Question to the Department of Health and Social Care:

To ask the Secretary of State for Health, whether the principle set out in paragraph 5.3.6 of the Government's Cyber Security Strategy that everyone who works in government has a sound awareness of cyber risk applies to members of staff employed by contractors doing work procured by his Department.

The National Cyber Security Strategy 2016-2021 was published in November 2016 by the Minister for the Cabinet Office who has responsibility for cyber security and Government security.

The Department is committed to keeping its systems safe and to protect our data and our networks from attack or interference. All permanent staff, plus contractors or agency staff who work with the Department for three months or more, are expected to undertake a “Responsible for Information” training course that covers cyber security awareness.

When procuring goods and services from third parties, the Department must comply with Procurement Policy Action Note 09/14 published on 25 May 2016 on the Cyber Essentials Scheme, which includes a set of controls which, when properly implemented, provide organisations with basic protection from the most prevalent forms of threat coming from the internet. The Department is able to specify services in a way that best meets its needs and can take further steps to protect data and networks if relevant to the contract in question.