Skip to main content Skip to accessibility
This website is not compatible with your web browser. You should install a newer browser. If you live in Jersey and need help upgrading call the States of Jersey web team on 440099.
Government of

Information and public services for the Island of Jersey

L'înformâtion et les sèrvices publyis pouor I'Île dé Jèrri

  • Choose the service you want to log in to:


    Update your notification preferences


    Access government services


    Clear goods through customs or claim relief

  • Talentlink

    View or update your States of Jersey job application

Cyber Essentials and Data Protection for Government suppliers

What is Cyber Essentials

​We are committed to ensure the security of our data and promote the adoption of robust cyber security standards by other Jersey businesses and suppliers.

Cyber Essentials is a Government-backed scheme that will help you to protect your organisation, against the most common cyber-attacks, even a simple virus or piece of malware could result in your business facing consequences like:

  • loss of company and client data
  • disruption to cash flow 
  • staff time taken up trying to resolve the issue
  • trading delayed / stopped
  • damage to your hard-earned reputation 
  • losing customers
  • fines or prosecution (loss of data could breach the Data Protection (Jersey) Law 2018)

Cyber-attacks cost organisations thousands of pounds and can cause huge disruption. All businesses  are targets if they don’t have the proper measures in place to protect them.

Cyber Essentials will show you how to prevent the most common attacks and protect your business and is designed to fit with whatever level or commitment you are able to sustain.

What this means for Government Suppliers

All suppliers’ from January 2020 in receipt of contracts valued at more than £25,000 will need to show that they have adopted Cyber Essentials or a higher standard.

We are reminding our larger suppliers that they need to implement enough safeguards to protect the personal data shared with them. 

The documents, being sent using the DocuSign system, are being sent to suppliers whose Government contracts are valued at more than £25,000.

Suppliers will be asked to confirm if they have a valid Cyber Essentials certification or an equivalent recognised information security standard, such as ISO 27001.

Suppliers who are already Cyber Essentials accredited, or have ISO 27001, can use DocuSign to confirm this to the Procurement team by attaching a copy of their certificate.

As of April 2020, the Cyber Essentials and Cyber Essentials plus certification will need to be reobtained every 12 months to ensure controls are maintained by Government Suppliers.


These requirements apply unless the contract is subject to a specific internal exemption. Exemptions may be granted in exceptional circumstances where the information security risk is judged to be low and a supplier represents significantly better value for money than alternatives and/or where substitutes are not readily or practically available. 

Cyber Essentials, or an equivalent security standard, is required if: 

  • personal information of citizens, such as home addresses, bank details, or payment information is handled by a supplier
  • personal information of Government employees, Ministers and Special Advisors such as payroll, travel booking or expenses information, is handled by a supplier
  • information and communication technology systems and services are supplied which are designed to store, or process, data

Data Protection Agreement

Suppliers need to complete a Data Protection Agreement if they process personal data on behalf of the Government of Jersey. These suppliers will need to confirm the categories of data and the categories of data subjects dealt with.

If you have any questions, please email the Procurement team.

Cyber Essentials

Data Protection

Back to top
rating button