Section 4 — Cyber Awareness
============================
Statutory anchor: NCSC Cyber Essentials; Cyber Security and Resilience
Bill 2026 (expected Royal Assent late 2026 / early 2027).

Cyber posture status:
  · NCSC Cyber Essentials               ✓ Certified, valid until 14 Aug 2026
  · Workforce training                  ✓ 85/92 staff completed core module
  · Incident reporting procedure        ✓ Tested 2 Feb 2026 (tabletop)
  · Phishing simulation                 — Not yet deployed (Pro add-on, Cycle 5)
  · Supply-chain assurance              ✓ Evidence pack shared with 3 clients

Role overlays applied:
  · IT admin overlay (15 min) — assigned to 2 IT staff
  · BYOD overlay (8 min) — assigned to 28 mobile workers
  · Lone-worker overlay (8 min) — assigned to 4 staff

Training records: see attached cyber-training-records.csv
Audit log:        see attached cyber-audit-log.csv (11 entries this quarter)
