The DAERA Information Security Policy applies to all permanent staff, contractors and 3rd party suppliers who interact in any way with DAERA data or IT systems in support of DAERA business operations.
ISO27001 requires DAERA to publish its policy statements describing how 3rd party suppliers are required to comply with the principles of DAERA Information Security policy and how they will be expected to demonstrate both initial and ongoing compliance as a condition of being awarded a contract to work with DAERA.
This document sets out these expectations and requirements for all 3rd party suppliers.
Third party supplier security assurance policy statements