Advice about data protection and information security for DWP suppliers and contractors.
DWP takes data security seriously and is required to give assurance that personal data is being appropriately protected throughout its supply chain.
We have one of the largest and diverse supply bases in government and our suppliers are responsible for millions of pieces of personal and sensitive information and data. Protecting that data has been a key legal requirement since 1998 under the Data Protection Act.
It is important that suppliers have measures in place to meet this requirement throughout the life of a contract.
Security policies and standards
All contractors of services to DWP must comply, and be able to demonstrate compliance, with the relevant policies and standards.
Information security policy
This sets out how DWP and its delivery partners and suppliers manage and protect our information. It explains the responsibilities that various functions, roles and individuals have for ensuring the:
- confidentiality and integrity of information within DWP
- availability of information within DWP
Acceptable use policy
This has replaced the Electronic Media Policy. It defines the security and resilience responsibilities for all staff and delivery partners and suppliers to help protect DWP information and equipment.
It outlines key responsibilities including:
- only using approved equipment and systems for work tasks
- the protection of personal data
- making sure all communications are secure
It also highlights the guidelines for protecting DWP if using Social media – and the do’s and don’ts of using DWP technology for personal tasks.
Physical security policy
This sets out how DWP protects its premises, equipment and colleagues from risks such as:
- unauthorised intruders
It outlines the key responsibilities expected of colleagues and details processes and controls by which physical security is maintained. These include proactively identifying risks and taking steps to avoid them.
Baseline personnel security standard for DWP contractors
The baseline personnel security standard describes the pre-employment controls for all government contractors. The controls described in this document must be applied to any individual who, in the course of their work, has access to government assets.
Data security training and awareness slide pack for DWP suppliers
The data security training and awareness slide pack is for DWP suppliers and their employees delivering DWP contracts. Suppliers can use the slides as training material for their employees.
Suppliers should consider the content of the pack along with:
- the specific provisions within any contract that they deliver to DWP
- any existing data security awareness and training in their organisation
Data protection and security of information in DWP: June 2015 bulletin
This bulletin explains the importance of information security and also provides advice about data protection.