Guidance

Government supplier assurance framework

This framework helps the government to manage supplier risk.

From:
Cabinet Office, National security and intelligence and Government Security Profession
Published
1 November 2013
Last updated
16 May 2018 — See all updates

Documents

Supplier Assurance Framework Good Practice Guide: May 2018

PDF, 983 KB, 59 pages

Common Criteria for Assessing Risk (CCfAR)

PDF, 244 KB, 16 pages

Statement of Assurance questionnaire (Excel)

MS Excel Spreadsheet, 116 KB

Statement of Assurance questionnaire (ODS)

ODS, 36.6 KB

This file is in an OpenDocument format

Sample Template: letter to suppliers (Word)

MS Word Document, 32.5 KB

This file may not be suitable for users of assistive technology.

Request an accessible format.
If you use assistive technology (such as a screen reader) and need a version of this document in a more accessible format, please email accessible.formats@cabinetoffice.gov.uk. Please tell us what format you need. It will help us if you say what assistive technology you use.

Sample Template: letter to suppliers (ODT)

ODT, 10.1 KB

This file is in an OpenDocument format

Details

This supplier assurance framework applies to contracts at the ‘Official’ information security level. It should:

  • enable the early identification of high risk projects
  • provide a framework for the risk management of contracts that is consistent, light touch but effective, understood by both government stakeholders and suppliers and enable information sharing and accountability
  • inform the assurance approach taken to high, medium and low-risk contracts

It can be adapted for use in the wider government community as it allows organisations to interpret and apply it according to their business needs. It is particularly relevant where information is shared through contracts or agreements.

Updates to this page

Published 1 November 2013
Last updated 16 May 2018 + show all updates

  1. Supplier assurance framework updated.

  2. Updated framework documents in line with Security Policy Framework, ISO27001: 2013 standard and the Cyber Essentials scheme.

  3. First published.

Sign up for emails or print this page

Related content