Skip to main content

NCSC assured training

Our free National Cyber Security Centre (NCSC) assured training by Templar Executives will help you to understand how cyber security risks could affect your NHS organisation.

About board-level training 

This training is tailored to NHS board members and includes a 2 hour briefing session, followed by an e-learning package. It's provided by our training partner, Templar Executives.

The training supports leadership obligations and current legislation.

It's available to NHS trusts and Commissioning Support Units (CSUs).

The training supports our strategy and covers:
  • cyber leadership and board accountability – support organisational objectives, patient care and safety

  • focus on the greatest risks and harms – external threats and internal risks, such as personal risks, hybrid working and AI

  • defend as one – Data Security Standards, DSP toolkit expectations, legislation and regulation, including GDPR and NIS regulation

  • people and culture – governance, structures and leadership, Cyber Assessment Framework (CAF) expectations

  • build secure for the future – risk appetite and risk management, supply chain, reporting and assurance

  • exemplary response and recovery – cyber resilience, business continuity and disaster recovery

  • tools for the board to support priorities


Arrange a training session

To register for this training or to find out more, please raise a call to the helpdesk using the NHS Digital Service Now portal.

You will need to register for an account by providing your name, work email and organisation ODS code. Once logged in raise a request by selecting request something, selecting Cyber Security Support Model on the left side, then selecting the relevant training.

Then fill in the required information and submit the call to us. This will save you time as you will not have to call or email us.  We will then contact you to discuss the request further.


How this service aligns with the Cyber Assessment Framework

Open the expanders below to find out how this service aligns to the principles and outcomes of the Cyber Assessment Framework (CAF).

Objective A: Managing security risk

A1.a You have effective organisational security management led at board level and articulated clearly in corresponding policies.

A1.b Your organisation has established roles and responsibilities for the security of networks and information systems at all levels, with clear and well-understood channels for communicating and escalating risks.

A1.c You have senior-level accountability for the security of networks and information systems, and delegate decision-making authority appropriately and effectively. Risks to network and information systems related to the operation of essential functions are considered in the context of other organisational risks.

A2.b You have gained confidence in the effectiveness of the security of your technology, people, and processes relevant to essential functions.

A4.a The organisation understands and manages security risks to networks and information systems supporting the operation of essential functions that arise as a result of dependencies on external suppliers. This includes ensuring that appropriate measures are employed where third party services are used.

Objective B: Defending systems against cyber attack

B1.a You have developed and continue to improve a set of cyber security and resilience policies and processes that manage and mitigate the risk of adverse impact on the essential function.

B1.b You have successfully implemented your security policies and processes and can demonstrate the security benefits achieved.

B6.a Cyber Security culture.

B6.b The people who support the operation of your essential function are appropriately trained in cyber security. A range of approaches to cyber security training, awareness and communications are employed.

Objective D: Minimising the impact of cyber security incidents

D1.a You have an up-to-date incident response plan that is grounded in a thorough risk assessment that takes account of your essential function and covers a range of incident scenarios.

D1.b You have the capability to enact your incident response plan, including effective limitation of impact on the operation of your essential function. During an incident, you have access to timely information on which to base your response decisions.

D2.b Your organisation uses lessons learned from incidents to improve your security measures.

Last edited: 15 November 2023 2:35 pm