Contact Us Contact Us Contact Us
Contact Us Contact Us Contact Us

Cyber Risk Framework Workshop

Embed cyber risks within your risk register

Get a Free Consultation

The Cyber Risk Framework Workshop is the third stage of NHS Digital’s Cyber Security Support Model and is designed to provide NHS Organisations with a risk framework to identify cyber security risks and align these to the corporate risk framework.

The Cyber Risk Framework Workshop provides effective cyber risk management by enabling actions that reduce the risk of cyber-attack to be prioritised in a consistent way across organisations. Risks can also be mapped to the existing organisation-wide risk framework.

The Cyber Risk Framework Workshop provides evidence for 6 requirements of the Data Security and Protection Toolkit

The Cyber Risk Framework Workshop is offered to eligible NHS Organisations and can be fully funded by NHS Digital.

What we do

Our Cyber Risk Framework Workshop is designed to strengthen your healthcare organisation’s cyber security defenses. We start by conducting a comprehensive risk assessment to identify vulnerabilities and evaluate your current practices.

We then guide you through the implementation of a tailored cyber risk framework that aligns with healthcare-specific regulations and best practices. Our interactive workshops, led by seasoned experts, provide practical insights and hands-on training to address your unique challenges.

Following the workshop, we offer strategic recommendations to enhance your cyber security strategy and ensure effective risk management. Our ongoing support helps you integrate these practices seamlessly into your operations, ensuring long-term resilience and regulatory compliance.

With our expertise, you’ll be better prepared to protect sensitive healthcare data and mitigate potential cyber threats.

Need help with cyber security solutions? We are experts!

Contact us

What's included

Each engagement covers the following main areas:

1. Threat Modelling

  • Threat models can counteract the “controls-first” mind set and also risk assessment driven by vulnerabilities. Threat models can help determine what actual threats exist.
  • Threat models need to clearly define relationships between assets, threats and attacks, to help identify gaps in security controls.

2. Risk Assessment

  • A risk assessment based on ISO 27005:2011 will be developed based on the specific risks identified within the NHS Organisation.
  • Risks associated with third party suppliers will also be identified.

3. Risk Profile

  • The risk profile is a summary of the risk assessment with the critical and high scoring risks listed, along with summary metrics and charts.
  • The risk profile provides an overview of which areas to focus on, and an overall risk score.

4. Remediation Action Plan

  • Risks that are not accepted, based on the risk criteria from the risk assessment will be placed into a remediation action plan which will include tactical and strategic actions, to ensure the root causes of vulnerabilities are addressed.

5. Mapping to Organisation Risk Management

  • Critical risks and high risks from the cyber security risk assessment will be summarised and mapped to the organisation’s existing risk management.

How We Work

We deliver the whole spectrum of cyber security services, from long-term, enterprise wide strategy and implementation projects to single penetration tests.

Our team works with you to identify and assess your organisation’s vulnerabilities, define enterprise-wide goals, and advise how best to achieve them.

Our recommendations are clear, concise, pragmatic and tailored to your organisation.

Independent, unbiased, personalised – this is how we define our services. We guide you to spend wisely and invest in change efficiently.

Our recommendations are clear, concise, pragmatic and tailored to your organisation.

A hand click a security logo

Independent, unbiased, personalised – this is how we define our services. We guide you to spend wisely and invest in change efficiently.

A man typing on a keyboard while engaging in a discussion with others, indicating collaboration or teamwork

Follow us

Facebook-f X-twitter Instagram Linkedin-in

Let’s Explore How We Can Support Your Cybersecurity Journey

Discover Our Latest Research

AdobeStock_1499266834

AI Security: The Operational Reality  

A technical deep dive into real-world vulnerabilities exposed by AI. The biggest risk to your AI deployment is not superintelligence; it is a logic error. While the security industry can sometimes fixate on theoretical debates about the future of Generative AI, for those of us working in defensive security and AI assurance, the current reality […]
Read More
AdobeStock_1697727222

Data Security and Protection Toolkit (DSPT) 2025/2026 CAF

The new DSPT for 2025/2026 is now more closely aligned to the NCSC Cyber Assessment Framework (CAF). This means more outcome-based auditing, focused on how well organisations achieve the intended security and governance goals. Organisations are required to have an independent audit assessment to the agreed CAF-aligned DSPT audit framework. Dionach can provide these independent […]
Read More
ISO 27001

From Policy to Practice: Penetration Testing for ISO 27001

ISO 27001:2022 is the international standard for establishing, implementing, maintaining, and continually improving an Information Security Management System (ISMS). While the standard does not explicitly mandate penetration testing, it remains a critical supporting activity for demonstrating technical assurance and verifying the effectiveness of security controls. By incorporating regular, scoped, and risk-aligned penetration testing into their […]
Read More
Contact Us

Contact Us Reach out to one of our cyber experts and we will arrange a call