Procurement framework launched to help NHS manage cyber risks

4 June 2020 10:47

A new free to access procurement framework has launched to help public sector organisations including the NHS to manage cyber risks and recover in the event of a cybersecurity incident.

The Cyber Security Services Framework has been developed by NHS Shared Business Services (NHS SBS), providing access to 25 suppliers specialising in managing cyber risks, recovering from attacks, cyber consultancy and security personnel.

Developed in partnership with NHS Digital and the National Cyber Security Centre (NCSC), the framework addresses the Department of Health and Social Care’s Cyber Security agenda and complements services already available from NHS Digital’s Data Security Centre.

The framework, which is set to run until May 2022 (with an option to extend for a further two years), has three lots and an estimated value of £250 million.

Phil Davies, director of procurement at NHS SBS said: “The launch of this new framework is particularly timely as the COVID-19 pandemic has prompted a new wave of cyber-attacks and scams. We welcomed the opportunity to partner with NHS Digital and look forward to continuing our collaborative relationship to ensure the agreement meets national cyber needs.

“Technology plays a huge part in the way the NHS delivers patient care so it is vital that healthcare providers keep data secure, whilst being prepared for and resilient against attacks.

“The NHS and public sector has been proactive in harnessing improvements in cyber security since the WannaCry attacks in 2017 but there is still more work to be done. This framework provides a sustainable and trusted solution to help organisations meet the challenges around cyber security head on.”

Lot 1 is emergency cyber incident management, aimed at helping organisations find support in dealing with a crisis or large scale incident quickly. Lot 2 is cyber consultancy services for ad hoc or ongoing support such as security testing and data security assessments. Lot 3 is for the supply of specialist personnel to back up in-house security capabilities.

The 25 specialist suppliers on the framework were awarded after a comprehensive and fully OJEU (Official Journal of the European Union) compliant procurement exercise. They include a range of multinationals and SMEs to suit all needs.

It means that NHS can directly award contracts without the need for a complex and time-consuming procurement process, or run mini competitions to meet any bespoke requirements and drive further competitive pricing.

Related

Training our way out of the cybersecurity shortfall

The rising importance of cybersecurity and compliance in healthcare

Are medical devices protected from cyber criminals?

Zener launches course to protect medical devices from cyber threats