top of page

Strengthen your Supply Chain with a
free solution from UK Policing

risk guage

Are you aware that your suppliers could be a key vulnerability in your organisation's cyber security?
 

We're excited to offer you a complimentary solution to enhance your supply chain's safety.

We invite you to explore this opportunity by expressing your interest in our assurance program with your suppliers.

Once they're on board, reach out to us with their confirmation to enquiries@secrc.police.uk, along with this completed form, and let's improve your cyber defences.

 

STEP 1

​

​

​

​

Enrol your supply chain with us, we are set up to help businesses protect themselves from cyber-crime, provide the latest cyber security updates, and offer services and products that improve overall cyber security.  Check out this video which explains more.

​

As part of this step, the centre will:

  • Use vendor's email address to send a FREE information pack and monthly newsletter, which can be unsubscribed at any time using the link included in the newsletter.

  • Invite vendors for a free consultation to better understand their cyber security posture with one of the team.

  • Provide vendors access to Home Office subsidised cyber security solutions to improve their cyber resilience.

  • Confirm vendor's membership status to the supply chain organisation.

  • Expect vendors to have read, understood, and agreed to the SECRC's Privacy Policy and Terms and Conditions.

plus_edited.png

STEP 2

​

​

​

Enrol your supply chain with police cyber alarm.  This FREE tool helps organisations who have a commercial firewall, monitor and report the malicious activity they face from targeted and automated attacks from the internet.  Check out this video which explains more.

​​

As part of this step, police cyber alarm will:

  • Provide a monthly summary of supply chain risk.

  • Provide monthly reports on suspicious activity and vulnerabilities.

  • Provide confirmation of registration status to the vendor assurance program.

  • Expect vendors to have read, understood, and agreed to the police cyber alarm privacy policy.

​

Police Cyber Alarm-Master Logo_edited.jp
equals_edited.png

​Benefits to this program:

  • Easily integrated into a supply chain management plan.

  • Strengthens a vendor risk management strategy.

  • Regular reports on cyber threats an organisation faces.

  • Improves overall supply chain cyber resilience helping proactive mitigaton.

  • Help police better understand the national cyber threat.

  • Stay up to date about emerging threats and best practices.

  • Provides access to free and subsidised cyber security tools and services from the Home Office.

  • Assist those higher risk organisations, yet to obtain a framework such as Cyber Essentials or ISO 27001.

  • Suppliers become better protected against cyber attacks lowering the business risk to all in that supply chain.​​

Optional STEP 3

​

​

​

Q. Consider Cyber Essentials as a requirement to your supply chain?

  • It's a government backed scheme to help businesses of any size protect themselves against a range of the most common cyber attacks.

  • It demonstrates their commitment to cyber security.

  • It ensures appropriate cyber security controls are in place.

  • It reduces the cyber security risks in supply chains.

  • We can assist all those in achieving this cyber security framework.

​​

Q. Is Cyber Essentials / Cyber Essentials Plus used in the Government’s supply chain?

  • Yes, since 2014 the government has required suppliers bidding for certain types of public contracts to hold Cyber Essentials or Cyber Essentials Plus certification, or demonstrate equivalent controls are in place.

  • It helps manage cyber security risk in the government’s supply chain.

  • It allows the government’s suppliers to use a recognisable scheme to demonstrate to other potential customers that they take cyber security seriously.

 

Q. When should I notify suppliers of any applicable Cyber Essentials requirements?

  • Ideally this should be discussed with potential suppliers in the pre-procurement stage where you are shaping your overall project requirements.

  • Any applicable Cyber Essentials requirements must be specified in the Contract Notice under the Open procedure.

  • Consideration should be given to highlighting any Cyber Essentials requirements in Contract Notices for other procedures to provide bidders with the longest possible time to seek certification.

​

Q. How does Cyber Essentials fit in with/complement existing security requirements?

  • There is an existing set of information assurance and cyber security requirements that the Government has in place for suppliers.

  • In some circumstances, Cyber Essentials will be used in areas not covered by these requirements or it will be used alongside these requirements, or used as part of them.

​

Q. Are there alternatives to demonstrating compliance with Cyber Essentials technical requirements other than through gaining the certificate?

  • Yes. To comply with the EU Public Contracts Regulations 2015 (PCR2015) for above threshold procurements, In-scope organisations must accept equivalents

  • Suppliers need only demonstrate to the satisfaction of the In-scope organisation that they meet Cyber Essentials requirements.

  • Normally, this should be verified by a technically competent and independent third party.

​

cyberEssentials-1-1280x605.png

"We encourage vendors to contribute to the cyber security of any supply chain by keeping themselves informed of threats and taking action to reduce risk by taking those first steps."

Last updated 26/10/23

bottom of page