Only a few days to go: We’re raising £25,000 to keep TheyWorkForYou running and make sure people across the UK can hold their elected representatives to account.

Donate to our crowdfunder

Defence: Contracts

Ministry of Defence written question – answered on 19th March 2020.

Alert me about debates like this

Photo of Jessica Morden Jessica Morden Opposition Whip (Commons), Chair, Statutory Instruments (Joint Committee), Chair, Statutory Instruments (Select Committee), Chair, Statutory Instruments (Joint Committee), Chair, Statutory Instruments (Select Committee)

To ask the Secretary of State for Defence, what arrangements his Department has put in place for auditing the cyber security capability of defence contractors; and if he will make a statement.

Photo of Jeremy Quin Jeremy Quin The Minister of State, Ministry of Defence

Defence takes the cyber security of its suppliers extremely seriously, which is why we work with a wide range of Defence contractors in the Defence Cyber Protection Partnership (DCPP). The DCPP is a collaboration between government and industry and it has developed a cyber security framework which is applied in all Defence procurements. The model requires the supplier to have in place cyber security controls which are proportionate to the cyber risk to the information they handle. These controls address security governance, culture, personnel and asset security as well as technical requirements and incident management, and our suppliers are accountable for flowing the requirements down through their supply chains. In addition, for activities where the routine handling of material classified as secret or above takes place, the granting and maintenance of List X status confirms that contractors conform to a defined set of controls provides assurance of their security.

Does this answer the above question?

Yes2 people think so

No0 people think not

Would you like to ask a question like this yourself? Use our Freedom of Information site.