Statement: General policy on ensuring compliance with security duties

  • Start: 08 March 2022
  • Status: Statement published
  • End: 31 May 2022

We have now published our statement of general policy regarding how we will exercise our new functions to seek to ensure that providers comply with their new security duties under the revised security framework. This explains the procedures that we generally expect to follow in carrying out our monitoring and enforcement activity. We are also providing general guidance about which security compromises we would normally expect providers to report to Ofcom and the process for reporting them.

In addition, we have now updated our 2017 guidance on security requirements to reflect the new framework. In particular, we have decided to retain our 2017 guidance only insofar as it relates to the sub-category of security compromises relating to the resilience of networks and services, in terms of availability, performance or functionality.

Main documents

Supporting documents

loading icon


Responder name Type
AMR Cybersecurity (PDF File, 115.1 KB) Organisation
BT (PDF File, 528.4 KB) Organisation
BUUK Infrastructure (PDF File, 182.6 KB) Organisation
Cellnex UK (PDF File, 244.2 KB) Organisation
Cityfibre (PDF File, 813.9 KB) Organisation
Load more