This guide explores the cyber security risks to be aware of in the earliest stages of a new procurement, and how to engage with the market to develop security controls for the procurement. It will help you to apply your council’s risk assessment framework in practice and to design the right security approach for your procurement.
This section provides information about how to assess your council's potential risk appetite and quantify the cyber risks associated with a new procurement in order to put proportionate cyber security controls in place.
This guidance is based on National Cyber Security Centre (NCSC) principles and is not formal guidance and should not be applied as such. It should be used to have conversations about how the issues raised can be dealt with locally. It does not constitute legal advice and should not be relied upon in that capacity. Independent legal advice should always be sought.