View all newsletters
Receive our newsletter - data, insights and analysis delivered to you

NHS Taps 25 Firms to Provide Security Under a Massive £250 Million Framework

Big Four, six SMEs, other SIs win NHS security work

By claudia glover

The NHS has signed up 25 companies to provide cybersecurity services under a massive new £250 million framework agreement.

The contract awards fall into three lots: incident management (£90 million), consultancy (£80 million), and personnel (£80 million).

Nine of the contracts were awarded to the Big Four.

Deloitte won across all three lots. Ernst and Young, KPMG and PWC won two each. The NHS had received 60 tenders; 19 from SMEs.

NHS Cyber Security Contracts

A contract award notice notes that NHS Shared Business Services worked closely with NHS Digital to offer an “additional solution to support the existing portfolio of security solutions currently available.”

The note, published May 26, added that the contracts will “provide NHS organisations with an even greater number of cyber security service options and approved suppliers” and “offer services not covered by NHS Digital”.

(NHS Digital can’t provide incident response or personnel).

Content from our partners
Scan and deliver
GenAI cybersecurity: "A super-human analyst, with a brain the size of a planet."
Cloud, AI, and cyber security – highlights from DTX Manchester

The contract awards span the following:

Incident Management: This will include “provision of urgent incident response capability for large-scale or local incidents, offering approved organisations the ability to quickly call down expert resource to support incident control, containment, resolution and remediation.”

Consultancy: This will include “access to ad-hoc or ongoing professional services” to be defined locally by NHS Trusts.

Personnel: This will span the “supply of specialist personnel to support approved organisation existing in-house capability… [and] support approved organisations to reduce their exposure to threats, improve security defences and support in the event of cyber incidents.”

Of the companies outside the Big Four, four cyber security enterprises managed to win a contract in each lot; security company Softcat, CSC Computer Sciences, Commissum Associates and Accenture UK.

Some of these companies are already working closely with the NHS. Just last week Accenture said it had managed to put all 1.2 million employees of the NHS onto Microsoft Teams within one week.

The cyber security framework was designed by the NHS Shared Business Service, in partnership with the National Cyber Security Centre, The ISC (International Standard for Information Security) and Cyber Essentials.

Each company vying for a contract had to be certified to be Cyber Essentials Plus or higher. The entire procurement process took six to nine months at the approximated cost of £25,000 per each contracting authority.

Read This! Google and Apple Push Out Contract Tracing API, as NCSC Scrambles to Fix NHS Application Bugs

The NHS Shared Business Authority has explained in a report on the cyber security framework released earlier this month, that as technology plays such a large part in the way the NHS delivers patient care, the use of cloud services and mobile devices is ever increasing, making it important to ensure that patient data is secured and that services and systems remain available.

The contract awards come as a mere one of the NHS’s 200+ trusts has passed the government’s “Cyber Essentials Plus” test, according to a worrying new audit report that Computer Business Review covered last week.

The National Audit Office (NAO) report revealed that of the 204 trusts that had mandatory on-site cybersecurity inspections, only one got the full pass mark required for “Cyber Essentials Plus” accreditation.

Don’t Leave Before You’ve Read This! The Promise of Browser Isolation: A Panacea with a UX Problem?

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.