Information and cybersecurity—supplier questionnaire

The following Practice Compliance precedent provides comprehensive and up to date legal information covering:

  • Information and cybersecurity—supplier questionnaire

Information and cybersecurity—supplier questionnaire

IP COMPLETION DAY: The Brexit transition period ended at 11pm on 31 December 2020. At this time (referred to in UK law as ‘IP completion day’), transitional arrangements ended and significant changes began to take effect across the UK’s legal regime. This document contains guidance on subjects impacted by these changes. Before continuing your research, see Practice Note: What does IP day mean for Practice Compliance?

    1. 1

      Background information

      Name of[ prospective] supplier[To be completed by customer]
      Address[To be completed by customer]
      Brief description of services[ to be] supplied[To be completed by customer]
      Date questionnaire completed by[ prospective] supplier[To be completed by customer]
      Signature of authorised representative of[ prospective] supplier[To be completed by supplier/third party]
      Name of authorised representative[To be completed by supplier/third party]
    1. 2

      Governance

      Who is ultimately responsible within your organisation for information and cybersecurity management?[To be completed by supplier/third party]
      When did the board last consider information security, cybersecurity and cybercrime risk?[To be completed by supplier/third party]
    1. 3

      Security policies and procedures

      Do you have an information security and/or cybersecurity policy?
      If yes, please provide a copy
      ☐ Yes
      ☐ No
      Please describe your arrangements for ensuring physical security of your premises and processing areas, including physical entry controls (if any)[To be completed by supplier/third party]
      Please describe your arrangements for equipment security and maintenance[To be

Popular documents