CAF Information Hub
Your go-to resource for everything Cyber Assessment Framework (CAF) - expert guidance, insights, and tools to navigate every phase of your cyber assessment.
What is CAF, and why does it matter?
The UK’s Cyber Assessment Framework (CAF), developed by the National Cyber Security Centre (NCSC), offers a clear, structured path to improved cyber resilience, regulatory compliance, and stakeholder confidence.
Originally built for Operators of Essential Services (OES), CAF is now being adopted more widely across industries, from energy and healthcare to local government, giving organisations a universal language for cyber risk and resilience.
How can CAF become your competitive advantage?
At Hicomply, we help forward-thinking organisations turn CAF from a compliance checkbox into a strategic asset. Through our partnership with Waterstons, an NCSC-assured consultancy and early member of the Cyber Resilience Audit scheme, we enable your team to fast-track readiness, benchmark maturity, and automate evidence collection.
As highlighted in our CAF blog, the shift to CAF isn’t just about meeting today’s standards, it’s about future-proofing your organisation against tomorrow’s threats.
What can you learn from CAF experts?
To help you navigate the practicalities of CAF, Ed Bartlett, CEO of Hicomply, and Stew Hogg, Associate Director of Cyber at Waterstons, explain the framework’s core objectives, outcomes and implementation journey.
These short videos are designed to answer your key questions, whether you're just starting your CAF self-assessment or preparing for an audit. Learn directly from experts on how to:
- Map your existing controls to CAF
- Identify high-impact improvements
- Meet sector-specific requirements
- Build regulator-ready reports
Watch the full series below for practical, actionable insight.
Why did Hicomply partner with Waterstons?
Why we joined forces with Waterstons to deliver a complete solution for CAF readiness.
What is CAF, and how will it drive cyber maturity?
Learn how the CAF was developed by the NCSC and why it is poised to become the UK's core framework for cyber resilience across sectors, driving maturity and setting a new bar for best practice.
Where should I start with CAF?
Not sure when or how to begin your CAF journey? This video explains what’s on the horizon, why now is the time to act, and how to take a risk-based approach to implementation.
How does CAF simplify compliance across frameworks?
With so many overlapping standards like ISO 27001, SOC 2, and NIST, CAF offers a unifying structure. Discover how to align your existing frameworks and reduce compliance effort with Hicomply.
How does CAF apply to different sectors?
CAF applies to all sectors, but each will have specific requirements. Learn how different industries, from healthcare to energy, are tailoring CAF to meet their own regulatory needs.
North East businesses leading the way
Explore how we are driving national and international CAF adoption, supported by the NCSC’s Cyber Resilience Audit Scheme.
Ready to get started with CAF? Let’s talk.
Whether you're mapping your first controls, aligning with existing frameworks, or preparing for regulatory inspection, Hicomply can help. Our platform is purpose-built to:
- Streamline evidence gathering and reporting
- Map ISO, NIST and Cyber Essentials controls to CAF
- Track progress and maturity in real-time dashboards
- Work seamlessly with clients and partners
Book a demo today and see how Hicomply helps organisations like yours achieve CAF compliance faster.
Learn more: CAF unlocked: What the Cyber Assessment Framework means for your business
Ready to Take Control of Your Privacy Compliance?
See how Hicomply can accelerate your path to CAF compliance in a 15-minute demo.