USG suppliers play an important role in protecting USG’s data and information assets. When selecting and working with suppliers, it is important for all USG organizations to manage cybersecurity risks related to suppliers. This page outlines some important responsibilities for all USG organizations.
Include all Relevant Agreements and Appendixes: Supplier contracting plans must include the appropriate agreements and appendices to ensure security, compliance, and privacy of USG data. The Business Procedures Manual, Section 3.4.4 applies when a supplier will or will be able to access, collect, process, or maintain USG data or other critical information. It is also applies when a supplier will or will be able to access and/or provide mission-critical IT Resources. Additionally, the IT Handbook and the Supplier Management: A USG IT Handbook Companion Guide addresses the technical requirements affecting both the USG and the suppliers under consideration.
Ensure Suppliers Meet Requirements: Select a supplier that meets compliance requirements, including security and privacy. Before executing a supplier contract, make sure the supplier clearly understands USG’s cybersecurity requirements and provides an acceptable plan for protecting USG data and information assets. Select a supplier by considering a broad range of functional and performance capacities, including the ability to protect USG’s data and information assets and execute supplier responsibilities as defined within the USG Cybersecurity Standard. USG organizations must include cybersecurity planning in the entire supplier lifecycle. Consult your local cybersecurity professional or contact email@example.com should you have questions.
Leverage Procurement Services: Procurement Services guides the supplier selection process by helping USG organizations follow the correct procurement and contracting process. For example, checklists have been provided to aid in the contracting process. Also provided are FAQs to address the most common questions. To learn more about USG contract language including data security and privacy terms and conditions, contract routing form example, and contract flow diagrams, please visit the Procurement Services website (credentials required). If you have additional questions, please contact firstname.lastname@example.org.