{"id":1794,"date":"2020-02-18T08:47:20","date_gmt":"2020-02-18T08:47:20","guid":{"rendered":"https:\/\/blogs.gov.scot\/public-procurement\/?p=1794"},"modified":"2020-02-18T08:47:20","modified_gmt":"2020-02-18T08:47:20","slug":"improving-procurement-cyber-security","status":"publish","type":"post","link":"https:\/\/blogs.gov.scot\/public-procurement\/2020\/02\/18\/improving-procurement-cyber-security\/","title":{"rendered":"Improving procurement cyber security"},"content":{"rendered":"<p>It\u2019s Cyber Scotland Week and we are promoting the Scottish Cyber Assessment Services (SCAS).<\/p>\n<p>Digital technology has transformed the way we do things \u2013 we can shop, work and communicate across the world from the comfort of our own homes. Our digital systems hold vast amounts of information and this leaves us vulnerable to criminals looking to gain advantage by exploiting this technology. Cyber crime is one of the biggest criminal threats to the UK economy &#8211; losses are estimated at billions of pounds each year. Scottish public sector organisations are attractive targets for cyber criminals due to the amount of data they hold. The impact of cyber-attacks, both reputational and financial, can be significant.<\/p>\n<p>Public sector organisations are making it more difficult to attack them directly thanks to the good cyber security baseline established under the Scottish Government\u2019s Public Sector Action Plan on Cyber Resilience. Cyber criminals are often motivated by money, which means they usually attack the easy targets. However, cyber criminals are finding other ways in, this could be exploiting staff, for example by tricking them to click on links (phishing emails) or through weakness in the supply chain.<\/p>\n<p>Cyber criminals are focusing more and more on seeking out suppliers who don\u2019t have the same level of cyber security in place to protect themselves &#8211; getting into their systems as a virtual backdoor into larger organisations. Protecting against this vulnerability is a top priority for the Scottish Government. It has led towards the development of the <a href=\"https:\/\/cyberassessment.gov.scot\/\">Scottish Cyber Assessment Service<\/a> and the <a href=\"https:\/\/www.gov.scot\/publications\/scottish-public-sector-supplier-cyber-security-guidance-note\/\">Supplier Cyber Security Guidance Note<\/a>. This embeds cyber security into the public sector supply chain and protect against cyber attacks.<\/p>\n<p>SCAS is an online tool that provides a way for public sector organisations to assess cyber risk at the start of the procurement process. It seeks to ensure that the public sector obtains consistent and proportionate cyber security assurances from potential suppliers. SCAS requires suppliers to complete a questionnaire detailing their current level of cyber security, with detailed questions aligned with authoritative guidance from the National Cyber Security Centre.<\/p>\n<p><strong>Risk level<\/strong><\/p>\n<p>The risk level of a contract is based on the level of system access and information sharing with the supplier. Questions asked of the supplier are linked to cyber security advice and standards:<\/p>\n<p>\u2022 Very Low \u2013 NCSC Small Business\/Charity Guides<br \/>\n\u2022 Low \u2013 additional controls under NCSC Cyber Essentials\/Plus<br \/>\n\u2022 Moderate \u2013 additional controls under the NCSC 10 Steps to Cyber Security<br \/>\n\u2022 High \u2013 additional controls under the NCSC NIS Technical Guidance and aligned with ISO27001.<br \/>\n\u2022 Special \u201ctriggers\u201d are also present for question sets around personal data, cloud services, payment card data and product security.<\/p>\n<p>The risk level will determine how many questions are required to be answered. The lower the risk the fewer the questions, the higher the risk the more questions required. If a supplier does not have the cyber security requirements in place, the buyer may opt to accept a Cyber Implementation Plan outlining how the supplier would meet the required cyber security requirements by a specified date\/contract phase.<\/p>\n<p>This tool provides Scotland\u2019s public sector with a way to ensure a consistent and proportionate assurance of suppliers\u2019 cyber security based on UK cyber security standards. Suppliers benefit from being able to reuse answers for different public sector contracts and having a free means to test current own cyber security.<\/p>\n<p>The tool has been launched as a beta tool, with the next generation planned for summer 2020 taking on feedback from the beta phase.<\/p>\n<p><strong>Further information<\/strong><\/p>\n<p>Guidance note and the online tool can be found <a href=\"https:\/\/cyberassessment.gov.scot\/\">here<\/a>. If you have any questions, or would like to provide feedback, please contact <a href=\"mailto:cyberresilience@gov.scot\">cyberresilience@gov.scot<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Embed cyber security into public sector procurement, have a look at the Scottish Government new online procurement tool.<\/p>\n","protected":false},"author":450,"featured_media":1798,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[209,188,452,10,55,27,28],"tags":[75,364,111,455,6,178,35],"class_list":["post-1794","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-best-practice","category-buyers","category-cyber-security","category-procurement-news","category-scottish-procurement","category-smes","category-suppliers","tag-cyber-resilience","tag-cyber-security","tag-public-sector","tag-scottish-cyber-assessment-service","tag-scottish-procurement","tag-smes","tag-suppliers"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v26.8 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Improving procurement cyber security - Public Procurement and Property<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/blogs.gov.scot\/public-procurement\/2020\/02\/18\/improving-procurement-cyber-security\/\" \/>\n<meta property=\"og:locale\" content=\"en_GB\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Improving procurement cyber security - Public Procurement and Property\" \/>\n<meta property=\"og:description\" content=\"Embed cyber security into public sector procurement, have a look at the Scottish Government new online procurement tool.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/blogs.gov.scot\/public-procurement\/2020\/02\/18\/improving-procurement-cyber-security\/\" \/>\n<meta property=\"og:site_name\" content=\"Public Procurement and Property\" \/>\n<meta property=\"article:published_time\" content=\"2020-02-18T08:47:20+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/blogs.gov.scot\/public-procurement\/wp-content\/uploads\/sites\/41\/2020\/02\/Cyber-Scotland-Week.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"5944\" \/>\n\t<meta property=\"og:image:height\" content=\"3963\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Lorraine Carlyle\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Lorraine Carlyle\" \/>\n\t<meta name=\"twitter:label2\" content=\"Estimated reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/blogs.gov.scot\/public-procurement\/2020\/02\/18\/improving-procurement-cyber-security\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/blogs.gov.scot\/public-procurement\/2020\/02\/18\/improving-procurement-cyber-security\/\"},\"author\":{\"name\":\"Lorraine Carlyle\",\"@id\":\"https:\/\/blogs.gov.scot\/public-procurement\/#\/schema\/person\/6cd47fe646d6b64e553fa503b6edd42d\"},\"headline\":\"Improving procurement cyber security\",\"datePublished\":\"2020-02-18T08:47:20+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/blogs.gov.scot\/public-procurement\/2020\/02\/18\/improving-procurement-cyber-security\/\"},\"wordCount\":612,\"commentCount\":0,\"image\":{\"@id\":\"https:\/\/blogs.gov.scot\/public-procurement\/2020\/02\/18\/improving-procurement-cyber-security\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/blogs.gov.scot\/public-procurement\/wp-content\/uploads\/sites\/41\/2020\/02\/Cyber-Scotland-Week.jpg\",\"keywords\":[\"cyber resilience\",\"cyber security\",\"public sector\",\"Scottish Cyber Assessment Service\",\"Scottish Procurement\",\"SMEs\",\"Suppliers\"],\"articleSection\":[\"Best practice\",\"buyers\",\"cyber security\",\"Procurement news\",\"Scottish Procurement\",\"SMEs\",\"suppliers\"],\"inLanguage\":\"en-GB\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/blogs.gov.scot\/public-procurement\/2020\/02\/18\/improving-procurement-cyber-security\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/blogs.gov.scot\/public-procurement\/2020\/02\/18\/improving-procurement-cyber-security\/\",\"url\":\"https:\/\/blogs.gov.scot\/public-procurement\/2020\/02\/18\/improving-procurement-cyber-security\/\",\"name\":\"Improving procurement cyber security - Public Procurement and Property\",\"isPartOf\":{\"@id\":\"https:\/\/blogs.gov.scot\/public-procurement\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/blogs.gov.scot\/public-procurement\/2020\/02\/18\/improving-procurement-cyber-security\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/blogs.gov.scot\/public-procurement\/2020\/02\/18\/improving-procurement-cyber-security\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/blogs.gov.scot\/public-procurement\/wp-content\/uploads\/sites\/41\/2020\/02\/Cyber-Scotland-Week.jpg\",\"datePublished\":\"2020-02-18T08:47:20+00:00\",\"author\":{\"@id\":\"https:\/\/blogs.gov.scot\/public-procurement\/#\/schema\/person\/6cd47fe646d6b64e553fa503b6edd42d\"},\"breadcrumb\":{\"@id\":\"https:\/\/blogs.gov.scot\/public-procurement\/2020\/02\/18\/improving-procurement-cyber-security\/#breadcrumb\"},\"inLanguage\":\"en-GB\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/blogs.gov.scot\/public-procurement\/2020\/02\/18\/improving-procurement-cyber-security\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-GB\",\"@id\":\"https:\/\/blogs.gov.scot\/public-procurement\/2020\/02\/18\/improving-procurement-cyber-security\/#primaryimage\",\"url\":\"https:\/\/blogs.gov.scot\/public-procurement\/wp-content\/uploads\/sites\/41\/2020\/02\/Cyber-Scotland-Week.jpg\",\"contentUrl\":\"https:\/\/blogs.gov.scot\/public-procurement\/wp-content\/uploads\/sites\/41\/2020\/02\/Cyber-Scotland-Week.jpg\",\"width\":5944,\"height\":3963},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/blogs.gov.scot\/public-procurement\/2020\/02\/18\/improving-procurement-cyber-security\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/blogs.gov.scot\/public-procurement\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Improving procurement cyber security\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/blogs.gov.scot\/public-procurement\/#website\",\"url\":\"https:\/\/blogs.gov.scot\/public-procurement\/\",\"name\":\"Public Procurement and Property\",\"description\":\"Scottish Government Blog\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/blogs.gov.scot\/public-procurement\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-GB\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/blogs.gov.scot\/public-procurement\/#\/schema\/person\/6cd47fe646d6b64e553fa503b6edd42d\",\"name\":\"Lorraine Carlyle\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-GB\",\"@id\":\"https:\/\/blogs.gov.scot\/public-procurement\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/blogs.gov.scot\/public-procurement\/wp-content\/wphb-cache\/gravatar\/d3e\/d3ee966a7386af10f07aa48336434917x96.jpg\",\"contentUrl\":\"https:\/\/blogs.gov.scot\/public-procurement\/wp-content\/wphb-cache\/gravatar\/d3e\/d3ee966a7386af10f07aa48336434917x96.jpg\",\"caption\":\"Lorraine Carlyle\"},\"url\":\"https:\/\/blogs.gov.scot\/public-procurement\/author\/lorrainecarlyle\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Improving procurement cyber security - Public Procurement and Property","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/blogs.gov.scot\/public-procurement\/2020\/02\/18\/improving-procurement-cyber-security\/","og_locale":"en_GB","og_type":"article","og_title":"Improving procurement cyber security - Public Procurement and Property","og_description":"Embed cyber security into public sector procurement, have a look at the Scottish Government new online procurement tool.","og_url":"https:\/\/blogs.gov.scot\/public-procurement\/2020\/02\/18\/improving-procurement-cyber-security\/","og_site_name":"Public Procurement and Property","article_published_time":"2020-02-18T08:47:20+00:00","og_image":[{"width":5944,"height":3963,"url":"https:\/\/blogs.gov.scot\/public-procurement\/wp-content\/uploads\/sites\/41\/2020\/02\/Cyber-Scotland-Week.jpg","type":"image\/jpeg"}],"author":"Lorraine Carlyle","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Lorraine Carlyle","Estimated reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/blogs.gov.scot\/public-procurement\/2020\/02\/18\/improving-procurement-cyber-security\/#article","isPartOf":{"@id":"https:\/\/blogs.gov.scot\/public-procurement\/2020\/02\/18\/improving-procurement-cyber-security\/"},"author":{"name":"Lorraine Carlyle","@id":"https:\/\/blogs.gov.scot\/public-procurement\/#\/schema\/person\/6cd47fe646d6b64e553fa503b6edd42d"},"headline":"Improving procurement cyber security","datePublished":"2020-02-18T08:47:20+00:00","mainEntityOfPage":{"@id":"https:\/\/blogs.gov.scot\/public-procurement\/2020\/02\/18\/improving-procurement-cyber-security\/"},"wordCount":612,"commentCount":0,"image":{"@id":"https:\/\/blogs.gov.scot\/public-procurement\/2020\/02\/18\/improving-procurement-cyber-security\/#primaryimage"},"thumbnailUrl":"https:\/\/blogs.gov.scot\/public-procurement\/wp-content\/uploads\/sites\/41\/2020\/02\/Cyber-Scotland-Week.jpg","keywords":["cyber resilience","cyber security","public sector","Scottish Cyber Assessment Service","Scottish Procurement","SMEs","Suppliers"],"articleSection":["Best practice","buyers","cyber security","Procurement news","Scottish Procurement","SMEs","suppliers"],"inLanguage":"en-GB","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/blogs.gov.scot\/public-procurement\/2020\/02\/18\/improving-procurement-cyber-security\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/blogs.gov.scot\/public-procurement\/2020\/02\/18\/improving-procurement-cyber-security\/","url":"https:\/\/blogs.gov.scot\/public-procurement\/2020\/02\/18\/improving-procurement-cyber-security\/","name":"Improving procurement cyber security - Public Procurement and Property","isPartOf":{"@id":"https:\/\/blogs.gov.scot\/public-procurement\/#website"},"primaryImageOfPage":{"@id":"https:\/\/blogs.gov.scot\/public-procurement\/2020\/02\/18\/improving-procurement-cyber-security\/#primaryimage"},"image":{"@id":"https:\/\/blogs.gov.scot\/public-procurement\/2020\/02\/18\/improving-procurement-cyber-security\/#primaryimage"},"thumbnailUrl":"https:\/\/blogs.gov.scot\/public-procurement\/wp-content\/uploads\/sites\/41\/2020\/02\/Cyber-Scotland-Week.jpg","datePublished":"2020-02-18T08:47:20+00:00","author":{"@id":"https:\/\/blogs.gov.scot\/public-procurement\/#\/schema\/person\/6cd47fe646d6b64e553fa503b6edd42d"},"breadcrumb":{"@id":"https:\/\/blogs.gov.scot\/public-procurement\/2020\/02\/18\/improving-procurement-cyber-security\/#breadcrumb"},"inLanguage":"en-GB","potentialAction":[{"@type":"ReadAction","target":["https:\/\/blogs.gov.scot\/public-procurement\/2020\/02\/18\/improving-procurement-cyber-security\/"]}]},{"@type":"ImageObject","inLanguage":"en-GB","@id":"https:\/\/blogs.gov.scot\/public-procurement\/2020\/02\/18\/improving-procurement-cyber-security\/#primaryimage","url":"https:\/\/blogs.gov.scot\/public-procurement\/wp-content\/uploads\/sites\/41\/2020\/02\/Cyber-Scotland-Week.jpg","contentUrl":"https:\/\/blogs.gov.scot\/public-procurement\/wp-content\/uploads\/sites\/41\/2020\/02\/Cyber-Scotland-Week.jpg","width":5944,"height":3963},{"@type":"BreadcrumbList","@id":"https:\/\/blogs.gov.scot\/public-procurement\/2020\/02\/18\/improving-procurement-cyber-security\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/blogs.gov.scot\/public-procurement\/"},{"@type":"ListItem","position":2,"name":"Improving procurement cyber security"}]},{"@type":"WebSite","@id":"https:\/\/blogs.gov.scot\/public-procurement\/#website","url":"https:\/\/blogs.gov.scot\/public-procurement\/","name":"Public Procurement and Property","description":"Scottish Government Blog","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/blogs.gov.scot\/public-procurement\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-GB"},{"@type":"Person","@id":"https:\/\/blogs.gov.scot\/public-procurement\/#\/schema\/person\/6cd47fe646d6b64e553fa503b6edd42d","name":"Lorraine Carlyle","image":{"@type":"ImageObject","inLanguage":"en-GB","@id":"https:\/\/blogs.gov.scot\/public-procurement\/#\/schema\/person\/image\/","url":"https:\/\/blogs.gov.scot\/public-procurement\/wp-content\/wphb-cache\/gravatar\/d3e\/d3ee966a7386af10f07aa48336434917x96.jpg","contentUrl":"https:\/\/blogs.gov.scot\/public-procurement\/wp-content\/wphb-cache\/gravatar\/d3e\/d3ee966a7386af10f07aa48336434917x96.jpg","caption":"Lorraine Carlyle"},"url":"https:\/\/blogs.gov.scot\/public-procurement\/author\/lorrainecarlyle\/"}]}},"_links":{"self":[{"href":"https:\/\/blogs.gov.scot\/public-procurement\/wp-json\/wp\/v2\/posts\/1794","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blogs.gov.scot\/public-procurement\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blogs.gov.scot\/public-procurement\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blogs.gov.scot\/public-procurement\/wp-json\/wp\/v2\/users\/450"}],"replies":[{"embeddable":true,"href":"https:\/\/blogs.gov.scot\/public-procurement\/wp-json\/wp\/v2\/comments?post=1794"}],"version-history":[{"count":0,"href":"https:\/\/blogs.gov.scot\/public-procurement\/wp-json\/wp\/v2\/posts\/1794\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/blogs.gov.scot\/public-procurement\/wp-json\/wp\/v2\/media\/1798"}],"wp:attachment":[{"href":"https:\/\/blogs.gov.scot\/public-procurement\/wp-json\/wp\/v2\/media?parent=1794"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blogs.gov.scot\/public-procurement\/wp-json\/wp\/v2\/categories?post=1794"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blogs.gov.scot\/public-procurement\/wp-json\/wp\/v2\/tags?post=1794"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}