Cyber Security Services
Framework Agreement Description
This Cyber Security Services Framework Agreement offers a complete range of external support services to help NHS and wider public sector organisations manage cyber risks and recover in the event of a cyber security incident. Through design, delivery, testing, governance and assurance, the framework agreement enables service continuity in patient care by ensuring patient data is secured and critical services and systems remain available.
Download the Framework Flyer
Framework Agreement Information
When does the framework start?
12 May 2020 - 11 May 2024
Who can take advantage of the framework?
NHS, Local Authorities, Emergency Services, Educational sector and all Public Sector Organisations located across the UK and its nations (England, Scotland, Wales, Northern Ireland)
What does the framework cover?
This cyber security services framework offers external support services to help NHS and wider public sector organisations manage cyber risks and recover in the event of a cyber security incident. Through design, delivery, testing, governance and assurance it enables service continuity in patient care by ensuring patient data is secured and critical services and systems remain available.
• Lot 1 Emergency Cyber Incident Management
• Lot 2 Cyber Security Consultancy Services
• Lot 3 Security Personnel
What are the benefits of the framework?
• NHS DIGITAL APPROVED
The framework is supported and approved by NHS Digital with detailed input into specification and evaluation.
• EMERGENCY RESPONSE & REGIONAL OPTIONS
Lot 1 Emergency Cyber Incident Management provides highly specialised suppliers with ability to offer time-critical response 24/7/365 & enables customers to appoint providers on a regional basis as well as nationally.
• END-TO-END CYBER RISK MANAGEMENT
The framework is structured to guide customers through their cyber risk management capability development, from emergency incident response, advisory on cyber security compliance, to on-going support from specialist security personnel.
• CHOICE OF SUPPLIERS
Twenty-five suppliers to suit all requirements: from SME specialists, to global multi-national providers in a highly specialised marketplace.
• DIRECT AWARD
Ability to directly award a contract to approved suppliers on the framework providing a timely and compliant route to market to meet your requirements.
Opportunity to run a mini-competition to meet the bespoke requirements of each organisation; as well as helping to drive further competitive pricing.
• PRICE AND SAVINGS
Fixed public sector framework pricing offering competitive rates for consultancy and assurance services.
• OJEU AVOIDANCE
A compliant procurement exercise has been already undertaken to offer a simplified procurement route in a highly specialised and complex market.
• MANDATORY CERTIFICATIONS
All appointed suppliers have demonstrated Cyber Essentials Plus or equivalent (e.g. ISO27001)
Scope of the Framework: Lot Structure
The Cyber Security Services framework agreement is broken down into the following individual Lots based on specialist service areas:
Lot 1 Emergency Cyber Incident Management
Focuses on the provision of urgent incident response capability for large-scale or local incidents, including the ability to quickly draw down expert skills and resource 24/7/365. Particularly useful to support incident control, containment, resolution and remediation in the event of a Cyber Security Incident.
Lot 2 Cyber Consultancy Services
Delivers specialist support needed to enhance an organisation's cyber credentials, including Data Security On-Site Assessments, Security Testing, Technical Assurance, Forensics and Investigations, Policy Development, Awareness and Training. Particularly useful for any organisation that has a requirement to access ad-hoc or ongoing advisory support often strategic in nature with well defined outcomes.
Lot 3 Security Personnel
Enables supply of specialist personnel to support and augment existing in-house capability. Requirements are anticipated to be wide ranging and of a more routine nature. This lot will ultimately support organisations to reduce their exposure to threats, improve security defences and provide resource support to respond to cyber incidents.
Which suppliers are on the framework?