Six Degrees Delivers GovAssure Stage 4 Independent Assurance Reviews

Central government organisations can benefit from partnering with Six Degrees, an experienced, highly accredited provider of cyber security services to the UK public sector, to perform the stage 4 independent assurance reviews they need to meet their obligations under the GovAssure cyber security assurance scheme.

All central government organisations are required to meet their obligations under the new GovAssure cyber security assurance scheme. At Six Degrees we’re well-positioned to help – as we’ll cover in this short blog that introduces the Government Cyber Security Strategy to which GovAssure aligns, provides an overview GovAssure itself, and explains why Six Degrees is a great choice for central government organisations looking to perform their stage 4 independent assurance reviews.

Let’s get started.

What is the Government Cyber Security Strategy?

In January 2022, the UK government released its Government Cyber Security Strategy (GCSS) 2022 to 2030, which set out its approach to building a cyber resilient public sector. The GCSS outlined two core pillars aimed at ensuring all government organisations across the whole public sector are resilient to known vulnerabilities and attack methods no later than 2030:

• Build a strong foundation of organisational cyber security resilience
• Defend as ‘one’

These two pillars are supported by four objectives that set the dimensions of cyber resilience:

• Managing cyber risk
• Protecting against cyber attack
• Detecting cyber security events
• Minimising the impact of cyber security incidents

What is GovAssure – and Where Does it Fit In?

GovAssure is the new cyber security assurance scheme for government organisations designed to support the objectives and aims of the GCSS. Introduced in April 2023, GovAssure is a five stage process that is underpinned by the National Cyber Security Centre’s Cyber Assessment Framework (CAF) and aligns with Critical National Infrastructure (CNI) best practices.

GovAssure consists of five main stages:

• Stage 1: Organisational context and services
• Stage 2: In-scope systems and assignment to the Government CAF profile
• Stage 3: CAF self-assessment
• Stage 4: Independent assurance review
• Stage 5: Final assessment and targeted improvement plan

In this blog we’re focusing on stage 4, the independent assurance review, during which an accredited supplier like Six Degrees will review and verify the CAF self-assessment the organisation completes during stage 3.

Why Partner with Six Degrees for Your Stage 4 Independent Assurance Review?

With a number of accredited suppliers able to carry out stage 4 independent assurance reviews, why should a central government organisation choose to partner with Six Degrees? Here are three reasons:

• Strong track record in central government and CNI. At Six Degrees we have an enviable public sector pedigree, having been delivering cyber security services to central government and CNI organisations for over 10 years.
• Our cyber security credentials. As a business we have serious cyber security credentials: we’re a member of Microsoft’s invite-only Microsoft Intelligent Security Association (MISA), and our wider credentials include CHECK Penetration Testing Assured Service Provider, CREST, Official Cyber Scheme Sponsor, Cyber Essentials Plus Certification Body, and ISO 27001, ISO 22301, and ISO 9001.
• Our experienced, certified, SC-cleared people. All of the professionals involved in delivering stage 4 independent assurance reviews at Six Degrees are SC-cleared. They are highly experienced, highly certified, and extremely competent in delivering cyber security strategy and advisory and consultancy services.

Ease Your Journey to GovAssure

We want to make it as easy as possible for central government organisations to meet their GovAssure obligations. To arrange your stage 4 independent assurance review with Six Degrees, contact us.