Guidance

Data protection and information security for DWP suppliers

Advice about data protection and information security for DWP suppliers and contractors.

Documents

Security policies and standards

This file may not be suitable for users of assistive technology. Request an accessible format.

If you use assistive technology (eg a screen reader) and need a version of this document in a more accessible format, please email accessible.formats@dwp.gsi.gov.uk. Please tell us what format you need. It will help us if you say what assistive technology you use.

Information security policy

This file may not be suitable for users of assistive technology. Request an accessible format.

If you use assistive technology (eg a screen reader) and need a version of this document in a more accessible format, please email accessible.formats@dwp.gsi.gov.uk. Please tell us what format you need. It will help us if you say what assistive technology you use.

Acceptable use policy

This file may not be suitable for users of assistive technology. Request an accessible format.

If you use assistive technology (eg a screen reader) and need a version of this document in a more accessible format, please email accessible.formats@dwp.gsi.gov.uk. Please tell us what format you need. It will help us if you say what assistive technology you use.

Physical security policy

This file may not be suitable for users of assistive technology. Request an accessible format.

If you use assistive technology (eg a screen reader) and need a version of this document in a more accessible format, please email accessible.formats@dwp.gsi.gov.uk. Please tell us what format you need. It will help us if you say what assistive technology you use.

Baseline personnel security standard for DWP contractors

This file may not be suitable for users of assistive technology. Request an accessible format.

If you use assistive technology (eg a screen reader) and need a version of this document in a more accessible format, please email accessible.formats@dwp.gsi.gov.uk. Please tell us what format you need. It will help us if you say what assistive technology you use.

Data security training and awareness slide pack for DWP suppliers

This file may not be suitable for users of assistive technology. Request an accessible format.

If you use assistive technology (eg a screen reader) and need a version of this document in a more accessible format, please email accessible.formats@dwp.gsi.gov.uk. Please tell us what format you need. It will help us if you say what assistive technology you use.

Data protection and security of information bulletin

This file may not be suitable for users of assistive technology. Request an accessible format.

If you use assistive technology (eg a screen reader) and need a version of this document in a more accessible format, please email accessible.formats@dwp.gsi.gov.uk. Please tell us what format you need. It will help us if you say what assistive technology you use.

Detail

DWP takes data security seriously and is required to give assurance that personal data is being appropriately protected throughout its supply chain.

We have one of the largest and diverse supply bases in government and our suppliers are responsible for millions of pieces of personal and sensitive information and data. Protecting that data has been a key legal requirement since 1998 under the Data Protection Act.

It is important that suppliers have measures in place to meet this requirement throughout the life of a contract.

Security policies and standards

All contractors of services to DWP must comply, and be able to demonstrate compliance, with the relevant policies and standards.

Information security policy

This sets out how DWP and its delivery partners and suppliers manage and protect our information. It explains the responsibilities that various functions, roles and individuals have for ensuring the:

  • confidentiality and integrity of information within DWP
  • availability of information within DWP

Acceptable use policy

This has replaced the Electronic Media Policy. It defines the security and resilience responsibilities for all staff and delivery partners and suppliers to help protect DWP information and equipment.

It outlines key responsibilities including:

  • only using approved equipment and systems for work tasks
  • the protection of personal data
  • making sure all communications are secure

It also highlights the guidelines for protecting DWP if using Social media – and the do’s and don’ts of using DWP technology for personal tasks.

Physical security policy

This sets out how DWP protects its premises, equipment and colleagues from risks such as:

  • theft
  • loss
  • unauthorised intruders

It outlines the key responsibilities expected of colleagues and details processes and controls by which physical security is maintained. These include proactively identifying risks and taking steps to avoid them.

Baseline personnel security standard for DWP contractors

The baseline personnel security standard describes the pre-employment controls for all government contractors. The controls described in this document must be applied to any individual who, in the course of their work, has access to government assets.

Data security training and awareness slide pack for DWP suppliers

The data security training and awareness slide pack is for DWP suppliers and their employees delivering DWP contracts. Suppliers can use the slides as training material for their employees.

Suppliers should consider the content of the pack along with:

  • the specific provisions within any contract that they deliver to DWP
  • any existing data security awareness and training in their organisation

Data protection and security of information in DWP: June 2015 bulletin

This bulletin explains the importance of information security and also provides advice about data protection.