We have commissioned a specialist supplier to help you apply and maintain the framework within your organisation and, over two whole-day workshops, they will guide you to develop mitigations and associated actions.
Day one includes training on the framework and a walkthrough of systemic risks specific to your organisation, based on those identified through onsite assessment or other risk profiling. Day two introduces third party and supplier assessments, as well as a workshop on how to integrate the third party and supplier outcomes into your existing organisational risk reporting.
The supplier will have already seen your onsite assessment remediation plan. It is also helpful to have some key documentation available in advance, including:
- existing organisational risk register
- existing information security risk assessment
- Data Security Protection Toolkit assessment (formerly the Information Governance toolkit)
- list of third party partners and suppliers
After the workshop, the supplier will work with you to develop a clear action plan to help incorporate the cyber risk framework into your business.