Information security needs to be taken seriously in public procurement

Good article on the Local Government Lawyer about information security:

Information security encompasses the strategies for managing the processes, tools and policies to prevent, identify, document, and counter threats to both digital and non-digital information. Procurement practitioners must be aware of the potential risks of information breaches in their day-to-day business. The nature of public procurement demands that measures to protect information security are an integral part of the process throughout the cycle of the procurement, including at the point of service delivery. The handling of sensitive information and the sharing of information with suppliers makes the topic a key concern for procurement officials. Information at risk includes:

bid information;
financial information;
organisation information, such as intellectual property; and
service user information.

That is all true, but the problem of information security/management is not valid for the duration of the procurement procedure only. It is valid for contract performance as well, something that as we saw a few weeks ago with the NHS ransomware attack is not really taken into account today.