§ Mr. CohenTo ask the President of the Board of Trade whether he has incorporated the code of practice for information security management, published by the British Standards Institution, into relevant contracts with information technology suppliers.
§ Mr. McLoughlinInvitations to tender issued by the Department for information technology goods and services include details of any relevant IT security requirements with which the supplier must comply. Those requirements are developed in accordance with cental Government IT security standards and best practice. One factor for consideration can be security within the supplier's own environment. The Department has welcomed the code of practice for information security management as a practical guide to effective information security management and, where a supplier has adopted and implemented the code, this will be evidence that security is taken seriously.