Visit our devolution and LGR hub for the latest information, support and resources
This guide explores effective evaluation tools and processes for understanding supplier risk and embedding cyber resilience in your supply chain during the tendering phase.
In the tender stage, invitations to tender (ITTs, RFPs, RFQs) are released to the market and potential suppliers are evaluated against all requirements, including cyber security requirements. See In this section below for information about the activities specifically related to the Tendering phase.
This guidance is based on National Cyber Security Centre principles. It is not formal guidance and should not be applied as such. It can be used to have conversations about how the issues raised can be dealt with locally. It does not constitute legal advice and should not be relied upon in that capacity. Independent legal advice should always be sought.
In this section:
How to test supplier cyber resilience in the tendering phase
There are different methods that your council can use to assess a supplier's ability to meet your cyber security requirements.
How to design evaluation and selection criteria for cyber resilience in the tendering phase
This section considers the different approaches to evaluating suppliers' responses to questionnaires in order to select the most appropriate suppliers.
How to evaluate and validate supplier responses in the tendering phase
Evaluating suppliers’ responses is going to be a cross team effort, however there are some cyber-related specific steps that might be helpful for each tender.