The eagerly awaited Cyber Assessment Framework (CAF) to help organisations to manage risks to their essential services in accordance with the Network and Information Security (NIS) Directive has now been published.

Sector Competent Authorities (CAs) will be able to use the CAF to assess and enforce compliance under the NIS Directive for Operators of Essential Services (OESs) that fall within the Directive’s scope. The first version framework, produced by the National Cyber Security Centre, provides a systematic method for assessing the extent to which OESs are achieving the outcomes specified by the 14 NIS Directive’s security objectives.

The CAF stresses the outcomes of what needs to be achieved rather than exactly how it needs to be done for compliance with the NIS Directive. Each contributing outcome is assessed by a set of indicators of good practice. The National Cyber Security Centre cautions that assessment of these contributing outcomes is “primarily a matter of expert judgement” and the indicators of good practice do not remove the requirement for the “informed use of cyber security expertise and sector knowledge”.

The NIS Directive comes into effect on 9th May 2018.

Gemserv will soon be publishing a series of papers to help you understand what the requirements are for your business and how we can help you ensure you have the appropriate governance and processes to meet the directive.  If you would like to receive our papers please use the form below:



*Problems with downloading? Email requesting the paper, and we will send you a copy!


Our Latest Insights.

Our work means different things to different clients and we wanted to share some details of the projects we have managed to give you an insight into our capabilities and the impact we have delivered as a business.


View All Insights

Say Hi.

Did you like what you read? Did you want to find out more about the subject? Or did you simply want to get in touch with us? Either way if you would like to get in touch with us you can do so using the form on the right.

Gemserv will use your details to get in touch with you and to send you information about our products and services that you have requested, in accordance with our privacy policy. You can, of course, opt out of these communications at any time!

Get In Touch

Want to find out more?

Follow the links below find out more about the services we provide, our insight into the industries we serve or the opportunities available with us.
Sectors Capabilities Our Insights Careers