Cyber resilience: third sector action plan 2018-2020

Plan to develop a common, aligned approach to cyber resilience across the third sector in Scotland, so that all sections of society benefit from being digitally safe and secure.

Annex A. Key Actions and Timelines – Summary

Key action no. Action required of: Requirements Deadline Page no. action plan
1 SG, NCRLB, Third Sector partners
SG, NCRLB, Third Sector partners
  • Consider options for developing a Third Sector Cyber Resilience Framework/Pathway, with a particular focus on small and medium sized third sector organisations. To include:
    – Work to develop a stronger understanding of core cyber resilience requirements currently encompassed by NCSC schemes and guidance, other common standards and key supply chain policies as they apply to the Scottish third sector (particularly small and medium sized third sector organisations), and how these relate to progressive levels of cyber risk.
Spring 2019

Spring 2019
2 SG, NCRLB, NCSC and key Third sector partners
  • Key communications messaging and awareness raising activities for the third sector. Undertake work to strengthen systems of advice and support – initial target landscape identified and achieved.
Ongoing & spring 2019 P.22-23
3 SG and NCRLB
SG, NCRLB and Third sector cyber catalysts
  • Begin work with NCSC and key third sector partners in a Third Sector Cyber Catalyst Working Group, with initial focus on:
    – strengthening leadership for, and helping drive greater awareness and uptake of good cyber resilient behaviours in, small and medium sized third sector organisations, including through the use of supply chain measures.
    – strengthening coordination and knowledge sharing in respect of cyber resilience across key third sector organisations in Scotland; and
    supporting and promoting uptake of key educational initiatives in Scotland, including cyber security apprenticeships;
Summer 2018

4 SG, NCRLB and Third sector cyber catalysts
  • Seek views from the third sector to help inform the development of the draft public sector supply chain cyber security policy in 2018, so that it takes account of existing good practice in the third sector.
  • Identify current common core supply chain cyber resilience requirements that are placed on small and medium sized third sector suppliers, with a view to improving sectoral guidance for small and medium sized third sector organisations on what they need to do to strengthen their cyber resilience to position themselves to win contracts.
  • Building on this analysis, consider the potential for greater cross-sectoral alignment of core supply chain cyber resilience requirements over time.
  • Building on any such alignment work, explore the potential for cross-sectoral pooling or accessing of information to support supply chain security across Scotland’s third sector organisations.
First half of 2018
Spring 2019

From spring 2019 From spring 2019
SG, NCRLB and key Third sector partners
  • Continuation of modified voucher scheme for Cyber Essentials
  • Explore greater use of incentives and put forward for consideration by NCRLB
Autumn 2018
By spring 2019
6 SG
  • Work with NCRLB, NCSC, Regulatory bodies and key partners to develop benchmarking, monitoring and evaluation arrangements.
By spring 2019 P.30-31


Back to top