Data protection and information security
This page explains the importance of information security to DWP, in particular within its supply chain, and also provides the DWP Information Security Policy and related guidance products.
The DWP has one of the largest and diverse supply bases in government and its suppliers are responsible for millions of pieces of personal and sensitive information and data. Protecting that data has been a key legal requirement since 1998 under the Data Protection Act. It is important that suppliers have measures in place to meet this requirement throughout the life of a contract.
The DWP takes data security very seriously and is required to give assurance that personal data is being appropriately protected throughout its supply chain.
"Protective security, including physical, personnel and information security, is an essential enabler to making government work better. Security risks must be managed effectively, collectively and proportionately, to achieve a secure and confident working environment." Overarching Security Policy Statement from HMG Security Policy Framework Cabinet Office 2008
- Intelligence and protective security (Cabinet Office website)
The DWP Security Policy for Contractors sets out how the Framework applies to DWP suppliers.
What is required of DWP Suppliers?
Suppliers to the Department must, in the contracts they deliver, protect personal information and include focus on the following areas, to specific levels and degrees depending on the type of contract:
- personnel security
- information handling, transfer and storage processes (communication management)
- premises security
- portable media policies
- security incident handling, and
- information systems security
The letters attached below are provided as examples of communications that DWP contract managers, via the Commercial Director, have previously issued to Contractors:
- Letter of assurance - Security of data handling procedures - March-April 2008 (37KB)
- Letter of assurance - Protecting DWP customer data and other sensitive information - October 2008 (29KB)
We have developed a data security training and awareness slide pack for DWP suppliers and their employees delivering DWP contracts. Suppliers can use the slides as training material for their employees.
- Data security training and awareness slide pack (482KB) – updated 22 November 2011
Before directing their employees to the slide pack, suppliers should consider the content of this pack along with:
- the specific provisions within any contract that they deliver to DWP and
- any existing data security training/awareness within their organisation
- Data Protection and Security of Information in DWP - May 2012 (59KB)
- Data Protection and Security of Information in DWP - January 2010 (115KB)
- Data Protection and Security of Information in DWP - June 2010 (118KB)
Please email any enquiries about data protection and information security to the Supply Chain Information Assurance Team on firstname.lastname@example.org