Skip to main content

Data Security Standard 10 - Accountable suppliers

Date Published:
28 September 2023

Current Chapter

Data Security Standard 10 - Accountable suppliers

View all

Next Chapter

Your suppliers and contracts (10.1.1 - 10.3.1)

This guidance relates to the 2023-24 (version 6) standard.

Overview

The National Data Guardian’s (NDG) Data Security Standard 10 - Accountable suppliers, states the following: 

IT suppliers are held accountable via contracts for protecting the personal confidential data they process and meeting the National Data Guardian’s Data Security Standards.

Standard 10, National Data Guardian (NDG) review

 

IT suppliers understand their obligations as data processors under the UK General Data Protection Regulation (UK GDPR), and the necessity to educate and inform customers, working with them to combine security and usability in systems. 

IT suppliers typically service large numbers of similar organisations and as such represent a large proportion of the overall ‘attack surface’. Consequently, their duty to robust risk management is vital and should be built into contracts as a matter of course. 

It's the responsibility of suppliers of all IT systems to ensure their software runs on supported operating systems and is compatible with supported internet browsers and plugins.

Please refer to further note on professional judgement, auditing and UK GDPR.

Last edited: 28 September 2023 11:06 am

Chapters

  1. Data Security Standard 10 - Accountable suppliers
  2. Your suppliers and contracts (10.1.1 - 10.3.1)