Those of us who are used to negotiating longer term IT based services agreements will be familiar with the "Security Schedule" - setting out the rules which will apply between the parties on IT and information security. Traditionally driven by the specific needs and policies of the parties it could be that, before long, elements of those schedules will be set by regulation. 

On 17th May the UK Government launched a consultation on cyber security measures in "managed services" agreements. It will be open for responses until 11th July. There are suggestions that, as part of a drive to make the UK the leading place for cybersecurity, the process could eventually lead to prescribed rules being set on minimum steps which must be taken in any relevant contracts. 

Business who either buy or supply managed services should consider responding.