For comment by Monday 30th April 2018 - Draft Public Sector Supply Chain Cyber Security Policy

The Scottish Government seeking comments from Scottish third sector organisations on the draft supply chain cyber security policy. 


The Scottish Public Sector Action Plan on Cyber Resilience sets out a commitment to develop a proportionate, risk-based policy in respect of supply chain cyber security policy for Scottish public bodies. Once finalised, the supply chain cyber security policy is expected to form a key part of the Scottish Public Sector Cyber Resilience Framework. A draft of that Framework is expected to be developed by end June 2018 and Scottish public bodies will be encouraged to implement it in line with timescales to be determined following further engagement. A Scottish Procurement Policy Note is planned to support implementation of this policy by public procurers.


To that end, attached are:

• The draft supply chain cyber security policy
• A questionnaire for completion in respect of the draft policy
• A partial Business Regulatory Impact Assessment

They would be grateful if the draft policy could be discussed between your organisation’s cyber security and procurement experts (and other interested representatives), following which we ask that completed questionnaires be sent to by Monday 30th April 2018.