Communicate your view of security needs to your suppliers

Make sure your suppliers understand their responsibility to protect your information, and their products and services. Make sure they understand the implications of failure.

Decide whether you are willing to let your suppliers sub-contract work. If you allow them to sub-contract, delegate authority appropriately to allow them to do so. Give your suppliers clear guidance on the criteria for these decisions. Tell them which types of contract they can sub-contract with without referring to you, and which types need your approval and sign-off.

Ensure your suppliers:

• fulfil their security responsibilities
• include your security requirements in any sub-contracting arrangements

Page last modified: 4/05/2022