Guidance

Cyber Security Supplier to Government Scheme: guidance for applicants

Updated 8 January 2021

The scheme and eligibility criteria

The government has developed a ‘light touch’ scheme that enables UK cyber security suppliers to government to be able to reference this fact publicly, for example when pursuing business overseas.

The scheme enables companies to:

• Advertise the fact that they supply a cyber security product or service to the UK government

• Use the government’s logo in marketing material

The scheme is administered by the Department for Digital, Culture, Media & Sport (DCMS). It is intended to support UK companies in pursuing business opportunities worldwide in cyber security. It is open to all cyber security companies who have a current contract for the supply of cyber security products and services to the government, either direct or through a 3rd party supplier such as a prime contractor.

With the latter, subcontractors should respect commercial confidentiality arrangements in contracts and seek the prime contractor’s permission to apply for the scheme. The government is not responsible for checking that permission has been sought and agreed where an applicant to the scheme is an indirect third party in the contract.

In some circumstances, it may not be possible for suppliers to reference their provision of services to the government, for example, if there are confidentiality clauses in their contracts which prevent this.

Participating departments

All government departments are included in the scheme, but wider public sector bodies (such as the NHS, local government, and the emergency & security services) are excluded.

Applicant companies need only submit details of one contract with a government department to start the process and obtain clearance. If a problem should occur with that application the company might be invited to submit a second application covering a contract with an alternative government client.

Suppliers will only remain on the scheme for the duration of the contract for which they have submitted details, so they should pick the contract with the latest end date.

Confidentiality clauses

Applicant companies will not be considered to have breached government contractual confidentiality clauses by submitting an application to DCMS. It is possible, though, that under certain circumstances disclosure will not be permitted for reasons of national security.

Some contracts awarded by departments already contain disclosure clauses and this should become more common in future. Companies who have been awarded contracts that permit disclosure might still wish to apply under this scheme so that they can be added to the list of cyber suppliers.

Data Protection and GDPR

For further information on data protection and GDPR please refer to the personal information charter.

Marketing-related conditions

Companies cleared under this scheme are also able to use the government logo in their marketing material to promote to potential customers the fact that they are a supplier to the UK government. DCMS will provide details governing the terms of use of the logo.

It is important to note that this is not an accreditation scheme and the government’s clearance under the scheme cannot be taken or used as an endorsement of quality, of neither the product/service supplied nor of the company itself. Successful companies should not make such claims in any of their promotional material.

As the scheme is voluntary in nature the government has the right to remove businesses from the scheme at any time. Also, should companies cease to be a supplier of cyber security products and services to government then they will no longer be eligible to market themselves as such. They should inform DCMS immediately if this is the case. Those companies will be removed from the list and will no longer be able to use the government logo.

How to apply

Applicants should complete the separate form.

How the process works

The scheme will operate as follows:

1. Applicant companies - which currently supply cyber solutions to the UK government and wish to state this publicly - should send the application form to the email address indicated on the form. Receipt of application will be acknowledged.

2. DCMS will act as the intermediary between industry and government departments, working closely with the Cabinet Office. They will screen the facts supplied by companies and forward the information to the relevant department.

3. The relevant department will confirm to DCMS that they are content for the applicant to publicly acknowledge their supply of cyber products or services to the government. Applicants will not be able to state publicly which department they supply to, or the product/service supplied.

4. If a department has difficulty agreeing to a request, an explanation will be provided to DCMS.

5. DCMS will contact the applicant with the outcome and provide feedback.

Please note: The scheme is intended to be straightforward and quick, but depending on demand, it may take time to obtain clearances from relevant departments. Direct suppliers to government will usually receive a faster decision than those where third party suppliers need to be checked.

Duration

This scheme will run until March 2022.

Further Information

Please contact cybersecurity@dcms.gov.uk for further information.

Cyber Security and Digital Identity Directorate, Department for Digital, Culture, Media & Sport, 100 Parliament Street, London SW1A 2BQ