Question to the Department for Digital, Culture, Media & Sport:

To ask the Secretary of State for Digital, Culture, Media and Sport, whether the principle set out in paragraph 5.3.6 of the Government's Cyber Security Strategy that everyone who works in government has a sound awareness of cyber risk applies to members of staff employed by contractors doing work procured by her Department.

The policy set out in paragraph 5.3.6 of the National Cyber Security Strategy applies to everyone employed by the Department for Digital, Culture, Media and Sport (DCMS), including contractors. DCMS is committed to ensuring contractors and their staff have a sound awareness of cyber risk matters and they take all necessary safeguards to protect the department’s information.

Cyber security awareness, the need to ensure contractual compliance with Information Assurance standards such as ISO 27001:2013 certification and “Cyber Essentials/ Plus”, is included in contract specifications and reviewed as part of the evaluation process. Contractors must comply with the department’s IT security policies and procedures.

In addition, DCMS has directed its 43 Arms Length Bodies to gain Cyber Essentials accreditation and is in the process of being certified under the Cyber Essentials scheme through Cabinet Office, for its own supplied IT under the Government Digital Service programme.