Question to the Cabinet Office:

To ask the Minister for the Cabinet Office, whether the principle set out in paragraph 5.3.6 of the Government's Cyber Security Strategy that everyone who works in government has a sound awareness of cyber risk applies to members of staff employed by contractors doing work procured by his Department.

The Cabinet Office is committed to ensuring that contractors and their staff have a sound awareness of cyber risk matters and they take all necessary safeguards to protect the department’s information.

Cyber security awareness, the need to ensure contractual compliance with Information Assurance standards such as ISO 27001:2013 certification and “Cyber Essentials/ Plus” is specified in contract specifications and reviewed as part of the evaluation process. Contractors must comply with the department’s IT security policies and procedures.