listed on the Crown Commercial Service’s CSS3 procurement framework.
It added that the Department of Health and Social Care, NHS England and the Department of Finance Northern Ireland have all become early adopters as oversight bodies of the CRA scheme, which has been set up to provide confidence in companies that have been assessed as meeting the NCSC standard for delivering independent cyber audits.
NCSC emphasised the availability of the scheme to essential service providers but said it is open to all organisations.
Meeting requirements
The certified companies have all met the minimum requirements for scheme membership and are now eligible to put themselves forward to conduct audits in specific sectors – providing they meet any additional requirements laid down by the relevant oversight body.
NCSC said it is still accepting applications from potential service providers.
It added: “This is just the beginning - we expect more oversight bodies to develop their independent CAF audit programmes and will announce those in due course.
“We will also work with oversight bodies to monitor and develop the scheme and use the outputs to better understand the resilience of the UK as a whole.”
