Skip to Content
TS-RDC-05 Trust & Stewardship Risk, Data & Compliance CORE Compliance v2.9.7

Cyber-security baseline (NCSC Cyber Essentials – UK)

Assesses the implementation of foundational cyber security controls, fulfilling the Amānah (trust) to safeguard stakeholder data. This protects against common threats, ensures operational continuity, and upholds the principles of Ḥifẓ al-Māl (protection of wealth) and Ḥifẓ al-ʿIrd (protection of dignity/reputation). It operationalizes GDPR/DPA 2018 integrity and confidentiality duties (Art. 5(1)(f), Art. 32), prevents ḍarar (harm), and enables trustee oversight of material internal controls.

Compliance 2
  • (A) Cyber Essentials Minimum Controls (5 areas)
    Compliance Mandatory (Level 3)
  • (B) Mizan Extensions: Supplier Assurance (Contracts)
    Supply Chain Mandatory (Level 4)
Good 3
  • (B) Mizan Extensions: Asset Inventory & Scope
    Governance Mandatory (Level 4)
  • (B) Mizan Extensions: MFA Enforcement (Admins/Remote)
    Access Control Mandatory (Level 4)
  • (B) Mizan Extensions: Backups (3-2-1) & IR Playbook
    Resilience Mandatory (Level 4)
Better 3
  • DMARC p=reject
    Email Security High
  • EDR/XDR Deployment
    Technology High
  • CIS Controls v8 Benchmark
    Continuous Improvement High
Best 3
  • (C) Excellence: CE Plus & Vuln Scanning
    Excellence Mandatory (Level 5)
  • Achieve Cyber Essentials Plus
    Excellence High
  • Annual Tabletop Exercises
    Resilience Medium

Related Criteria

TS-RDC-01 Multi‑scenario financial stress‑testing documented TS-RDC-02 Complaints & whistle-blowing mechanism TS-RDC-03 Due-diligence on delivery partners TS-RDC-04 Serious-incident reporting & escalation TS-RDC-06 GDPR accountability & DPIA log
Version
2.9.7 2025-11-05

Discussion (1)

Administrator 2026-03-07 11:07:51.415252

📋 **Version updated: 1.0.0 → 2.9.7** **Changes:** Updated islamic_references from mizan-297.json

Sign in to post a comment.

Back to Criteria