Blog

Cyber Assessment Framework, plan for mandatory compliance on the horizon

Written by Adam Lewis | 24-Nov-2021 11:57:56

MSPs and cloud providers in line for legal regulations after government consultation.

Government officials have issued their response to a cyber security consultation held earlier this year looking at possible changes to the Computer Misuse Act. Now the responses have been digested it is looking increasingly likely that information security practices are going to become a matter of a legally binding framework of responsibilities.

The new regulations will not only be the preserve of MSPs but will encompass any cloud related business. Minister for Digital, Julia Lopez, offered a statement: "We are taking the next steps in our mission to help firms strengthen their cyber security and encouraging firms across the UK to follow the advice and guidance from the National Cyber Security Centre to secure their businesses' digital footprint and protect their sensitive data."

The report contains many concerns and recommendations. At the top end a strong desire for a higher level of government intervention in the industry's biggest players highlighting the current lack of power the government faces when dealing with the multi-nationals: "We cannot manage the risk from tech multinationals - we do not have a negotiating stance. We need a mechanism for holding Managed Service Providers to account."

More broadly the desire for standardisation is strong, at an international level if possible: "Government should standardise an existing industry framework. Standardised frameworks, approaches and processes are needed - the more international the better."

To view the full response the recommendations specific to MSPs are detailed in section 4 of the Government response.