Cyber security: guidance for public sector buyers

Guidance setting out best practice from the National Cyber Security Centre, the UK technical authority on cyber security.


1 Further information on the applicability of the Public Sector Action Plan and its associated requirements (including the Scottish Public Sector Cyber Resilience Framework that this guidance note will form part of) can be found at Annex A of the Action Plan Implementation Toolkit. Note that we expect the Scottish Public Finance Manual to be updated for FY 2020-21 to reflect the requirements of the PSAP and the Framework.

2 See:

3 Some organisations may not be able to attain Cyber Essential accreditation if, e.g. they outsource their IT provision. It cannot therefore be universally adopted as a criterion, but should be examined in the context of each contract.

4 Note: These principles are directly referenced under NIS Guidance, thus ensuring consistency for Operators of Essential Services in the Scottish public sector (health and water), who may be expected under NIS to have regard to them.



Back to top