Cyber Security Self Assessment
Cyber security is a key issue for local government and all councils have a range of practices and policies for managing this. However, councils vary according to size, type of services, and how IT is delivered (e.g. outsourced, part of a shared services arrangement or in-house), resulting in different approaches to and levels of cyber security maturity.
What is Cyber Security?
For the purposes of this self assessment, cyber security is defined according to the National Audit Office’s definition, where cyber security is the activity required to protect an organisation’s computers, networks, programmes and data from unintended or unauthorised access, change or destruction via the internet or other communications systems or technologies. Effective cyber security relies on people and management processes, as well as technical controls.
What is the purpose of this tool?
The LGA conducted a Cyber Security Stocktake from July to September 2018 to record the current state of cyber security for all English councils. Using Cabinet Office funding councils have subsequently been helped to improve via training, awareness raising and other services.
This tool is designed to let your council self-assess its current state and any future improvement or degradation in aspects of your cyber security. The tool helps make the case for further assistance to your council and to show the impact of that assistance.
Here are the Cyber security self assessment questions as a PDF document.
Who completes the self assessment?
One nominated person from your council can sign in and complete the assessment on behalf of your council. To find out who that person is or change the nominated person, email firstname.lastname@example.org.
How do I complete the self assessment?
If you are authorised to complete the assessment for your council, sign-in and respond as honestly as possible to the questions.
Questions are open for specific time periods during the year. The next time period is Nov 2020 running from 1 November 2020 to 30 November 2020. So ensure questions in all sections that you choose to complete are submitted by 30 November 2020.
How are the responses used?
The results page will show an assessment for each section where you have provided responses. Only the person authorised to perform the self-assessment for a council can see it’s results page. That person can download a document detailing the results.
The LGA has secure access to results for all councils. These will not be shared publicly but will be used to assess how councils can be helped improve their cyber security.
Hints for completing the self assessment
- The self assessment is designed to be intuitive, but it is a complex topic. It is likely you will need to speak with colleagues in different work areas (e.g. Emergency Planning, HR, etc.) to be able to respond to all questions.
- You may wish to circulate the PDF version of the questions to your colleagues to support gathering the necessary information.
- Once you have gathered all the relevant information, responding to the questions should take no longer than 30 minutes to complete.
- Please complete all questions in any number of categories you choose.
- All categories apply whether or not your council’s IT is outsourced, part of a shared service, run on cloud services or operating internally. Councils should complete their own questionnaire, regardless of any shared service arrangements.
- Smaller councils may find that some questions are repetitive given the need for the stocktake to accommodate a wide range of councils that vary in size and their cyber security arrangements.
If you need help signing in or using the tool, contact email@example.com.
To enquire about the meaning of any questions or how your responses will be used, contact firstname.lastname@example.org.