Cyber resilience

[edit] Introduction

The Single Procurement Document (Scotland) - also referred to as SPD (Scotland) contains questions used at the selection stage for post-Brexit procurement exercises in Scotland to identify suitably qualified and experienced bidders.

The Supplier Journey portion of the Scottish Government’s procurement guidance website offers an overview of the different types of procurement procedures that are available under SPD (Scotland). This includes an explanation of the cyber resilience of suppliers - as it relates to the Scottish public sector.

[edit] Concerns over security

As defined by the Supplier Journey Glossary, cyber resilience is the ability to prepare for, withstand, rapidly recover and learn from deliberate attacks or accidental events in the online world.

Cyber resilience measures can help organisations:

• Prepare by protecting them from cyber risks.
• Withstand an attack by defending against and limiting the severity attacks.
• Recover and learn by ensuring that operations continue despite an attack.

The number of cyber attacks targeting suppliers to the public sector has grown. Attacks can (intentionally or otherwise) disrupt and damage both suppliers’ services and public services.

[edit] Ensuring security

Against this background, the Scottish public sector has taken measures to ensure its suppliers have appropriate cyber security in place.

The Scottish Government sees this as an opportunity to build relationships with suppliers that have invested in cyber security within their organisations.

The Scottish Government has offered resources to assist suppliers that have expressed an interest in adopting a more consistent approach to cyber resilience. These tools are included in a Guidance Note which has been developed to help public sector bodies embed cyber resilience into the supply chain process.

These resources include:

• CSPST guidance for buyers.
• CSPST guidance for public sector suppliers.
• Cyber resilience: example tender and contract wording.
• Cyber resilience: cyber implementation plan and example.
• Cyber Security Procurement Support Tool (CSPST).

Completing the CSPST questionnaire can be a time consuming process; suppliers are advised to allocate a sufficient amount of time in advance of deadlines in order to participate in the procurement process.

There is additional guidance for public sector buyers and suppliers on how to use CSPST in procurement processes.

[edit] Related articles on Designing Buildings

• Cyber security.
• Cyber-security and phishing.
• Mitigating online risk with Cyber Essentials security.
• Single Procurement Document (Scotland).
• Supply chain.
• Technology helps quash conflict in the supply chain.
• UK organisations encouraged to review cyber security in response to situation in and around Ukraine.

[edit] External resources

• Scottish Government, Cyber Security Procurement Support Tool: supporting guidance for public bodies.
• Scottish Government, Supplier Journey.
• Scottish Government, Supplier Journey Glossary.