Issue - meetings

CAF Compliance

 

 

Meeting: 23/03/2026 - Cabinet (Item 39)

CAF Compliance

To consider confidential recommendations

Minutes:

The Cabinet considered a confidential report of the Director of Digital that sought authority to enter into new contracts for both supply chain risk management software and CAF compliance tools under procurement compliant framework agreements in accordance with Contract Procedure Rules. To then systematically work through the National Cyber Security Centre's (NCSC) Cyber Assessment Framework (CAF), ensuring full compliance and maximising cyber security posture across the organisation.

 

The decision was considered essential to address CAF compliance within Oldham Council, to address supply chain vulnerabilities, enhance cyber security in alignment with NCSC CAF guidance, and consolidate risk management processes by replacing manual, inefficient assessments.

 

Resolved:
That the Cabinet:

1.    Authorise the approval of a three-year contract procurement at £150,000 for supply chain risk management software via the G-Cloud framework for Oldham Council, covering a 36-month term. To authorise the approval of the additional revenue implications for years 2 and 3 at £50,000pa based on up to 500 suppliers and standard licensing for up to 5 users.

2.    Authorise the approval of a three-year contract procurement at £150,000 for the relevant CAF compliance tools via the G-Cloud framework for Oldham Council also covering a 36-month term.  To authorise the approval of the additional revenue implications for years 2 and 3 at £50,000pa.

3.    Authorise the capital allocation of £352,000 in total with £220,000 assigned for dedicated resources over a phased period of two years due to the scale of the work required (e.g., specialist consultants such as Local Digital and internal staffing backfill) to systematically work through the National Cyber Security Centre's (NCSC) Cyber Assessment Framework (CAF), ensuring full compliance and maximising cyber security posture.

4.    Notes that over three years the total cost will be £552K.

5.    Notes that the Council’s Commercial Procurement Unit will ensure compliance with the Council’s Contract Procedure Rules.