NHS Shared Business Services to launch cyber security services framework

A prior information notice has been shared by NHS Shared Business Services (SBS) regarding the procurement of cyber security services for an estimated value of £125 million.

The notice shares how NHS SBS plans to put a framework agreement in place for the provision of cyber security services along with related goods and services, including cyber security consultancy; managed solutions; tools; hardware; and medical/healthcare-specific solutions; and an all inclusive cyber security combined solutions lot. This will incorporate all lots in order to offer the ability to award a supplier a packaged solution under one contract.

Providing more information on the lots, the notice specifies how the consultancy service will include emergency support in the event of a cyber security threat, as well as provision of technical guidance or advice, professional resources and testing services.

The software security managed solution will include SOC as a managed service, a managed SIEM solution and managed detection and response services.

With regards to tools, the notice provides examples such as anti-virus, security information and event management software, extended detection, web vulnerability scanning, encryption tools, network monitoring tools and more.

The cyber security hardware included in the procurement will cover firewalls, proxy servers, hardware for the protection of medical devices, and more.

NHS SBS states that it intends to hold market engagement sessions with industry experts and potentially interested suppliers through to August 2023. The contract, when live, is expected to run over four years from May 2024.

The notice can be found in full here.

In May, we covered how NHS SBS shared plans to establish an inventory management software framework, to offer suppliers in this area a compliant route to market.

In our cyber security features from the start of this year, we heard from suppliers on the challenges in security around legacy softwares and the importance of security by design; and the landscape of healthcare cyber security in 2023.