Visit our devolution and LGR hub for the latest information, support and resources
Key ongoing cyber security requirements, arrangements, terms and conditions should contractually require suppliers to continuously monitor their cyber security and cyber resilience arrangements or plans; improve these arrangements when necessary; and provide regular reports throughout the contract term.
Ongoing monitoring might include:
- Review of General cyber security controls to be adhered to
- Right to audit
- Pen tests
Ongoing improvement might include:
- Ability to invoke a break clause in the contract if the supplier security fails to improve and does not meet expected standards
Ongoing reporting might include:
- Disclosure of component vulnerabilities, cyber incidents or data thefts
- Disclosure of changes and improvements made security controls and resilience plans
What is the purpose of ongoing cyber security contractual requirements?
There are a number of reasons for ongoing cyber security requirements embedded in contracts including but not limited to: