Skip to main content

NCSC assured cyber security training for NHS boards

Our centrally funded National Cyber Security Centre (NCSC) assured board training is delivered by Templar Executives on behalf of NHS England and will help you to understand how cyber security risks could affect your NHS organisation.

Page contents

About board-level training 

Each board session is tailored for the NHS and local needs and is, ideally, up to two hours in duration. Templar includes a 30-minute pre-meeting with the executive trainer to support context and requirements.

It's available to NHS trusts and Integrated Care Boards (ICB’s).

The training supports our strategy and covers:
  • the current cyber threat landscape and trends, with NHS context
  • overview of main legislation, regulation and liabilities
  • best practice: strategy, leadership and governance, including the role of the board and key stakeholders
  • strategic backdrop: DHSC cyber strategy for adult health and social care
  • NHS Data Security Protection Toolkit (DSPT), Cyber Assessment Framework (CAF) latest requirements
  • business Information risk and personal risk
  • building cyber resilience; risk monitoring; incident management and business continuity
  • main roles and activities to foster a positive cyber security culture
  • facilitated discussion about cyber risk
  • cyber assurance including assessment, key priority areas and reporting
  • tools to take away, priorities and next steps

Benefits

Benefits include:

access to experienced and NCSC assured board-level executive trainers, able to draw on experience and insights from across public and private sectors

best practice advice with tailored context to support the NHS and your own organisation’s strategy and plans

advice and support on actions a Board can take to minimise the impact both on patient care and the organisation’s reputation, finance and operations

delivered by executive trainers who understand the challenges boards face both strategically and tactically

Arrange a training session

To register for this training or to find out more, raise a call to the helpdesk using the NHS Digital Service Now portal.

You will need to register for an account by providing your name, work email and organisation ODS code. Once logged in raise a request by selecting request something, selecting Cyber Security Support Model on the left side, then selecting the relevant training.

Then fill in the required information and submit the call to us. This will save you time as you will not have to call or email us.  We will then contact you to discuss the request further.

How this service aligns with the Cyber Assessment Framework

Open the expanders below to find out how this service aligns to the principles and outcomes of the Cyber Assessment Framework (CAF).

Objective A: Managing security risk

A1.a You have effective organisational security management led at board level and articulated clearly in corresponding policies.

A1.b Your organisation has established roles and responsibilities for the security of networks and information systems at all levels, with clear and well-understood channels for communicating and escalating risks.

A1.c You have senior-level accountability for the security of networks and information systems, and delegate decision-making authority appropriately and effectively. Risks to network and information systems related to the operation of essential functions are considered in the context of other organisational risks.

A2.b You have gained confidence in the effectiveness of the security of your technology, people, and processes relevant to essential functions.

A4.a The organisation understands and manages security risks to networks and information systems supporting the operation of essential functions that arise as a result of dependencies on external suppliers. This includes ensuring that appropriate measures are employed where third party services are used.

Objective B: Defending systems against cyber attack

B1.a You have developed and continue to improve a set of cyber security and resilience policies and processes that manage and mitigate the risk of adverse impact on the essential function.

B1.b You have successfully implemented your security policies and processes and can demonstrate the security benefits achieved.

B6.a Cyber Security culture.

B6.b The people who support the operation of your essential function are appropriately trained in cyber security. A range of approaches to cyber security training, awareness and communications are employed.

Objective D: Minimising the impact of cyber security incidents

D1.a You have an up-to-date incident response plan that is grounded in a thorough risk assessment that takes account of your essential function and covers a range of incident scenarios.

D1.b You have the capability to enact your incident response plan, including effective limitation of impact on the operation of your essential function. During an incident, you have access to timely information on which to base your response decisions.

D2.b Your organisation uses lessons learned from incidents to improve your security measures.

Last edited: 16 December 2024 9:42 am