About this phase
During this phase, a competent authority should devise a formal process to monitor and evaluate the strategy. In the monitoring phase, the government should ensure that the strategy is implemented in accordance with its Action Plan. In the evaluation phase, the government and its competent authority should assess whether the strategy is still relevant in light of the changing risk environment and whether it still reflects the government’s objectives and what adjustments are necessary.
For advice on this phase see the ‘Guide to developing a national cybersecurity strategy’; Second Edition, 2021, p.25.