State IT suppliers face cyber security requirement
All businesses must from next month meet a cyber security standard if they want to bid for government contracts involving handling information and providing IT services.
In fact, ‘Cyber Essentials’ (CE) will be required of suppliers from October 1st on government work that includes the handling of sensitive or personal data and the provision of “technical products or services.”.
The Cabinet Office adds that early adopters of the IT security certification include smaller firms like Nexor, Tier 3 and Skyscape, as well as larger ones like BAE Systems, Barclays, Vodafone and Hewlett Packard.
The latter is already beginning to demand CE from its own supply chain, as HP Public Sector earlier this month said that the standard would become mandatory for all its suppliers, including 600 or so SMEs.
Once these firms have the accreditation, it can also be used to show to “non-government customers” that they take IT security “seriously,” touted Francis Maude, the Cabinet Office minister.
“It’s vital that we take steps to reduce the levels of cyber security risk in our supply chain,” he said, unveiling the two –tier accreditation for would-be government suppliers.
“Cyber Essentials provides a cost-effective foundation of basic measures that can defend against the increasing threat of cyber attack.”
A new accreditation body, QG, has been set up to help those wanting to get CE, and it joins CREST and the IASME Consortium in appointing firms who certify company applications.