NHS Shared Business Services (NHS SBS) has opened a new procurement framework for cyber security services in the health service and wider public sector.
The framework went live earlier this month and is set to run for two years, with three lots and 25 companies involved and an estimated value of £250 million. The maximum length of a call-off contract is seven years.
It has been developed with NHS Digital and the National Cyber Security Centre to complement services already available from the former’s Data Security Centre. While it is aimed primarily at NHS organisations, NHS SBS said it is available throughout the UK public sector.
First of the three lots is emergency cyber incident management, aimed at helping organisations quickly find support in dealing with a crisis and focused on the provision of a capability to quickly deal with local or large scale incidents. It comprises 11 suppliers.
Second with 17 suppliers is cyber consultancy services for ad hoc or ongoing support and taking in functions such as on-site data security assessments, security testing, technical assurance, forensics, policy development, awareness and training.
Lot three, with 13 companies, is for the supply of specialist personnel to back up in-house security capabilities.
Familiar names
The suppliers include multinationals and SMEs, with familiar names including Accenture, CGI, NCC Goup, QinetiQ and Trustmarque.
NHS SBS highlighted how the Covid-19 pandemic has prompted a new wave of cyber attacks and scams, and the view that since the WannaCry ransomware attack in 2017 there have been improvements in cyber security arrangements around the NHS, but that it sill needs work and board level attention.
Photo: iStockphoto/Henrik Jonsson