UK suppliers shackled with warnings they must conform to new government security standards

Want to work on a public sector contract? You'll need to be able to prove your security is completely up to snuff, the government wants to remind all potential bidders.

The Cabinet Office needs suppliers to conform to its new 'Cyber Essentials' standards it launched in June to win work, it has said.

Specifically, from 1 October, all suppliers must be compliant with those controls if bidding for government contracts which involve handling of sensitive and personal information and provision of certain technical products and services.

Cyber Essentials offers a set of five "critical controls" that are claimed to be applicable to all types of organisations, of all sizes, giving protection from the most prevalent forms of threat coming from the Internet.

For Cabinet Office Minister Francis Maude, "Cyber Essentials is a single, government and industry endorsed cyber security certification. It is accessible for businesses of all sizes and sectors to adopt, and I encourage them to do so.

"It’s vital that we take steps to reduce the levels of cyber security risk in our supply chain. Cyber Essentials provides a cost-effective foundation of basic measures that can defend against the increasing threat of cyber attack. Businesses can demonstrate that they take this issue seriously and that they have met government requirements to respond to the threat.

"Gaining this kind of accreditation will also demonstrate to non-government customers a business’s clear stance on cyber security," he adds.

Pushing Down Into The Supply Chain

Early adopters of the scheme have included BAE Systems, Barclays, Hewlett-Packard, Vodafone and the Confederation of British Industry, as well as small businesses like Nexor, Tier 3 and Skyscape, says the government.

It also points out that HP has already published guidance on how SMEs in its supply chain can work with the standard.

(c) 24n.biz