Question to the Cabinet Office:

To ask Her Majesty's Government what steps they are taking to ensure that best practice in evaluating the cyber security of supply chains is being shared across government departments.

The government takes supply chain security seriously. The requirement to understand and manage cyber security issues arising from a department’s supply chain is detailed in Item 1 of the Minimum Cyber Security Standard.

The use of Cyber Essentials in government procurement is set out in Policy Procurement Notice 09/14. Use of Cyber Essentials demonstrates a supplier has taken necessary steps to obtain an appropriate level of cyber security.

Best practice is promoted through the advice contained in the National Cyber Security Centre and Centre for the Protection of National Infrastructure’s Supply Chain Security guidance.