Wednesday 15 Jan 2020 @ 15:47
Scottish Government
Printable version

Scottish Cyber Assessment Service: guidance for buyers

Guidance for buyers on embedding use of Scottish Cyber Assessment Service into the procurement process.

Introduction

  1. To assist all Scottish public sector organisations to implement the Supplier Cyber Security Guidance Note (“the Guidance Note”) in a consistent way, the Scottish Government Cyber Resilience Unit has worked with Procurement Centres of Expertise and key public sector partners to develop a beta version of a decision-making support tool – the Scottish Cyber Assessment Service (SCAS) – for optional use.
  2. SCAS supports public sector organisations to (i) undertake information/cyber assurance assessments, (ii) identify appropriate, proportionate cyber security requirements, and (iii) seek assurances from bidding suppliers as to the extent to which they comply with these requirements, in a way that is aligned with the Guidance Note.
  3. This advice note covers the following key issues:
    1. An overview of the key features of the SCAS tool.
    2. Information on how the SCAS tool supports consistent implementation of NCSC Principle 5.
    3. Advice on how organisations can work to embed the use of SCAS in procurement processes.
    4. Advice on the Cyber Implementation Plan (CIP) process that forms a key part of the SCAS tool’s “fit” with procurement processes.
  4. The following supporting documentation is available here:

(i) Example Tender and Contract Wording:

  • Section A sets out some example wording that can be used in contract notices and invitations to tender.
  • Section B sets out some example wording that can be used in contractual terms and conditions. It includes links to Scottish Government standard terms and conditions that are made available to the wider public sector, which have been adjusted to facilitate use of SCAS and reflect best practice in respect of cyber security generally.

(ii) Cyber Implementation Plan – Template and Example, which provides a Cyber Implementation Plan template for use in the CIP process.

It is important to understand that SCAS is intended as a decision-making support tool. It is not intended to replace a contracting authority’s obligation to fully consider and manage all relevant cyber risks to a contract.

If in doubt, please ensure that you consult a cyber security expert.

Click here for the full press release

 

Channel website: http://www.gov.scot/

Original article link: https://www.gov.scot/publications/using-scottish-cyber-assessment-service-scas-procurement-processes-guidance-public-sector-buyers/

Share this article

Latest News from
Scottish Government

Bute House Agreement ends

25/04/2024 15:05:00

FM thanks departing Ministers and commits to continue consensus-building approach.

Justice in an independent Scotland

25/04/2024 12:05:00

Independence would enable Scotland to take its own decisions to address issues such as drugs and gambling, and increase cooperation with international justice partners, according to a new paper published by Justice Secretary Angela Constance

Island investment

24/04/2024 14:20:00

Deputy First Minister welcomes completion of new £49 million Stornoway terminal.

Help for families of infants

24/04/2024 13:15:00

Cash-first approach to help with infant food insecurity.

Clean heating and energy efficiency grants to get to Net Zero

24/04/2024 12:15:00

£11 million grant funding confirmed for public sector bodies.

Gender identity healthcare

24/04/2024 11:05:00

Improving gender identity healthcare for children and young people.

£30 million paid this year to help households with higher energy bills

23/04/2024 15:05:00

People in Scotland have received more than £30 million via two Scottish Government benefits to help them deal with increased energy costs this winter, new statistics have shown.   

Supporting vulnerable witnesses

23/04/2024 12:05:00

More child and vulnerable adult witnesses involved in serious criminal trials will have access to specialist suites to pre-record evidence, away from the courtroom, following a further £2 million investment from the Scottish Government.

Ban on wet wipes containing plastic

23/04/2024 10:05:00

The supply and sale of wet wipes containing plastic will be banned across the UK following overwhelming support during public consultation, with 95% of respondents agreeing or strongly agreeing with the proposals.

Driving digital connectivity

22/04/2024 15:05:00

More than one million faster broadband connections have been delivered to homes and businesses across Scotland, backed by £1 billion of publicly-driven investment.