Government issues procurement policy note on updates to Cyber Essentials scheme
The Cabinet Office has issued a procurement policy note on updates to Cyber Essentials, the Government backed scheme designed to help businesses protect themselves against a range of the most common cyber attacks and to demonstrate their commitment to cyber security.
To ensure appropriate cyber security controls are in place and reduce cyber security risks in supply chains, since 2014 the Government has required suppliers bidding for certain types of public contracts to hold Cyber Essentials or Cyber Essentials Plus certification (or demonstrate that equivalent controls are in place).
The PPN (PPN 09/23) sets out the actions in-scope organisations should take to identify and mitigate cyber threats for certain types of contracts, along with resources to support implementation. It replaces PPN 09/14.
The contents of PPN 09/23 apply to all Central Government Departments, their Executive Agencies and Non-Departmental Public Bodies, and NHS bodies. These organisations are required to implement the PPN within three months of its publication date (19 September 2023).
“Other public sector bodies may wish to apply the approach set out in this PPN,” the Cabinet Office adds.