Supply chain cyber security policy

Price:  £35.00(Inc. 20% VAT)(£29.17 Exc. VAT)
Version:  

A cyber security policy, designed to form part of a contract between a customer and an IT services provider.


This is a supply chain cyber security policy, which may be used by a customer for IT services to mitigate cyber security risks relating to those services. It may be included as a schedule to the IT services contract or as a stand-alone document. In either case, the obligations contained in the policy should be contractually enforceable.

The policy is available in standard (shorter) and premium (longer) forms.

This document was created by Emma Osborn of OCSRC (see https://ocsrc.co.uk).

Standard policy:

  1. Introduction
  2. Definitions
  3. Status of this Policy
  4. Cyber security risks
  5. Cyber security approach
  6. Cyber security requirements
  7. Actions upon termination

ANNEX 1 (EVIDENCE REQUIRED OF COMPLIANCE)
ANNEX 2 (ADEQUATE ENCRYPTION STANDARDS)

Premium policy:

  1. Introduction
  2. Definitions
  3. Status of this Policy
  4. Cyber security risks
  5. Cyber security approach
  6. Cyber security requirements
  7. Evidential requirements and auditing
  8. Detecting cyber security breaches
  9. Responding to cyber security breaches
  10. System and Policy reviews and updates
  11. Actions upon termination

ANNEX 1 (EVIDENCE REQUIRED OF COMPLIANCE)
ANNEX 2 (ADEQUATE ENCRYPTION STANDARDS)
ANNEX 3 (FORM OF NOTIFICATION OF CYBER SECURITY BREACH)

  1. Introduction
  2. Description of cyber security breach
  3. Parts of Provider System affected
  4. Proportion of data assets affected
  5. Is personal data concerned?
  6. Likely consequences of breach
  7. Measures taken to address breach
  8. Has anyone other than the Customer been notified of the breach?
  9. Late report of breach
  10. Contact details

This template is supplied in Word (.docx) format. The standard version is 13 pages long, including 4 pages of guidance notes and the premium version is 21 pages long, including 8 pages of guidance notes.

A copy of this supply chain cyber security policy is included in the following pack:

Be the first to write a review of this template using our brand new review system.