Skip to main content

This is a new service – your feedback will help us to improve it.

  1. Guidance
  2. GovAssure
  3. Stage 1
  4. Part A

Stage 1 – Part A: Organisational mission, objectives and priorities

Strategic context

Questions to consider: - What is the organisation fundamentally trying to achieve? - What are the organisation’s mission, objectives, and priorities, and how do they support the delivery of Government services? - Think about how an ‘elevator pitch’ of the organisation as a concise summary for someone new to your business in a few sentences.

Please note: Whilst the guideline suggests a word limit, the intention here is to try to succinctly describe the context and organisations without creating an excessive overhead for organisations. Equally, organisations shouldn’t feel overly restricted on the level of detail included given the variations in size, scale and complexity of organisations.

Organisation background

Questions to consider: - How is the organisation currently set up to deliver the mission/objectives and strategy? - How does the organisation operate? For example, is it an organisation that has 24/7 x 365services that are delivered online or an offline non-transactional service?

Current threat landscape

Questions to consider: - Who may have intent to target the organisation, why is the organisation a target and ‘what could go wrong’ if they were successful? - If there is a multi-threat picture, please feel free to bullet point the different types. -You can include any references to threat assessment activity that you may have already conducted, and if at higher classification you can simply reference they have been conducted. You may wish to consider how much of this would be useful to discuss with the reviewer later.

Cyber risk appetite

Question to consider:

Back to Stage 1