What is a CyFun Assessment

The CyFun Assessment gives organisations a clear view of their cybersecurity maturity and supply chain exposure. It follows the CyberFundamentals Framework and helps prepare for NIS2 and other regulatory expectations.

Cyber threats such as ransomware, data breaches and supply chain attacks are now common. When a supplier is compromised, the impact can spread quickly to customers and partners, making strong cybersecurity essential for doing business.

CyFun is a key focus for the NCSC in Ireland and several European states, supporting the shared goal of improving resilience and reducing risk across organisations and their supply chains.

CommSec’s senior cybersecurity team, including CISOs, security architects and Data Protection Officers, deliver the assessment and support you through remediation and certification.

Why CyFun is important

The CyberFundamentals Framework sets out measurable, practical controls that help organisations protect data, reduce the risk of common attacks and increase overall cyber resilience. The framework is based on the NIST Cybersecurity Framework and other international standards, and it is validated using real incident data from CERT authorities.

NIS2 and wider regulatory pressure mean that larger organisations now expect their suppliers to demonstrate an appropriate level of security maturity. CyberFundamentals provides a structured and recognised way to show that your organisation manages risks effectively and that you are not a weak link in the supply chain.

The CyFun Assessment helps you protect your own organisation and helps you protect your customers, partners and wider supply chain. It provides a clear and trusted way to demonstrate that your cybersecurity practices meet recognised standards.

cyfun-wheel2 (1)

Key Benefits of CyFun Assessment


Strengthens Supply Chain Trust

Demonstrate to customers and partners that your organisation meets recognised security standards and is not a weak link in their supply chain.


Reduces Risk of Ransomware and Breaches

Identify gaps that could lead to compromise and receive practical guidance to prevent ransomware, unauthorised access, and data loss.


Supports NIS2 and Regulatory Compliance

Align your organisation with the expectations of NIS2, including governance, risk management, incident handling and supply chain oversight.


Provides a Clear and Measurable Cyber Maturity Score

Understand your current security posture using the structured CyberFundamentals Framework and track improvements over time.


Expert Guidance from CISOs and DPOs

Access senior cybersecurity and data protection experts who guide you through assessment, remediation and certification readiness.


Creates a Practical Roadmap for Certification

Receive a prioritised action plan that shows exactly what to fix, how to fix it, and how to prepare for CyberFundamentals certification.

CommSec's CyFun Assessment Services

What the CyFun Assessment includes

  1. Determining the right assurance level for your organisation

We guide you through the risk analysis required to select the most suitable CyberFundamentals assurance level: Basic, Important or Essential. These levels reflect different levels of threat exposure and control maturity.

  1. A detailed maturity assessment

Using the official CyFun Self-Assessment Tool, our consultants assess both documentation maturity and technical implementation. This covers control effectiveness, policy alignment, cyber hygiene, incident readiness and the specific Key Measures required for each level.

  1. Supply chain and dependency review

We assess the risks linked to your suppliers, partners and technology providers, following the Supply Chain controls outlined in CyFun (ID.SC-1 to ID.SC-5). This includes access pathways, third party security expectations, contractual requirements and dependency mapping. This work helps you demonstrate responsible and proportionate supply chain security to clients.

  1. Gap analysis and recommendations

CommSec provides a clear and prioritised roadmap that highlights:

  • Security gaps that prevent you meeting the required assurance level
  • Weaknesses that could be exploited by ransomware or unauthorised access
  • Policy and process updates needed for audit readiness
  • Improvements to identity, access, logging, segmentation and backup practices
  • Supply chain governance actions required for NIS2 alignment
  1. Support through remediation and certification

CommSec’s CISOs, DPOs and technical specialists help you put the recommended improvements in place. This includes policy development, control implementation, incident response planning, evidence preparation and support during external audit or certification.

Who the assessment is designed for

  • Organisations that supply to larger enterprises or government bodies
  • Organisations preparing for NIS2 compliance
  • SMEs seeking a practical and achievable cybersecurity baseline
  • Organisations looking to reduce exposure to ransomware and breaches
  • Any organisation that wants to demonstrate responsible cyber practice within its supply chain

Why CommSec

CommSec combines strong technical capability with deep governance and privacy expertise. Our consultants are experienced in supporting organisations across a wide range of sectors and understand the realities of implementing proportionate and effective cybersecurity controls.

FAQs

The CyFun Assessment is a structured review of your cybersecurity maturity based on the CyberFundamentals Framework. It identifies strengths, weaknesses and supply chain risks and provides a roadmap for improvement.

The assessment aligns with key NIS2 requirements including governance, risk management, incident handling and supply chain oversight.

Yes. The assessment identifies vulnerabilities and weaknesses that are commonly exploited in ransomware attacks and provides clear actions to improve protection.

It is suitable for Irish SMEs, organisations supplying to larger enterprises, regulated entities and any organisation wanting to demonstrate responsible cyber practice.

Yes. CommSec provides CISO and DPO expertise to guide you through remediation and preparation for CyberFundamentals certification.

Speak to an Expert



Contact the team

Speak with CommSec today to begin your CyFun Assessment and move confidently towards certification.