Guidance

PPN 09/23: Updates to the Cyber Essentials Scheme

This PPN sets out the actions organisations should take to identify and mitigate cyber threats, along with resources to support implementation.

Documents

Procurement Policy Note: Updates to the Cyber Essentials Scheme (PDF)

Request an accessible format.
If you use assistive technology (such as a screen reader) and need a version of this document in a more accessible format, please email [email protected]. Please tell us what format you need. It will help us if you say what assistive technology you use.

Details

Cyber Essentials is a Government backed scheme to help businesses of any size protect themselves against a range of the most common cyber attacks and to demonstrate their commitment to cyber security. Since 2014 the government has required suppliers bidding for certain types of public contracts to hold Cyber Essentials or Cyber Essentials Plus certification (or demonstrate that equivalent controls are in place) to ensure appropriate cyber security controls are in place and reduce cyber security risks in supply chains.

This PPN provides an update to PPN 09/14 and sets out the actions In-scope organisations should take to identify and mitigate cyber threats for certain types of contracts,  along with resources to support implementation. PPN 09/14 will be withdrawn.

Updates to this page

Published 19 September 2023
Last updated 16 October 2023 + show all updates
  1. Updated the second bullet point for Question 9 to replace the The Security Policy Framework reference with the Government Functional Standard which supersedes the SPF

  2. First published.

Sign up for emails or print this page