CCS launches revised cyber security framework
Organisation enters into second joint venture with the National Cyber Security Centre (NCSC) to provide more streamlined means of obtaining accredited services for public sector
The Crown Commercial Service (CCS) has announced the launch of the Cyber Security Services 2 framework as part of an ongoing collaboration with the government’s National Cyber Security Centre (NCSC) authority to provide certified expertise to departments and authorities.
A total of 121 suppliers are included on the agreement that is divided into four separate lots to provide consultancy and other security functions for public sector bodies. According to CCS, 71% of these suppliers are classed as small and medium-sized enterprises (SMEs).
The framework is intended to run for an initial 12 month period, with the option to then extend its lifespan for an additional 24 months.
The full scope of the agreement is divided into the following four lots:
- Cyber consultancy that includes risk assessment and management, as well as security architecture, audits and reviews
- Check penetration testing to analyse systems or networks relied on by an organisation and what weaknesses they may have
- Incident response
- Tailored assurance
CCS said the agreement marked a second joint venture with the NCSC with the aim of offering revisions to how cyber security services and consulting expertise can be procured centrally by the public sector in a more simplified manner.
“The new framework enables a competitive mini competition process, taking account of the differing needs of each user, and buyers are supported with simple but effective government terms and conditions for critical services,” the organisation said in a statement on the launch.
“Cyber Security Services 2 provides a semi dynamic award for suppliers - meaning that suppliers or services can be added at any time during the life of the agreement. Only suppliers who have current NCSC certification for their services will be available for buyers to use.”
CCS claimed that the framework was the first arrangement to make use of a revised tender pack that would simplify the process for SMEs to meet government supply chain needs.
“CCS is also introducing the new ‘once only’ process, known as SID4GOV, allowing suppliers to reuse selection questionnaire responses when bidding for other public sector procurements, including competitions following an OJEU notice and mini competition tenders,” the organisation added.
Parliament’s Public Accounts Committee (PAC) last month released a report looking at the government’s cyber security efforts that included calls for a clearer focus in defining the NCSC’s role in preventing attacks.
The committee called for a detailed plan to be published by the government by the end of the financial year detailing how the NCSC will assist and communicate with organisations.
According to the report, as of April 2016, 12 separate teams or bodies working from the centre of government were charged with tackling or preventing potential cyber threats, seen as one of the key security risks facing the nation.