Overview
With the UK Cyber Security and Resilience Bill coming into force, Managed Service Providers (MSPs) will soon fall under the Network and Information Systems (NIS) Regulations. The NCSC’s Cyber Assessment Framework (CAF) will form the basis for assessing MSP compliance.
Adoptech’s CAF Assurance Scheme helps MSPs prepare for, evidence, and independently validate compliance with the CAF principles. Achieving Adoptech CAF Assurance provides trusted, third-party assurance that your organisation has provided evidence of compliance with the CAF controls you have in scope.
How the Assurance Process Works
1. Onboard and Configure
Begin by onboarding to the Adoptech automated compliance platform, where the full CAF framework is available in a simple, guided format.
You’ll:
- Upload or generate policies using the Adoptech policy wizard
- Complete the Risk, Supplier and Legal Registers
- Assign owners for controls, policies, and KPIs
- Upload evidence manually or automatically through integrations
Each CAF control includes plain English guidance and example treatment plans to help you define your internal processes. You can also tailor the scope of controls to fit your organisation’s specific risks and operations.
2. Prepare for Assessment
Next, you’ll review each CAF control and confirm it meets the “Achieved” status.
You can upload supporting documentation or configure integrations (e.g. AWS, Microsoft 365, GitHub) to automatically collect evidence of compliance.
Your organisation’s Trust Centre page can also be set up to demonstrate transparency to clients — showing your real-time control status, subprocessors, and incident updates, supporting CAF’s good practice principles for communication and assurance.
3. Independent Assessment
Once your preparation is complete, an independent Adoptech assessor will review your CAF framework. This will be carried out on an annual basis. They’ll:
- Evaluate the evidence you’ve provided against your control set
- Generate a summary report detailing the controls reviewed
4. Accreditation and Publication
If the evidence demonstrates you are meeting the CAF controls in scope your organisation will be awarded Adoptech CAF Assured Trustmark.
You’ll receive:
- An independent audit report
- An Trustmark Badge for use on your Trust Centre and marketing materials
You can also choose to publish your accreditation summary on your Trust Centre page, alongside your governance documents and real-time compliance status, to give customers and regulators visibility of your cyber assurance posture.
Why It Matters
- Meet NIS and ICO regulatory expectations
- Demonstrate cyber maturity and transparency
- Identify and close compliance gaps early
- Gain independent, third-party validation
Get Started
Start building confidence in your security posture — and prepare for NIS readiness — with Adoptech CAF Assurance.
Our regulatory consultants are also available to provide further NIS guidance, run programmes and conduct internal audits. Please contact a member of the team and ask to speak to our Professional Services Team.
Adoptech is providing this service for MSPs in partnership with Brigantia.
