How to evaluate and validate supplier responses in the tendering phase

Evaluating suppliers’ responses is going to be a cross team effort, however there are some cyber-related specific steps that might be helpful for each tender.


Work with your IT teams

Decide with your IT or cyber security, as well as your Information Governance team, what the scoring criteria is for each evaluation question. Also, you can work with them to interpret and evaluate more technical responses from suppliers.  

Check evidence

For promising suppliers who pass or score highly based on their responses, it is important you check and validate the evidence they provide.

To learn about how you and your council can translate cyber security requirements into concrete contract obligations, in addition to establishing an agreed process for monitoring and reporting, continue on to the contract guide.

While these resources are updated frequently, the threat landscape is constantly evolving with new risks and vulnerabilities. It is very important to always follow the most up-to-date guidance as given by the National Cyber Security Centre (NCSC) and other related government bodies.