Skip to main content

NCSC assured cyber security for SIROs

We’re offering a free cyber security training course to Senior Information Risk Owners (SIROs) working in NHS trusts and Commissioning Support Units (CSUs). Find out more about the course and how to sign up.

Page contents

This NCSC Assured training by Templar Executives will help SIROs and their deputies to improve their knowledge about cyber security risks. It’s a 1-day, face-to-face course.

This training is currently only for SIROs working in NHS trusts and Commissioning Support Units (CSUs).

The training supports our strategy and covers:
  • the current cyber threat landscape and trends, with a focus on the NHS agenda  
  • cyber security leadership, strategy, governance and stakeholder management  
  • roles and responsibilities of the SIRO and deputy SIRO  
  • compliance including Data Security Standards, DSP toolkit expectations, legislation and regulation, such as GDPR and NIS regulation
  • risk appetite and risk management, supply chain, reporting and assurance
  • cyber resilience, business continuity and disaster recovery
  • developing a sustainable cyber security culture

Subject to SIRO agreement, the training day can also include the deputy SIRO, DPO, Caldicott Guardian and head of information governance and cyber.

Register for this training

To register for this training or to find out more, please raise a call to the helpdesk using the NHS Digital Service Now portal

You will need to register for an account by providing your name, work email and organisation ODS code. Once logged in raise a request by selecting request something, selecting Cyber Security Support Model on the left side, then selecting the relevant training.

Then fill in the required information and submit the call to us. This will save you time as you will not have to call or email us.  We will then contact you to discuss the request further.

How this service aligns with the Cyber Assessment Framework

Open the expanders below to find out how this service aligns to the principles and outcomes of the Cyber Assessment Framework (CAF).

Objective A: Managing security risk

A1.a You have effective organisational security management led at board level and articulated clearly in corresponding policies.

A1.b Your organisation has established roles and responsibilities for the security of networks and information systems at all levels, with clear and well-understood channels for communicating and escalating risks.

A1.c You have senior-level accountability for the security of networks and information systems, and delegate decision-making authority appropriately and effectively. Risks to network and information systems related to the operation of essential functions are considered in the context of other organisational risks.

A2.a Your organisation has effective internal processes for managing risks to the security of network and information systems related to the operation of essential functions and communicating associated activities.

A2.b You have gained confidence in the effectiveness of the security of your technology, people, and processes relevant to essential functions.

Objective B: Defending systems against cyber attack

B1.a You have developed and continue to improve a set of cyber security and resilience policies and processes that manage and mitigate the risk of adverse impact on the essential function.

B1.b You have successfully implemented your security policies and processes and can demonstrate the security benefits achieved.

B6.a Cyber Security culture.

B6.b The people who support the operation of your essential function are appropriately trained in cyber security. A range of approaches to cyber security training, awareness and communications are employed.

Objective D: Minimising the impact of cyber security incidents

D1.a You have an up-to-date incident response plan that is grounded in a thorough risk assessment that takes account of your essential function and covers a range of incident scenarios.

D1.b You have the capability to enact your incident response plan, including effective limitation of impact on the operation of your essential function. During an incident, you have access to timely information on which to base your response decisions.

D2.b Your organisation uses lessons learned from incidents to improve your security measures.

Last edited: 8 November 2023 3:27 pm