Skip to main content

Data security unified cyber-risk framework

To help your organisation identify cyber-specific security risks and to align those risks to your corporate risk register, NHS Digital’s Data Security Centre has worked with NHS subject matter experts to develop a unified cyber-risk framework.

Provided on behalf of NHS Digital by specialist supplier: Dionach

What is involved and commitment level

We have commissioned a specialist supplier to help you apply and maintain the framework within your organisation and, over two whole-day workshops, they will guide you to develop mitigations and associated actions.

Day one includes training on the framework and a walkthrough of systemic risks specific to your organisation, based on those identified through onsite assessment or other risk profiling. Day two introduces third party and supplier assessments, as well as a workshop on how to integrate the third party and supplier outcomes into your existing organisational risk reporting.

The supplier will have already seen your onsite assessment remediation plan. It is also helpful to have some key documentation available in advance, including:

  • existing organisational risk register
  • existing information security risk assessment
  • Data Security Protection Toolkit assessment (formerly the Information Governance toolkit)
  • list of third party partners and suppliers

After the workshop, the supplier will work with you to develop a clear action plan to help incorporate the cyber risk framework into your business.

Who should take part in the workshops

The workshop must include relevant senior decision-makers and IT management, with at least three people in attendance.

Working with you, the supplier will agree the most suitable date and time based on the required attendees’ availability and your organisation's ability to facilitate the workshop.

Contact us

To find out more about the unified cyber risk framework or the wide range of other services available, please email us directly:

Related pages

  1. internal

    Data security onsite assessment

    Our onsite assessment combines a data security IT HealthCheck with Cyber Essentials Plus accreditation to help you understand and overcome areas of high risk and identify vulnerabilities.

  2. internal

    Cyber operational readiness support

    Free support to your organisation to address security-critical issues that can have clinical impact and threaten patient safety, specifically in relation to policy, process and cultural change.

Last edited: 8 July 2019 12:58 pm