Supply chain cyber security policy (standard)

This is a standard-length supplier cyber security policy designed to help businesses to create contractually enforceable obligations on suppliers with respect to cyber security.

This flexible template can be edited either to focus on specific, identified risks, or to apply a general benchmark across a supplier's systems.

Before or while editing the policy, you should establish what the relevant risks are, your general approach to those risks and the resources you propose to invest in mitigating the risks.

Detailed guidance notes are included to help you when editing this document.

In addition to the provisions in this standard version of the policy, the premium version includes provisions covering: (i) evidential requirements and auditing; (ii) detecting breaches; (iii) responding to breaches; and (iv) system and policy reviews and updates.

This policy was created and is maintained by Emma Osborn of OCSRC (https://www.ocsrc.co.uk) in collaboration with Docular.

Ask about this document

Supply chain cyber security policy (standard) contents

Introduction: purpose of cyber security document;
Provider
to protect
Customer
interests regarding cyber security.
Definitions: definitions.
Status of
this Policy
: document forms part of contract.
Cyber security risks: cyber security is a strategic risk; reference to identified risks; Data protection impact assessments; cyber security risk assessments.
Cyber security approach: processing data compliance;
Provider
to maintain minimum level of security ;
Provider
to maintain adequate level of security;
Provider
to maintain equivalent level of security.
Cyber security requirements: compliance with applicable standards; implementation of cyber security controls (access); cyber security training requirements; implementation of technical controls.
Actions upon termination: managing termination of contract; provision of data on contract termination ; deletion of
Customer
data ; provision of a record of data retained by the other party; access credentials revoked; requirements remaining in force.

ANNEX 1 (EVIDENCE REQUIRED OF COMPLIANCE)

List of evidence of compliance with cyber security policy.

ANNEX 2 (ADEQUATE ENCRYPTION STANDARDS)

List of adequate encryption standards

Supply chain cyber security policy (standard) document editor preview

This is a shortened preview of the editor interface; once you create your instance you'll be able to edit the full document in our online editor.

Supply chain cyber security policy (standard) document preview

This is a shortened preview of the DOCX output; once you create your instance you'll be able to download the full document in PDF, HTML, RTF and/or DOCX (Microsoft Word) format.

Which licence should I choose?

Version	1.0
First published	6 Aug 2018
Last updated	19 Jan 2023
Law	Neutral
Language	English (UK)
^†Word count	2,864
^†Template pages	5

† These figures are approximations.

Data protection law Law of confidence IT law Industry Policy

Supply chain cyber security policies

Supply chain cyber security policy (premium)

We do not limit the number of copies of a template you can make on your own computer. Nor do they limit the number of times you can print and sign a document. We do however limit the number of copies of a template you can create in the Docular editor, and also the number of websites / digital products with respect to which a template may be used.

There are four different licences under which you can access a Docular template.

	Free licence	Standard licence	Extended licence	Professional licence
Number of document instances	1	1	5	25
Number of websites or digital products	1	1	5	25
Sub-licences permitted	None	1	5	25
Document licence period	No expiry	No expiry	No expiry	No expiry
Credit for Docular	Yes	No	No	No

Number of document instances

Document templates are the products available for sale on this website; whereas document instances are "clones" of the templates, which you can edit using Docular's online editor and export from the website.

We will update our document templates from time to time, but this will not affect your document instances. When you create a document instance, it will be based upon the latest version of the underlying document template at the time of creation of the instance, irrespective of your date of purchase.

You can save your document instance to our servers at any time, and return to editing later. Once you are happy with your editing, you can export the document and save it to your computer.

Number of websites or digital products

The licences include numerical limits upon: (a) the number of websites (including cloud services) on which documents may be published; and (b) the number of digital products (such as software programs) with which documents may be distributed.

Sub-licences permitted

All of our paid licences allow you to sub-license to a client of yours the right to use a document created using Docular.

When you sub-license that right, it becomes attached to the particular client. The number of sub-licences you may grant is numerically limited and, again, the limitation corresponds to the document instance limitation.

Document licence period

This is the period of the licence to use documents created using and exported from the Docular online editor. In short, the licences do not expire. There are no ongoing licence fees.

Credit for Docular

Each free template includes a textual credit for Docular (eg "this document was created using Docular") and you must retain that credit in all versions of the document.

Legal T&Cs

For full details of the licensing rules governing the use of Docular templates, instances and exports, see our terms and conditions.