Table of contents

Assessing suppliers

The Ministry of Justice (MoJ) assesses suppliers as a responsible public body managing public funds and data. These assessments range from commercial and legal for the purposes of contract through to risk assessments for the purposes of information security.

The MoJ uses a range of risk management techniques including information risk assessments.

Suppliers are expected to create, maintain and demonstrate a mature and considered approach to risk management when engaged with the MoJ.


The MoJ no longer accredits new systems or suppliers (as defined by CESG Information Assurance Standard 1&2).

The MoJ maintains accreditations where committed to by existing contract.

Commodity digital technology

MoJ assesses commodity digital technology supply chain such as Software-as-a-Service (SaaS) tools such as Google Workspace, Microsoft Office 365, Trello and Atlassian Cloud based on the Cloud Security Principles, information risk assessment techniques and shared data within HMG.


If you have any questions or comments about this guidance, such as suggestions for improvements, please contact: