220527AuCtteePaper2Annex1Cyber_Security_FINAL

This document contains the Cairngorms National Park Authority's 2021/22 internal audit report on cyber security. The review found that while the Park Authority has some good technical security measures, improvements are needed. Specifically, they need better procedures for handling cyber events, and to improve the low (58%) completion rate of cyber security training. The report also recommends a more proactive approach to managing cyber risks, including a formal risk assessment and risk register. Several recommendations for improvement are included, with assigned owners and due dates.