NHS Digital to procure new specialist security services

NHS Digital is expanding our pool of contracted suppliers to provide a range of specialist security service support for the products, infrastructure, systems and services that we manage and provide to health and care organisations.

This procurement will provide us with more capacity and expert capability to support health and care organisations, ensuring the patient and clinical benefits of new technology in health are maximised and risks are reduced.

We will provide more direct support to health and care organisations, supporting them with local issues and helping them to make the right decisions about data security and how to invest their time and resources effectively to reduce risk.

Suppliers will provide highly qualified resources to deliver the following services for NHS Digital:

• Data Security On-site Assessments: to conduct data security assessments of health and social care organisations, providing them with a baseline understanding of their threat profile, local vulnerabilities, and consultancy support to make changes and reduce security risk
• Security Testing: to perform application and infrastructure security testing and vulnerability analysis of NHS Digital systems, infrastructure and services, to assure the services provided to health and care organisations are secure before being launched
• Security Assessment and Audits: to provide experienced and qualified auditors, who can perform audits against all aspects of the ISO 27001:2013 requirements standard and associated controls for NHS Digital
• Security Technical Services: to provide specific security-related advice and consultancy in the areas of technology, architecture, risk assessment, risk treatment and threat assessment, for health and care organisations
• Security Assurance: to undertake assurance activities, including technical, legal and other regulatory policy and standards compliance reviews
• Forensics and Investigations: to conduct forensic and investigatory work, including on site forensics, general security investigations and disk analysis
• Emergency Incident Response: to provide 24/7 specialist support to NHS Digital during major security incidents, ensuring the impact of incidents on patient care is managed and mitigated as far as possible.

Further information will be available to suppliers in the Invitation to Tender, expected to be released on the Official Journal of the European Union (OJEU)  by Friday 9 March 2018.