To ask His Majesty's Government how many public contracts across all departments currently include the “security schedules” referenced in the Government Cyber Security Strategy: 2022–2030; and what steps they are taking to ensure full implementation of proportionate cyber requirements across all commercial agreements.
Answered on
3 July 2025
It is long standing policy that Government does not disclose the specifics of its security arrangements, including with suppliers.
In recognition of the fact that not all government departments have the resources or expertise to include bespoke security requirements of every single commercial arrangement, GSG has developed and published Modular Security Schedules. These schedules provide departments with industry best practice security requirements to be included in commercial agreements. They have been tailored to meet a whole range of scenarios and risks.
These schedules are now publicly available on security.gov.uk and have been widely adopted by government departments. We are actively running training sessions for commercial teams to aid their implementation. Furthermore, they are now included in the standard, Model Services Contract, Mid-Tier Contract and Short Form Contract.