Skip to main content

Contract and supplier security guidance for health and care organisations

Guidance for health and care organisations to make sure that the potential security risks that come with using an outsourced provider or supplier for IT or other services are assessed and managed correctly, so that systems and data are properly protected.

The guidance covers:

  • assessing outsourcing risks
  • contracts and confidentiality agreements
  • hiring and training of employees and third party staff
  • access controls
  • security audits
  • responsibilities for contract and supplier monitoring
  • internal

    Contract and supplier security: example policy

    This policy template is designed to be used by health and care organisations that outsource IT or other services, to make sure appropriate controls and safeguards are in place to properly protect data and systems.

Last edited: 11 April 2018 5:27 pm