| Reference | FOI 2026/1842 |
|---|---|
| Description | FOI Request regarding procurement/supplier on-boarding processes |
| Date Requested | 22/06/2026 |
| Date Replied | 09/07/2026 |
| Category | Contract Management |
Under the Freedom of Information Act 2000, I would be grateful for the following, regarding your procurement / supplier-onboarding processes:
1. Do you require suppliers (or prospective suppliers) to complete an information-security questionnaire or assessment as part of procurement, onboarding, or due diligence?
2. If so, please provide a blank copy of the questionnaire(s) currently in use, noting any standard it references (e.g. Cyber Essentials, ISO/IEC 27001, NIST).
3. Separately, do you require suppliers (or prospective suppliers) to hold Cyber Essentials, or an equivalent information-security certification, as a condition of doing business with you? If so, which certification(s)? (If this applies only in certain cases — for example above a contract-value threshold — a brief note is welcome, but not necessary.)
I am requesting blank, standard templates only — not any completed questionnaire, supplier-specific information, or personal data. If any part would exceed the cost limit, please advise which part can be answered within it and treat that as my request. Please provide your response and any documents electronically, by email — I do not require paper copies. Thank you for your time.