Visit our devolution and LGR hub for the latest information, support and resources
This guide explores the cyber security risks to be aware of in the earliest stages of a new procurement, and how to engage with the market to develop security controls for the procurement. It will help you to apply your council’s risk assessment framework in practice and to design the right security approach for your procurement.
This section provides information about how to assess your council's potential risk appetite and quantify the cyber risks associated with a new procurement in order to put proportionate cyber security controls in place.
This guidance is based on National Cyber Security Centre (NCSC) principles and is not formal guidance and should not be applied as such. It should be used to have conversations about how the issues raised can be dealt with locally. It does not constitute legal advice and should not be relied upon in that capacity. Independent legal advice should always be sought.
In this section:
How to assign a cyber risk profile to new procurement requests
Cyber risk profiles will be constructed and assigned depending on your council’s individual cyber risk evaluation framework and subsequent risk appetite.
How to set minimum cyber security controls based on the procurement’s cyber risk
Once cyber risk profiles have been determined, you can define the minimum cyber security controls you need your suppliers to adhere to.
How to engage with suppliers to refine cyber security controls
Market engagement is a key part of any procurement process, and can be a great way of testing and refining requirements before tendering, as well as maximising outreach to promote a wider and more diverse supplier base.