Government formally unveils annual independent cyber audits for all departments

Written by Sam Trendall on 24 April 2023 in News

Ministerial announcement follows initial examinations of Home Office and business department earlier this year

Credit: methodshop/Pixabay

The government has formally unveiled the GovAssure programme which will require all departments to undergo annual external audits of cyber-resilience.

The initiative, which was first trailed in the Government Cyber Security Strategy in January 2022, will require yearly investigations of the cyber protections of all Whitehall departments and some arm’s-length bodies. The procedures, which will be overseen by the Cabinet Office-based Government Security Group, will use the National Cyber Security Centre’s Cyber Assessment Framework to review organisations’ security practices.

Audits will include evaluation by external assessors, while the Cabinet Office will provide “centralised security policy and guidance” to help inform departments’ security policies. 

PublicTechnology revealed earlier this year that the central department had awarded a deal to security firm C3IA to support the fulfilment of a pilot phase in which the Home Office and the then Department for Business Energy and Industrial Strategy underwent GovAssure assessments.

Related content

The text of the contract with cyber company revealed that “once [an audit is] complete, a department will receive a ‘get well’ report listing current vulnerabilities which will then allow it to spend its cyber budget more effectively and to mitigate specific risks quickly”.

Announcing the full rollout of the programme in the coming months, government chief security officer Vincent Devine said the audit regime represents “a transformative change in government cybersecurity”.

“GovAssure will give us far greater visibility of the common cyber security challenges facing government,” he said. “It will set clear expectations for departments, empower hard-working cybersecurity professionals to strengthen the case for security change and investment, and will be a powerful tool for security advocacy.”

Chancellor of the Duchy of Lancaster Oliver Dowden – who has since also taken on the mantle of deputy prime minister – added: “Cyberthreats are growing, which is why we are committed to overhauling our defences to better protect government from attacks. Today’s stepped up cyber assurance will strengthen government systems, which run vital services for the public, from attacks. It will also improve the country’s resilience; a key part of our recent Integrated Review Refresh.”


About the author

Sam Trendall is editor of PublicTechnology. He can be reached on

Share this page




Please login to post a comment or register for a free account.

Related Articles

Interview: CDDO chief Lee Devlin on the ‘move from being disruptive to collaborative’
23 May 2023

In the first of a series of exclusive interviews, the head of government’s ‘Digital HQ’ talks to PublicTechnology about the Central Digital and Data Office’s work to unlock £8bn...

Government urged to update product safety standards for internet age
15 May 2023

Parliamentary committee laments pace of progress so far in changing rules

AI laws must ‘support businesses while protecting citizens’, Scottish minister says
12 June 2023

Richard Lochhead – who has requested an urgent pan-UK meeting – believes government should avoid ‘unnecessary red tape’

Ministers pledge to remove Chinese tech from government sites
9 June 2023

Move comes alongside plan to create national security-focused procurement team

Related Sponsored Articles

Proactive defence: A new take on cyber security
16 May 2023

The traditional reactive approach to cybersecurity, which involves responding to attacks after they have occurred, is no longer sufficient. Murielle Gonzalez reports on a webinar looking at...