Information security in public procurement

When purchasing or procuring products, services or systems, you need to consider information security aspects. You may also need to carry out an information classification to assess any particular risks. This assessment can provide a solid foundation for defining the necessary security requirements.

The requester or owner of what is being purchased or procured is responsible for ensuring that these activities are carried out and that the results are integrated into the procurement process.

Document and pen symbolising an agreement to be signed
Photo: Pixabay.

This means:

  • The information handled during the procurement process must be processed securely, both within KI and by any suppliers (ensuring an information-secure procurement process).
  • The product or service must meet the identified information security requirements throughout the entire contract period (an information-secure delivery).