The Department and its agencies are required to follow the principles of the Department’s procurement manual. The general terms and conditions, as set out in the procurement manual, for the procurement of services from outside organisations, require the contractors to comply with the Data Protection Act. In the case of contracts where the processing of personal data is a key part of the service to be provided (i.e. where the contractor will act as our ‘data processor’) tenderers are required to provide specific guarantees about the technical and organisational security measures they have in place to ensure compliance with the seventh principle of the Data Protection Act, which if they are successful should form part of the contract. The general terms and conditions also set out a general duty of care for contractors.
The Department and its agencies set additional security standards on a case by case basis during the procurement process depending on the nature of the service to be provided.