Stage 1 – Part A: Organisational mission, objectives and priorities
Questions to consider:
Strategic context
Questions to consider:
- What is the organisation fundamentally trying to achieve?
- What are the organisation’s mission, objectives, and priorities, and how do they support the delivery of Government services?
- Think about how an ‘elevator pitch’ of the organisation as a concise summary for someone new to your business in a few sentences.
Please note: Whilst the guideline suggests a word limit, the intention here is to try to succinctly describe the context and organisations without creating an excessive overhead for organisations. Equally, organisations shouldn’t feel overly restricted on the level of detail included given the variations in size, scale and complexity of organisations.
Organisation background
Questions to consider:
- How is the organisation currently set up to deliver the mission/objectives and strategy?
- How does the organisation operate? For example, is it an organisation that has 24/7 x 365services that are delivered online or an offline non-transactional service?
Current threat landscape
Questions to consider:
- Who may have intent to target the organisation, why is the organisation a target and ‘what could go wrong’ if they were successful?
- If there is a multi-threat picture, please feel free to bullet point the different types.
-You can include any references to threat assessment activity that you may have already conducted, and if at higher classification you can simply reference they have been conducted. You may wish to consider how much of this would be useful to discuss with the reviewer later.
Cyber risk appetite
Question to consider:
- Please confirm if the organisation has a defined cyber risk appetite statement (or not), where it is defined, and what the level of appetite is. If it has already been defined and documented, please feel free to copy and paste this directly into the GovAssure Scoping Document.