1. Do you purchase commercial-off-the-shelf applications and/or software?
Yes
2. If so, do your software suppliers have certificates that ensure the security of the applications and/or software supplied? (Please respond with the number of suppliers that have certificates that ensure the security of the applications and/or software supplied vs. the number of suppliers that do not have certificates or other documentation that ensure the security of the applications and/or software supplied)
We would expect to receive these but it is not always consistent. We do not hold the number of suppliers who have certificates.
3. Is it a policy at your organisation that all software vendors / suppliers have certificates or documentation that ensure the security of the applications and/or software supplied?
No, however, we will be requesting certificates under GDPR.