Bids on UK public IT contracts to be subject to mandatory assessment

Security

by Jimmy Nicholls| 05 June 2014

Government scheme launches in wake of GOZeuS attacks.

Companies bidding for public IT contracts in the UK will be subject to an obligatory security assessment under a scheme launched by the government today.

From October this year certification will be mandatory for companies bidding on public IT projects, in a bid to build public confidence in digital security following several high-profile security breaches of companies such as eBay, Avast and Monsanto.

David Willetts, MP and universities and science minister, said: "The recent GOZeuS and CryptoLocker attacks, as well as the Ebay hack, shows how far cybercriminals will go to steal people's financial details, and we absolutely cannot afford to be complacent."

The programme is said by the government to reduce the risk of data loss and act as a quality guarantee to customers and other businesses, and will cover computers, mobiles and tablets, alongside email, web and application servers.

"We already spend more online than any other major country in the world, and this is in no small part because Britain is already a world leader in cybersecurity," Willetts added.

Overseen by CREST, an IT security non-profit, the scheme has been created in collaboration with the British spying agency GCHQ, an organisation more famous for stealing data than protecting it.

Tim Anderson, commercial director of Portcullis Security, said: "In addition to reducing the risk associated with opportunistic cyber threats, the certification provides a benchmark against which suppliers, partners and customers of approved organisations can judge their cyber security.

"While the scheme is ideal for small and medium sized enterprises, larger organisations and government departments will also see value in it, as it allows them to evaluate the security of their supply chain and smaller suppliers."

Mark Weil, chief executive of insurers Marsh, said: "We welcome this new government initiative to improve security practice to an accredited standard and believe it will make insurance more attainable for UK businesses."

Comments
Post a comment

Comments may be moderated for spam, obscenities or defamation.

Join our network

756 people like this.
0 people follow this.

Security Intelligence

Suppliers Directory

Privcy Policy

We have updated our privacy policy. In the latest update it explains what cookies are and how we use them on our site. To learn more about cookies and their benefits, please view our privacy policy. Please be aware that parts of this site will not function correctly if you disable cookies. By continuing to use this site, you consent to our use of cookies in accordance with our privacy policy unless you have disabled them.