This guidance is concerned with the procurement of products, services or works, where there may be concerns regarding security and crime, including Serious Organised Crime (SOC) and Cybercrime.
It is part of a series of guides which support the sustainable procurement duty tools to help public sector organisations embed sustainability into their procurement processes.
There are links between security and crime and human rights. For example, SOC groups are often involved in human trafficking and labour exploitation, and these matters should be considered alongside one another. Separate Worker Conditions Guidance is available.
Scottish Government Guidance on due diligence: human rights sets out how the Scottish Government, executive agencies and non-departmental public bodies should undertake appropriate due diligence on companies, including their human rights record, before entering into an investment relationship with them.
Serious Organised Crime is crime which involves more than one person; is organised, meaning that it involves control, planning and use of specialist resources; causes, or has the potential to cause, significant harm; and involves financial or other benefit to the individuals concerned.
SOC groups are involved in the use of seemingly legitimate businesses. Cash businesses; those with relatively low-capital costs; or those with low levels of regulation and enforcement, are likely to be more vulnerable to the involvement of SOC.
Sectors that may be vulnerable to the involvement of SOC include:
The above list of examples is by no means exhaustive and should not be treated as such, other sectors may be affected.
Cyber security is about understanding the cyber threat to supply chain security and taking appropriate, proportionate action to reduce the risk of damage or disruption in our contracts and supply chains.
Cyber security is often thought of in terms of cyber-attacks when processing personal data, but it can also be important in arrangements involving sensitive official information, industrial control systems or the "Internet of Things" (where computing devices are embedded in everyday physical objects, which are then enabled to communicate, be controlled, etc. via the Internet).
Are there appropriate forums to share information with others in your own organisation, or those in the public sector? Is it proportionate to engage with experts such as Scottish Environment Protection Agency (SEPA) or Police Scotland? This could be to identify at-risk markets and what potential risks to related procurements might be, to establish if suppliers have been identified as being involved in SOC, or to check information supplied in bids.
Involve appropriate experts at the earliest stages of designing and specifying the requirement (not just when the tender documents are being written). For example, when undertaking Life Cycle Impact Mapping and Sustainability Test.
Possible indications of the legitimacy of a business might include a commitment to:
The above are just some examples, they are not in order of priority, and relevance and proportionality will depend on the nature of the procurement.