Skip to main content

NCSC assured NHS Senior Information Risk Owner (SIRO) training

We’re offering centrally funded cyber security training course to Senior Information Risk Owners (SIROs) working in NHS trusts and Integrated Care Boards (ICB’s).

Page contents

This NCSC Assured training by Templar Executives on behalf of NHS England will help SIROs and their deputies to improve their knowledge about cyber security risks. The training can be delivered in person or virtually over a day, or over 2 half days.

This tailored training and mentoring provides a safe and trusted space for discussion and enables sharing of best practice to manage cyber and information risk in a dynamic healthcare environment.

Overview
  • the cyber landscape encompassing threats, vulnerabilities and the latest trends
  • NHS context for example Department of Health and Social Care (DHSC) cyber strategy, DSPT, CAF and legal and regulatory requirements
  • understanding information assets; leadership and accountability
  • governance including best practice; strategy, leadership, policy and vulture
  • information risk management including supply chain
  • assurance, reporting and Key Priority Areas (KPIs)
  • communications and culture change, including a range of resources
  • business continuity and cyber incident recovery/resilience
  • discussion in a trusted environment, including questions and answers, priorities and next steps.

Benefits

Benefits include

  • access to experienced and NCSC Assured trainers, who are able to draw on experience and insights from across public and private sectors
  • best practice advice with tailored context to support the NHS and your own organisation’s strategy and plans
  • advice and support on actions a SIRO can take to minimise the risk both on patient care and the organisation’s reputation, finance and operations

Register for this training

To register for this training or to find out more, raise a call to the helpdesk using the NHS Digital Service Now portal

You will need to register for an account by providing your name, work email and organisation ODS code. Once logged in raise a request by selecting request something, selecting Cyber Security Support Model on the left side, then selecting the relevant training.

Then fill in the required information and submit the call to us. This will save you time as you will not have to call or email us.  We will then contact you to discuss the request further.

How this service aligns with the Cyber Assessment Framework

Open the expanders below to find out how this service aligns to the principles and outcomes of the Cyber Assessment Framework (CAF).

Objective A: Managing security risk

A1.a You have effective organisational security management led at board level and articulated clearly in corresponding policies.

A1.b Your organisation has established roles and responsibilities for the security of networks and information systems at all levels, with clear and well-understood channels for communicating and escalating risks.

A1.c You have senior-level accountability for the security of networks and information systems, and delegate decision-making authority appropriately and effectively. Risks to network and information systems related to the operation of essential functions are considered in the context of other organisational risks.

A2.a Your organisation has effective internal processes for managing risks to the security of network and information systems related to the operation of essential functions and communicating associated activities.

A2.b You have gained confidence in the effectiveness of the security of your technology, people, and processes relevant to essential functions.

Objective B: Defending systems against cyber attack

B1.a You have developed and continue to improve a set of cyber security and resilience policies and processes that manage and mitigate the risk of adverse impact on the essential function.

B1.b You have successfully implemented your security policies and processes and can demonstrate the security benefits achieved.

B6.a Cyber security culture.

B6.b The people who support the operation of your essential function are appropriately trained in cyber security. A range of approaches to cyber security training, awareness and communications are employed.

Objective D: Minimising the impact of cyber security incidents

D1.a You have an up-to-date incident response plan that is grounded in a thorough risk assessment that takes account of your essential function and covers a range of incident scenarios.

D1.b You have the capability to enact your incident response plan, including effective limitation of impact on the operation of your essential function. During an incident, you have access to timely information on which to base your response decisions.

D2.b Your organisation uses lessons learned from incidents to improve your security measures.

Last edited: 16 December 2024 9:07 am