Framework Agreement Description
This cyber security services framework is a new framework which offers a complete range of external support services to help NHS and wider public sector organisations manage cyber risks and recover in the event of a cyber security incident. Through design, delivery, testing, governance and assurance it enables service continuity in patient care by ensuring patient data is secured and critical services and systems remain available.
The framework has been developed in partnership with
NHS Digital and the
National Cyber Security Centre (NCSC).
Framework Agreement Information
When does the framework start?
12 May 2020 - 11 May 2022 (with the option to extend to 2024)
Who can take advantage?
NHS, Local Authorities, Emergency Services, Educational establishments and all Public Sector Organisations located across the UK and its nations (England, Scotland, Wales, Northern Ireland)
What does it cover?
The framework is a fully OJEU compliant route to market for the provision of cyber security services to NHS and public sector authorities. It provides access to Twenty-five carefully selected suppliers from a highly specialised marketplace encompassing both SMEs and global multi-national providers. It offers a sustainable solution to source external support to meet the cyber security challenges below:
• Improved security control, preparedness and response across health and care organisations
• Service continuity to enable continued delivery of patient care
• Support for improved data security capabilities within organisations.
Pricing options include day rates and also the possibility to agree innovative pricing models.
Who developed it?
The framework has been developed in partnership with NHS Digital and the National Cyber Security Centre (NCSC) and is designed to complement services already available from NHS Digital's Data Security Centre and for Trusts to implement solutions locally. Stakeholders from Wirral University Teaching Hospital NHS Foundation Trust supported the evaluation alongside NHS Digital's technical SMEs following a rigorous procurement process, which was led by NHS SBS.
Why should I use it?
• NHS DIGITAL APPROVED
The framework is supported and approved by NHS Digital with detailed input into specification and evaluation.
• EMERGENCY RESPONSE
Lot 1 Emergency Cyber Incident Management provides highly specialised suppliers with ability to offer time-critical response 24/7/365.
• REGIONAL OPTIONS
Lot 1 Emergency Cyber Incident Management enables customers to appoint providers on a regional basis as well as nationally.
• END-TO-END CYBER RISK MANAGEMENT
The framework is structured to guide customers through their cyber risk management capability development, from emergency incident response, advisory on cyber security compliance, to on-going support from specialist security personnel.
• DIRECT AWARD
Ability to directly award a contract to approved suppliers on the framework providing a timely and compliant route to market to meet your requirements.
Opportunity to run a mini-competition to meet the bespoke requirements of each organisation; as well as helping to drive further competitive pricing.
• PRICE AND SAVINGS
Fixed public sector framework pricing offering competitive rates for consultancy and assurance services.
• CHOICE OF SUPPLIERS
Twenty-five suppliers to suit all requirements: from SME specialists, to global multi-national providers in a highly specialised marketplace.
• OJEU AVOIDANCE
A compliant procurement exercise has been already undertaken to offer a simplified procurement route in a highly specialised and complex market.
• FLEXIBLE CONTRACT TERMS
The ability to utilise a number of contracts across the Lots, enabling users to mix and match their requirements and tailor individual requirements.
• MANDATORY CERTIFICATIONS
All appointed suppliers have demonstrated Cyber Essentials Plus or equivalent (e.g. ISO27001)
View the framework agreements
View the framework agreements
Which suppliers are on the framework?
Scope of the Framework: Lot Structure
The Cyber Security Services framework agreement is broken down into the following individual Lots based on specialist service areas:
Lot 1 Emergency Cyber Incident Management
Focuses on the provision of urgent incident response capability for large-scale or local incidents, including the ability to quickly draw down expert skills and resource 24/7/365.
Particularly useful to support incident control, containment, resolution and remediation in the event of a Cyber Security Incident.
Lot 2 Cyber Consultancy Services
Delivers specialist support needed to enhance an organisation's cyber credentials, including Data Security On-Site Assessments, Security Testing, Technical Assurance, Forensics and Investigations, Policy Development, Awareness and Training.
Particularly useful for any organisation that has a requirement to access ad-hoc or ongoing advisory support often strategic in nature with well defined outcomes.
Lot 3 Security Personnel
Enables supply of specialist personnel to support and augment existing in-house capability.
Requirements are anticipated to be wide ranging and of a more routine nature. This lot will ultimately support organisations to reduce their exposure to threats, improve security defences and provide resource support to respond to cyber incidents.
You might also be interested to find out more about our related frameworks:
Digital Workplace Solutions
Healthcare Clinical Information Systems
IT Consultancy Services (Consult 18)
For more framework agreements see our