IT

Cyber security

The Information Security team provides guidance and support during your research phase for suppliers, through to your final selection procurement stages.

To ensure that we have time to review products or services with you, we strongly advise that you get in touch with us at least six weeks prior to completing any purchase.

At the initial stages of finding a supplier:

1. First contact the Information Security Team, by email, to inform us about the product or services you are considering for purchase.

Email the Information Security Team

We will review the information about the product or services, and work with you to provide advice to ensure the supplier meets all security considerations and standards for UofG.

Once you've identified a potential supplier:

1. Ask them to complete our initial cyber security questionnaire to complete and return it to you:

• Initial Supplier Assurance questionnaire (UofG) (Word, 33.8KB)

2. Send the completed Cyber Security questionnaire form to the Information Security Team, by email.

This information will be reviewed by the team and we will assess if the supplier meets and complies with the standards and cyber security considerations for UofG. We will liaise with you during this process, which will help with your initial scoring of suppliers

During the procurement phase:

1. Please ensure the supplier(s) or supplier of choice, completes the following ScotGov form, providing cyber security guidance for public sector suppliers:

• Supplier Assurance questionnaire - High Risk Profile (ScotGov)

2. Once they have completed this form, they must return the form to you.

3. Send the completed to the Information Security Team, by email, and we will go over the information and liaise with you.

Find out more

• Cyber security guidance for public sector suppliers (ScotGov)
• Information Security

Data protection

You must consider the collection of personal and other data, and how it will be used, including:

• Privacy notices (states how individuals' data will be used)
• Data sharing with third parties (to ensure compliance with data protection legislation)
• Data Protection Impact Assessment (DPIA) (this may be required)

Find out more

Contact the Data Protection & Freedom of Information Office for more advice on personal data and data sharing.

Digital accessibility

We have legal obligations to ensure our digital content is accessible, under the Equality Act 2010, and Digital Accessibility Regulations 2018.

The product or service must also conform to the Web Content Accessibility Guidelines (WCAG) 2.2 AA and all digital systems and content, must include appropriate accessibility statements.

These are also the legal requirements for a supplier and you must request evidence of product compliance from them.

Find out more

• Legal requirements for platform owners
• Digital accessibility guidelines
• 10 tips for accessible procurement (AbilityNet)