Supplier information security requirements

In our contracts we will advise you what information security requirements apply.

Our standard conditions of purchase will reflect “Information Security Requirements Level 1”.
As the sensitivity or the nature of the information you receive increases additional controls may be required and as a minimum if you receive BAE SYSTEMS SENSITIVE information, then “Information Security Requirements Level 2” will apply and for BAE SYSTEMS HIGHLY SENSITIVE information, then “Information Security Requirements Level 3” will apply.

Where you provide specialist systems/services you may be required to comply with additional controls.