What is Cyber Essentials
We are committed to ensure the security of our data and promote the adoption of robust cyber security standards by other Jersey businesses and suppliers.
Cyber Essentials is a Government-backed scheme that will help you to protect your organisation, against the most common cyber-attacks, even a simple virus or piece of malware could result in your business facing consequences like:
- loss of company and client data
- disruption to cash flow
- staff time taken up trying to resolve the issue
- trading delayed / stopped
- damage to your hard-earned reputation
- losing customers
- fines or prosecution (loss of data could breach the Data Protection (Jersey) Law 2018)
Cyber-attacks cost organisations thousands of pounds and can cause huge disruption. All businesses are targets if they don’t have the proper measures in place to protect them.
Cyber Essentials will show you how to prevent the most common attacks and protect your business and is designed to fit with whatever level or commitment you are able to sustain.
What this means for Government Suppliers
Suppliers awarded any new government contract from 2018 worth more than £25,000 would need to adopt Cyber Essentials, or a higher standard, within 12 months.
All suppliers’ form 2020 in receipt of contracts valued at more than £25,000 will need to show that they have adopted Cyber Essentials or a higher standard.
We are reminding our larger suppliers that they need to be Cyber Essentials accredited by 1 January 2020, and to implement enough safeguards to protect the personal data shared with them.
The documents, being sent using the DocuSign system, are being sent to suppliers whose Government contracts are valued at more than £25,000.
Suppliers will be asked to confirm if they have a valid Cyber Essentials certification or an equivalent recognised information security standard, such as ISO 27001.
Suppliers who are already Cyber Essentials accredited, or have ISO 27001, can use DocuSign to confirm this to the Procurement team by attaching a copy of their certificate.
These requirements apply unless the contract is subject to a specific internal exemption. Exemptions may be granted in exceptional circumstances where the information security risk is judged to be low and a supplier represents significantly better value for money than alternatives and/or where substitutes are not readily or practically available.
Cyber Essentials, or an equivalent security standard, is required if:
- personal information of citizens, such as home addresses, bank details, or payment information is handled by a supplier
- personal information of Government employees, Ministers and Special Advisors such as payroll, travel booking or expenses information, is handled by a supplier
- information and communication technology systems and services are supplied which are designed to store, or process, data
Data Protection Agreement
Suppliers need to complete a Data Protection Agreement if they process personal data on behalf of the Government of Jersey. These suppliers will need to confirm the categories of data and the categories of data subjects dealt with.
If you have any questions, please email the Procurement team.