- Request
-
1) How much of the Council budget is attributed to engaging technology to support with delivery of public sector services?
2) a) How many tenders did the Council issue in the last 24 months for the purposes of engaging Software as a Service?
b) What was the total value of all the contracts awarded in relation to question 2a?
c) How many (or what percentage) of the above tenders required ISO27001 as an essential or desirable accreditation for bidders?
d) How many (or what percentage) of the above tenders required Cyber Essentials or Cyber Essentials Plus as an essential or desired accreditation for bidders? - Decision
-
1. The IMT Net Revenue Budget for 2023/24 is £17,331,064, as per the Budget Book 2023/24 (Table 2 P11)
All Budget Book information is published on Lincolnshire's County Council website:
2.
a. Lincolnshire County Council is not reasonably able to differentiate between contracts procured as SaaS from other software procurements. All contracts from Lincolnshire County Council are available to view on its contract register https://www.lincolnshire.gov.uk/supply-council-goods-services/find-tender-opportunities. The contract date fields and CPV fields should assist the enquirer. CPV field 48000000 – Software Package and Information Systems.
b. 31 contracts totaling £40.7 Million awarded in the last 24 months by Lincolnshire County Council for CPV 48000000 – Software Package and Information Systems. As per Question 2 a), the Procurement team is not reasonably able to differentiate between contracts procured as SaaS from other software procurements.
c. It may be helpful to know that when procuring software as a service the council seeks to extract a number of different assurances from the supplier. In order to gain confidence that security measures are genuine and effective we will seek assurance in three areas:
- assertion from the third party, and an evaluation of relevant security measures that support that assertion
- evidence of independent validation of security measures which can include ISO27001 and/or Cyber Essentials
- commitment to meeting minimum standards via contract or other formal agreement
Lincolnshire County Council’s policy on third party minimum security standards is available here https://www.lincolnshire.gov.uk/council-councillors/minimum-security-controls-%E2%80%93-third-party-information-sharing-processing-policy
d. The Council may require assurance of the security capabilities of its suppliers where ISO27001, Cyber Essentials Plus (or equivalent) would give the necessary assurance.
- Reference number
- 6825257
- Date request received
- 18 May 2023
- Date of decision
- 16 June 2023