Self-assessment & CyFun verification: best chance of success

This article explains what your organization can expect during a CyFun verification. Which preparations are necessary to ensure the verification process runs smoothly? Careful preparation contributes to an efficient verification. It helps prevent delays or duplication of work.

We like to share key lessons learned from previous engagements to help you prepare effectively. Let’s make sure the process runs as smoothly as possible!

CyFun Preparation Sessions

Brand Compliance organizes online CyFun preparation sessions for its clients. During these sessions the CyFun verification process is explained. There is ample opportunity to discuss key points of attention and to ask practical questions. Participation is voluntary and free of charge. After concluding an agreement, you will receive an invitation to attend one of these sessions.

CyFun self-assessment: Minimum Maturity Level

For CyFun Basic, the overall maturity level must be at least 2.5. For CyFun Important, this must be at least 3. These minimum maturity levels also apply individually to all key measures.

Substantiation of self-assessment Maturity Scores

Ensure that the ‘Details’ tab is fully completed at the measure level. The explanation of the chosen maturity levels must be clear and specific, with explicit references to the objective evidence supporting this justification.

The explanation for each measure must be self-contained and comprehensible to an external verifier. This prevents the need for additional time during the audit. It contributes to an efficient audit process.

Describe the explanation for each measure explicitly from two perspectives: documentation and implementation. This structured approach makes the justification more concrete and easier for an external auditor to verify. This helps to minimize the risk of the audit being delayed or extended.

Objective evidence during the verification

At the start of the on-site CyFun verification, your organization must ensure that all objective evidence included in the self-assessment is immediately available. The verifier will not search for evidence independently.

It is not intended that the objective evidence be submitted in advance, together with the self-assessment.

Original format of the self-assessment

When submitting the self-assessment, always use the original Excel format provided by the Centre for Cybersecurity Belgium. If a modified version is submitted, the request for verification cannot be processed.

Dealing with misstatements

The self-assessment must not be amended during the CyFun verification process, unless this is done in response to an identified misstatement. In such cases, the self-assessment may only be adjusted downwards.

If the verifier identifies a misstatement, your organization amends the self-assessment itself. The amended version, which reflects the verifier’s conclusion, is then submitted to Brand Compliance. This version forms the basis for the final verification statement.

The value of a well-prepared self-assessment

Thorough and comprehensive preparation helps ensure a smooth and efficient verification process. Submit the self-assessment carefully prepared and well-substantiated. This way you increase the likelihood of a smooth verification process and a positive verification statement.

If a claim cannot be confirmed, a new CyFun verification offers the option to have it reassessed at a later time.

Questions

If you have any questions regarding the CyFun verification or its preparation, please contact us!