Cyber Assurance

I should be grateful if you would respond to the questions below relating to cyber assurance for data access by contracted service companies.

Does your Authority commission contracted services from small or very small companies (less than 30 employees)? If No, then I thank you for your response.

Devon County Council’s ICT Commissioning does not hold information relating to the size of the companies that all business units commission services from. Therefore, we do not hold this information.

If Yes, then, for each contract, please provide a copy of the current contract, and then complete the attached spreadsheet grid in respect of questions 2, 3, and 4.

For each contracted service, please state whether access to Council software applications and data is a requirement?

For those contracts that require access to Council software applications and data, how does the commissioned companies access Council data?

• Council supplied hardware (Laptop, Desktop, Tablets) on Council premises
• Council supplied hardware (Laptop, Desktop, Tablets) via remote access
• Own hardware (Laptop, Desktop, Tablets) on Council premises
• Own hardware (Laptop, Desktop, Tablets) via remote access

For those contracts that require remote access to Council software applications and data, how does the Council cyber assure the access to data i.e. using a cyber assurance framework such as Cyber Essentials, ISO27001, in-house developed framework?