This guidance relates to the procurement of products, services or works, where there may be concerns regarding security and crime, including Serious Organised Crime (SOC) and Cybercrime.
It is part of a series of guides which support the sustainable procurement duty tools to help public sector organisations embed sustainability into their procurement processes.
There are links between security and crime and human rights. For example, SOC groups are often involved in human trafficking and labour exploitation, and these matters should be considered alongside one another. Separate Worker Conditions Guidance is available.
Scottish Government Guidance on due diligence: human rights sets out how the Scottish Government, executive agencies and non-departmental public bodies should undertake appropriate due diligence on companies, including their human rights record, before entering into an investment relationship with them.
Description of Risk or Opportunity
- Are there concerns that the market for the products, services or works procured is vulnerable to the involvement of Serious Organised Crime (SOC)?
- Will the service/s being procured involve, support or rely upon the digital processing of information on behalf of the organisation?
- Could ineffective design of services procured make the contract vulnerable to security and crime concerns?
- Are there opportunities to enhance security and reduce the harm caused by crime through the design of services, or, infrastructure that impact on communities? Such as removing barriers to work or enhancing education and skills of those most likely to reoffend?
Examples
Serious Organised Crime
Serious Organised Crime is crime which involves more than one person; is organised, meaning that it involves control, planning and use of specialist resources; causes, or has the potential to cause, significant harm; and involves financial or other benefit to the individuals concerned.
- The form of activity related to SOC can include:
- drugs
- counterfeiting, e.g. pharmaceuticals, and medical equipment, etc.
- money laundering
- immigration crime
- environmental crime
- fraud
- cybercrime
- human trafficking and labour exploitation
- Does the contract offer opportunities to inflate profits by cutting corners?
- Is there known involvement of SOC in the sector?
SOC groups are involved in the use of seemingly legitimate businesses. Cash businesses; those with relatively low-capital costs; or those with low levels of regulation and enforcement, are likely to be more vulnerable to the involvement of SOC.
- For example:
- money laundering or labour exploitation through nail bars;
- tanning salons;
- car washes;
- taxi and private car hire
Sectors that may be vulnerable to the involvement of SOC include:
- construction
- primary production, e.g. agriculture and seafood
- waste management / recycling, e.g. office, medical or household waste, and tyres, etc.
- vehicle / transport
- private security services
- property management
- children's nurseries
- funeral care
- service work - catering, cleaning, hospitality, care, domestic service, beauty
The above list of examples is by no means exhaustive and should not be treated as such, other sectors may be affected.
Cyber Security / cyber resilience
Cyber security is about understanding the cyber threat to supply chain security and taking appropriate, proportionate action to reduce the risk of damage or disruption in our contracts and supply chains.
Cyber security is often thought of in terms of cyber-attacks when processing personal data, but it can also be important in arrangements involving sensitive official information, industrial control systems or the "Internet of Things" (where computing devices are embedded in everyday physical objects, which are then enabled to communicate, be controlled, etc. via the Internet).
Are there appropriate forums to share information with others in your own organisation, or those in the public sector? Is it proportionate to engage with experts such as Scottish Environment Protection Agency (SEPA) or Police Scotland? This could be to identify at-risk markets and what potential risks to related procurements might be, to establish if suppliers have been identified as being involved in SOC, or to check information supplied in bids.
Involve appropriate experts at the earliest stages of designing and specifying the requirement (not just when the tender documents are being written). For example, when undertaking Life Cycle Impact Mapping and Sustainability Test.
Possible indications of the legitimacy of a business might include a commitment to:
- employer accreditation such as Investors in People, etc.
- Scottish Living Wage accreditation
- industry or organisational standards accreditation: PAS402 / Green Compass; ISO 9001; ISO27001 Cyber Essentials certification etc.
- registered with the Security Industry Authority Approved Contractors Scheme (where relevant)
- publication of a slavery and human trafficking statement (where required under section 54 of the Modern Slavery Act 2015)
- signatory to the Gangmasters and Labour Abuse Authority (GLAA) Construction Protocol
The above are just some examples, they are not in order of priority, and relevance and proportionality will depend on the nature of the procurement.