Monitoring and surveillance of our digital platform
The UK government has unveiled a new Cyber Governance Mapping document, a valuable tool designed to clarify how its recently launched Cyber Governance Code of Practice aligns with various domestic and international cyber security standards and frameworks. This document provides a detailed comparison, highlighting similarities and differences to help organizations understand how their adherence to the Code correlates with established frameworks like ISO/IEC 27001:2022 and the World Economic Forum (WEF) Principles for Board Governance of Cyber Risk.
Aiding Understanding and Integration
The mapping document serves several purposes. Firstly, it helps boards, directors, and senior cyber leaders comprehend the expectations of the Cyber Governance Code of Practice by contextualizing its principles and actions within the broader governance responsibilities.
Secondly, it illustrates alignment and gaps between the Code’s specific governance actions (such as defining roles, reporting frequency, and assurance mechanisms) and other standards, making it easier for organizations to integrate their Cyber Governance Code compliance efforts with existing frameworks.
Lastly, it supports assurance and oversight activities by providing clarity on how Code requirements fit with internal audit, management review, and organizational leadership commitments described in other standards like ISO/IEC 27001:2022.
Case in Point
For instance, the document aligns Code actions under Principle E (Assurance and oversight) with corresponding clauses in ISO/IEC 27001:2022 and the WEF principles for board governance, including mandating cyber governance structures with defined roles (executive and non-executive), formal quarterly reporting with metrics, and executive awareness of regulatory obligations.
A Transparent Alignment
By positioning the Cyber Governance Code within the ecosystem of cyber standards and international best practices, this mapping document reduces confusion about overlaps or gaps, enabling organizations to implement consistent governance practices domestically while meeting international expectations.
Collaborative Effort and Continuous Improvement
The mapping document is a collaborative effort between the UK government, industry, and international stakeholders. It is a live document, subject to periodic reviews and updates to ensure its relevance and accuracy in the ever-evolving cyber security landscape.
Additional domestic and international cyber standards and frameworks will be included in the mapping document as they are completed. The mapping document is currently under review by NIST's National Online Informative References Program for compatibility with the NIST Cybersecurity Framework. Once the review by NIST is completed, the 'draft' disclaimer will be removed from the mapping document.
Supporting Digital Risk Management
The Cyber Governance Mapping document has been created to support the adoption of the Code. The UK government is working with industry to improve the management of digital risks and increase cyber resilience across the economy. The government continues to work with the Department for Science, Innovation and Technology while the mapping to the NIST Cybersecurity Framework is under review.
In summary, the Cyber Governance Mapping document clarifies the Cyber Governance Code of Practice by providing a transparent, actionable alignment with other key domestic and global cyber standards and frameworks, aiding organizational governance integration, assurance, and compliance.
[1] Cyber Governance Code of Practice [2] Cyber Governance Mapping Document
- The Cyber Governance Mapping Document aids in the integration of an organization's compliance efforts with the Cyber Governance Code of Practice by illustrating the alignment and potential gaps between the Code's specific governance actions and other established standards, such as ISO/IEC 27001:2022 and the World Economic Forum (WEF) Principles for Board Governance of Cyber Risk.
- The Cyber Governance Mapping Document, a collaborative effort by the UK government, industry, and international stakeholders, positions the Cyber Governance Code of Practice within the ecosystem of cyber standards and international best practices, facilitating the implementation of consistent governance practices domestically while meeting international expectations in the field of data-and-cloud-computing and technology.
