Information security questionnaire for contractors

Devon County Council has a legal requirement under the seventh principle of the Data Protection Act 1998 (the security principle), to ensure that the personal data it processes is kept secure.

To comply with that Devon County Council must ensure that any person processing personal data on its behalf (a data processor) can provide sufficient guarantees in respect of the technical and organizational security measures governing the processing to be carried out and take reasonable steps to ensure compliance with those measures.

Any data processor who has access (directly or indirectly) to personal data held by the Council must complete our Information Security Questionnaire  and provide evidence showing how they meet the necessary security standards for protecting personal data against unauthorized or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data.

Persons processing data on behalf of the Council which will not have access to personal data (a third party), may still be required to complete this questionnaire if they have access to sensitive business information or business critical systems.

For advice on how to complete this form contact the Information Governance Team