Skip to content Back to top
 

FOI 2026/1842

Reference FOI 2026/1842
Description FOI Request regarding procurement/supplier on-boarding processes
Date Requested 22/06/2026
Date Replied 09/07/2026
Category Contract Management

Under the Freedom of Information Act 2000, I would be grateful for the following, regarding your procurement / supplier-onboarding processes:

1. Do you require suppliers (or prospective suppliers) to complete an information-security questionnaire or assessment as part of procurement, onboarding, or due diligence?

2. If so, please provide a blank copy of the questionnaire(s) currently in use, noting any standard it references (e.g. Cyber Essentials, ISO/IEC 27001, NIST).

3. Separately, do you require suppliers (or prospective suppliers) to hold Cyber Essentials, or an equivalent information-security certification, as a condition of doing business with you? If so, which certification(s)? (If this applies only in certain cases — for example above a contract-value threshold — a brief note is welcome, but not necessary.)

I am requesting blank, standard templates only — not any completed questionnaire, supplier-specific information, or personal data. If any part would exceed the cost limit, please advise which part can be answered within it and treat that as my request. Please provide your response and any documents electronically, by email — I do not require paper copies. Thank you for your time.

  1. Attached
  2. Attached
  3. Suppliers providing NHS services or services that access, or process NHS data must complete the annual Data Security & Protection Toolkit as a minimum assurance in addition to the completion of our DPIA or the Due Diligence Checklist dependant on the type of procurement**A word document and PDF were sent to the requester with this response.  If you require a copy of the full response, together with the attachments, please contact NHS GM’s FOI team – nhsgm.foi@nhs.net **

Return to FOI Requests

Launch Recite Me assistive technology