Framework FAQs
      Back to home
      2. Framework FAQs

      CAF - A2.c Assurance

      This article provides additional information on how you can meet the requirement for the CAF control -A2.c Assurance

      Ongoing assurance

      • CAF controls within Adoptech are implemented are assigned an owner and regularly reviewed to ensure the compliance procedure to ensure it is relevant and fit for purpose.
      • Test are run against each controls with to ensure ongoing compliance. Where a test fails, a corrective action process is followed to address any non-compliance.
      • Vulnerability scans are run and remediation prioritised based on severity within timeframes appropriate to their risk level.
      • Regular supplier assessments are conducted and recorded in the Vendor register with any deficiencies addressed and controls reviewed accordingly.
      • All staff are required to undertake security awareness training inline with a documented training program.
      • Regular management meetings review risks, objectives, KPIs and control compliance.
      • On at least an annual basis Adoptech review the controls in place and provide an independent assessment of compliance.