Information Security - Third Party Supplier Assurance Programme
Date published:
Last updated:
DAERA has updated its Information Security Policy to reflect recent developments in cyber security and to align with internationally recognised best practice prescribed by the ISO270001:2022 standard.
The DAERA Information Security Policy applies to all permanent staff, contractors and 3rd party suppliers who interact in any way with DAERA data or IT systems in support of DAERA business operations.
ISO27001 requires DAERA to publish its policy statements describing how 3rd party suppliers are required to comply with the principles of DAERA Information Security policy and how they will be expected to demonstrate both initial and ongoing compliance as a condition of being awarded a contract to work with DAERA.
This document sets out these expectations and requirements for all 3rd party suppliers.