GovAssure announcements and newsletters
Announcements and past newsletters sent out by the GovAssure team
GovAssure Newsletters
To receive the GovAssure newsletter, sign up through the subscription form using your government email address. Non-government addresses will not be sent this newsletter.
GovAssure announcements
GovAssure 2025/26
We are pleased to announce that GovAssure 2025/26 has officially launched!
The timeline for all organisations completing the process in 2025/26 is set out below:
- Sept – Oct | Stages 1 & 2 [Scoping]
- Nov – Jan | Stage 3 [CAF self assessment]
- Feb – Mar | Stage 4 [Independent review]
- April – May | Stage 5 [Targeted improvement plan]
See our updated GovAssure guidance to get started!
Webinars 2025
We held webinars in July and August on GovAssure including the five stages and changes for year 3. If you would like to see a copy of the slides please email us (cybergovassure@cabinetoffice.gov.uk).
GovAssure stage 4 accreditation change
The Cyber Resilience Audit (Opens in a new tab) (CRA) scheme is an accreditation scheme run by the National Cyber Security Centre (NCSC). The scheme assures suppliers delivering independent cyber audits, initially based on the Cyber Assessment Framework (CAF).
We have now closed the current accreditation routes (NCSC Assured and Non-NCSC Assured) for new GovAssure assessors to join to be GovAssure accredited. This will not impact procurements already in motion at this time for GovaAssure 2025-26.
From 26/27FY only suppliers that are part of the CRA scheme and comply with our bespoke GovAssure requirements will be able to deliver GovAssure Independent Assurance Reviews. We are working closely with NCSC and Crown Commercial Service (CCS) on this transition, and have engaged the GovAssure supplier community separately.