Contract

This guide explores how you and your council can translate cyber security requirements into concrete contract obligations, in addition to establishing an agreed process for monitoring and reporting.

The contract phase is about confirming suppliers’ cyber resilience arrangements, and ensuring that necessary provisions are captured within the contract to keep your council safe. This guide offers information about the activities specifically related to the contract phase.

Overview of procurement life cycle with the contract phase highlighted

This guidance is based on National Cyber Security Centre (NCSC) principles. It is not formal guidance and should not be applied as such. Rather, it should be used to have conversations about how the issues raised can be dealt with locally. It does not constitute legal advice and should not be relied upon in that capacity. Independent legal advice should always be sought.

Contract

How to identify valid evidence provided by the chosen supplier

How to determine the cyber security provisions that need to be captured in the contract

How to determine the ongoing cyber security provisions that need to be captured in the contract

How to determine the exit cyber security provisions that need to be captured in the contract

Contract

Highlighted pages

Strategy

Planning

Tender

Management

Resources hub