Question to the Department for Business, Energy and Industrial Strategy:

To ask the Secretary of State for Business, Energy and Industrial Strategy, whether the principle set out in paragraph 5.3.6 of the Government's cyber Security Strategy that everyone who works in government has a sound awareness of cyber risk applies to members of staff employed by contractors doing work procured by his Department.

The Department for Business, Energy and Industrial Strategy is committed to ensuring that contractors and their staff have a sound awareness of cyber risk matters and they take all necessary safeguards to protect the department’s information.

Where relevant, cyber security awareness, the need to ensure contractual compliance with Information Assurance standards such as ISO 27001:2013 certification and “Cyber Essentials/ Plus” is included in contract specifications and reviewed as part of the evaluation process. Contractors must comply with the department’s IT security policies and procedures.