answer text |
<p>The Foreign and Commonwealth Office (FCO) recognises Government Procurement Policy
Note (PPN) 09/14 in its internal guidance. This PPN requires any suppliers bidding
for certain high risk contracts to be 'Cyber Essentials'-certified. Current contracts
are primarily those that involve the handling of personal data, and IT contracts related
to sensitive information. Several of our IT contracts are through G-Cloud or other
Government Digital frameworks; in line with the PPN these are already subject to comprehensive
cyber security obligations and exempt from Cyber Essentials.</p><p><br>The FCO requires
a privacy impact assessment for projects, programmes and policies which will involve
the use of personal data in any way – this includes the collection, storage, transfer
and/or disclosure of such data. As part of this assessment our IT security advisors
review the security protocols of partner organisations where appropriate.</p><p><br>Authority
to enter into contracts is devolved to directorates and departments within the FCO
in London as well as the global network. It would take a disproportionate amount of
time to determine how many contracts hold the Cyber Essentials certification.</p>
|
|