It is the responsibility of the supplier to protect any information provided to them as part of a tender or contract
The requirements on suppliers are:
- To follow principles of ISO 27001 – and, in some circumstances, certify to the government’s Cyber Essentials Scheme
- To be able to secure sensitive information
- To understand the need for security in the supply chain
- To understand why certain types of information is being protected and how to identify it
- To have policies and procedures to underpin security
The Process
In order to make tenders and contracts run as smoothly as possible, all suppliers need to be aware of the security procedure that they must follow for tenders and contracts involving Sensitive Nuclear Information (SNI).
Tender
The Contract Security team expect suppliers to complete and sign a Security Declaration and Risk Assessment should the tender contain SNI that is protectively marked. Indelible Data Consulting provide services to help fulfil these requirements
Contract
The successful supplier will be subject to a physical security assessment at the premises where operations are to be carried out.
How Can We Help?
Indelible Data help you get your company’s security in order – that could be the differentiator between you and a competitor getting a lucrative contract.
We audit, perform gap analysis, risk assess and advise on shortcomings to get your company fit for the nuclear supply chain.
Formation of policies and procedures.
We will get to know your business and create policies that will ensure the vulnerable areas are highlighted and the risks mitigated.
ISO 27001 Security Auditing.
We audit the security of your company against the ISO 27001 standard. Our services are of particular use to smaller companies that do not have the required internal audit capabilities required for the standard. Larger companies may wish to use our services to audit other companies in the supply chain to ensure they are keeping their information secure.
Data Security Consultancy.
We will advise you of vulnerabilities in your network and personnel and physical infrastructure
Information Security Awareness Training.
These courses can be tailored to your needs – whether it is employee security awareness as part of a company induction – or ensuring IT staff have sufficient knowledge of current threats, vulnerabilities and countermeasures. The tutor is a Certified Information System Security Professional (CISSP)
Areas of Expertise
- Access Control
- Application Security
- Software Development Lifecycle and Principles
- Business Continuity and Disaster Recovery Planning
- Cryptography
- Information Security and Risk Management
- Legal, Regulations, Compliance
- Operations Security
- Media, Backups and Change Control Management
- Physical (Environmental) Security
- Security Architecture and Design
- System and Enterprise Architecture
- Telecommunications and Network Security