top of page
Search

Project Partner Challenge: Call for collaboration on a cybersecurity compliance model

  • spriteplus
  • Jan 8
  • 3 min read

Updated: Jan 9

Background:

Companies have lost 2.8 billion to cybercrimes this year alone; therefore, due to the increasing threat of cybercrime, several interconnected cybersecurity compliance frameworks, standards and regulations have been developed. Including the NIST Cybersecurity Framework, GDPR, ISO/IEC 27001, PCI DSS and COBIT 2019. However, existing frameworks, such as COBIT 2019, provide high-level guidance but lack the nuanced detail required for companies to translate legal frameworks into daily practice. As a result, organisations must find ways to translate abstract requirements into contextualised, actionable tasks on their own, leading to inefficiency, duplication of effort, and potential compliance gaps.

This project seeks to use COBIT 2019, an existing high-level meta framework, as the foundation for a unified compliance model, which covers other cybersecurity standards, frameworks and regulations. The objective is to create a unified operational model which contextualises legal requirements and supports selective compliance demonstrations, including during audits and regulatory inspections.

 

Call for Proposals:

SPRITE+ welcomes applications to co-develop with METCLOUD a unified contextualised cybersecurity compliance model that will:

  • Integrate multiple cybersecurity frameworks, standards, and regulations into one cohesive structure

  • Provide drill-down capability from high-level governance objectives to specific, actionable tasks and required evidence artefacts

  • Preserve the contextual detail of each source standard, avoiding overgeneralisation

  • Enable organisations to extract and report on compliance with any individual framework or regulation as required

  • Allow easy incorporation of new standards, ensuring the model can continuously incorporate new regulations


Application deadline: Friday 20th February 2026

Download the application form here:

 

Resources:

The successful applicant will be supported with a range of valuable resources to ensure effective project delivery, including:

  • Access to anonymised compliance documentation and audit artefacts generated by METCLOUD, providing real-world examples to inform framework development

  • Expert guidance from METCLOUD’s compliance and governance specialists

  • Published crosswalks and mappings (e.g., NIST mappings to ISO/IEC)

  • Access to prototype web application infrastructure where the unified framework and prototype can be modelled, tested, validated, and improved

  • Optional use of open-source compliance management tools and ontologies


Timeline:

  • Call for application sent out: 9th January 2026

  • Applications deadline: 20th February 2026

  • Applicants informed of outcome: 27th February 2026

  • Full proposal to be submitted by 1st April 2026

  • Projects to start no later than 1st June 2026

  • Project to complete by no later than 30th June 2027


This is a year-long commission, structured into four key phases, including:

  1. Months 0–3: Review of frameworks, regulations, and prior mapping efforts

  2. Months 3–6: Development of a contextualised unified framework model with task-level detail and evidence mapping

  3. Months 6–9: Integration into a prototype web application and validation with selected case studies

  4. Months 9–12: Refinement, testing, and final reporting of findings and deliverables


Funding:

Maximum total grants size is £52,000.

Funds will be awarded at 80% fEC in accordance with normal UKRI practices. In practical terms, this means that SPRITE+ will fund 80% of the total costs outlined in successful proposals. Funds awarded will be subject to standard UKRI grant terms and conditions, which are non-negotiable.

The duration of work funded by this project will be no longer than 12 months commencing no later than 1st June 2026 and finish no later than 30th June 2027.

Eligible items for funding:

  • Replacement Salary costs of the expert fellow

  • Costs of research assistance for the expert fellow

  • Costs of workshops/meetings

  • Travel and subsistence expenses

  • Sundry research costs


If you have any questions, please get in touch with us at spriteplus@manchester.ac.uk


bottom of page