NCSC 10 Steps to Cyber Security Annual Review Checklist UK

This checklist covers compliance with Network and Information Systems (NIS) Regulations 2018 and applicable UK statutory requirements for information technology operations. Non-compliance can result in fines up to £17 million under NIS Regulations 2018 and UK GDPR enforcement by the ICO.

• Industry: Information Technology
• Frequency: Quarterly
• Estimated Time: 20-30 minutes
• Role: CISO
• Total Items: 20
• Compliance: Network and Information Systems (NIS) Regulations 2018, UK GDPR (Data Protection Act 2018), NCSC Cyber Essentials Scheme, Computer Misuse Act 1990

Statutory Compliance, Registration & Risk Assessment

Verify statutory registrations, risk assessments, and Competent Person designation per UK law.

• Are all relevant statutory licences, permits, and registrations current, displayed where required, and available for inspection?
• Has a suitable and sufficient risk assessment been completed and communicated to relevant workers?
• Is a Competent Person designated for this area of compliance per the relevant statutory requirement?
• Attach photo of statutory registrations, risk assessment, and Competent Person appointment documentation:

Competence, Monitoring & Outstanding Actions

Verify worker competence, active monitoring programme, and outstanding corrective actions.

• Are all workers competent for their tasks (trained, experienced, or supervised as appropriate)?
• Is monitoring and measurement of key compliance indicators carried out at required frequencies?
• Number of outstanding corrective actions from previous inspection or audit:
• Attach photo of training records, monitoring reports, and corrective action tracker:

Emergency Procedures, Signage & Legal Notices

Verify emergency procedures, mandatory statutory signage, and drill records.

• Are emergency procedures documented, practiced through drills, and records maintained?
• Are all statutory notices, signage, and warnings correctly displayed per applicable regulations?
• Overall compliance with applicable UK statutory requirements:
• Attach photo of emergency drill records, statutory signage register, and compliance certificates:

Enforcement Compliance & Management Review

Verify enforcement notice compliance, management review programme, and senior accountability.

• Have all findings from previous regulatory inspections, enforcement notices, and prohibition orders been resolved?
• Is management review of the health and safety management system conducted at least annually?
• Number of open enforcement actions or improvement notices outstanding:
• Senior Responsible Officer certification of inspection completion:

Corrective Actions & Inspector Sign-Off

Document all deficiencies and assign corrective actions. POPProbe auto-assigns these to team members, generates a signed PDF report instantly, and tracks compliance status across all locations. -> Start free, no credit card required

• List all deficiencies identified in this inspection:
• Overall compliance status?
• Corrective actions assigned to (name and department):
• Inspector digital signature and date:

Related Technology Checklists

• ISO/IEC 27001:2022 ISMS UK Operations Certification Audit Checklist
• ISO/IEC 27001:2022 Clause 6.1 Information Security Risk Assessment
• PCI DSS v4.0 UK Merchant Compliance Annual Self-Assessment Audit
• ISO/IEC 27001:2022 Annex A Controls UK Operations Compliance Audit
• ISO/IEC 27001:2022 Surveillance Audit Readiness Checklist UK
• HSE Management Standards for Work-Related Stress Annual Assessment
• ICO Data Protection Fee Registration & Renewal Compliance Audit
• UK GDPR & ICO Employment Practices Employee Monitoring Audit

Related Workplace Safety Checklists

• CERT-In Directions April 2022 Cybersecurity Compliance Checklist - FREE Download
• CERT-In 6-Hour Incident Reporting Compliance Checklist - FREE Download
• IT Act 2000 Section 43A Reasonable Security Practices ISMS Checklist - FREE Download
• DoT Telecom Security Policy 2022 Compliance Checklist - FREE Download
• ISO/IEC 27001:2022 ISMS Implementation - India Operations Audit - FREE Download
• STPI SEZ IT/ITES Export Unit Compliance & Annual Review Audit - FREE Download
• DoT & TAIPA Telecom Tower Structural Safety Inspection Checklist - FREE Download
• MeitY Cloud Policy & CERT-In Cloud Service Provider Security Audit - FREE Download
• CERT-In Vulnerability Disclosure & Responsible Reporting Compliance - FREE Download
• MeitY Cloud Security Compliance Framework Audit Checklist - FREE Download

Why Use This NCSC 10 Steps to Cyber Security Annual Review Checklist UK?

This ncsc 10 steps to cyber security annual review checklist uk helps information technology teams maintain compliance and operational excellence. Designed for ciso professionals, this checklist covers 20 critical inspection points across 5 sections. Recommended frequency: quarterly.

Ensures compliance with Network and Information Systems (NIS) Regulations 2018, UK GDPR (Data Protection Act 2018), NCSC Cyber Essentials Scheme, Computer Misuse Act 1990. Regulatory-aligned for audit readiness and inspection documentation.

Frequently Asked Questions

Browse More Checklists

• All Workplace Safety Checklists
• Technology Checklists
• Browse 10,000+ Free Checklist Templates
• Operations Blog
• Book a Demo