Public Services > Healthcare

NHS Digital confirms tender to hire Security Operations Centre partner

David Bicknell Published 18 November 2017

Three year, £20m contract for strategic partner to support centre’s development and delivery and beef up NHS Digital’s cyber security capabilities for customers across health and care sector


NHS Digital has confirmed plans to appoint an external security partner after launching a tender to find a strategic partner to support the development and delivery of a Security Operations Centre (SOC).

It expects the SOC will deliver enhanced cyber security capability and services for its internal and external customers across the health and care sector.

The contract is likely to be worth around £20m and will be for an initial three period, with the option of up to two single-year extensions.

The tender follows the publication of an earlier pre-tender in the summer which asked suppliers to provide information and feedback which will ensure that NHS Digital’s requirement is solid and market-ready prior to the release of the tender documentation.

The tender says that NHS Digital's Data Security Centre (DSC), is responsible for providing a robust ‘defence in depth’ data security service to NHS Digital and the wider health and care sector, as well as operating the live security services provided through the extant CareCERT service.

NHS Digital says that key to the development and delivery of an enhanced cyber security capability is the development of a new SOC that will bring together disparate security functions and will allow standardisation of processes and technology within a single unified Security Operating Model (SOM).

NHS Digital said it intends to build on and enhance (rather than replace) the current services offered by CareCERT and the DSC that provide preparation, detection and response services to the health and care sector.

NHS Digital says it expects to invite a maximum of six suppliers to tender, with the procurement being run as a ‘competitive procedure with negotiation’. The first phase in the procurement will consist of a selection questionnaire which will be used to select the preferred suppliers who will be invited to tender. The closing date for receipt of tenders or requests to participate will be December 20, with an estimated date of dispatch of invitations to tender of mid January 2018.

NHS Digital’s security capability, including its cyber security positioning, was discussed in the recent Fit for 2020 report that discussed the organisation’s ability to transform itself into a modern, agile organisation capable of meeting the delivery commitments made in Personalised Health and Care 2020. 

The report said: "Although there has been a rapid foundational capability roll-out for cyber security, there is still opportunity to enhance and mature both internal and external cyber services."

In a section of the report entitled, “Strengthening our cyber capabilities”, NHS Digital said, “Cyber threats continue to increase and we will continue to develop our capabilities to help counter them. A key element of this work will be knowledge transfer across the health and care system. For that reason we have a structured engagement campaign and a knowledge service which provides organisations access to a library of health related cyber security threats with mitigations to improve understanding and promote best practices, as well as a range of e-learning modules to prepare health and care professionals for managing threats to data confidentiality, integrity and availability.”

Discussing its plans, NHS Digital promised to:

  • Design and implement a single unified security operating model for NHS Digital based on ISO27001 robust industry standards.
  • Continue to enhance its security testing, tracking and reporting capabilities.
  • Establish a National Security Operations Centre with real-time intelligence on the threats facing health and care organisations.
  • Incorporate the new Data Security Standards and assurance function as recommended by the National Data Guardian.
  • Create a new commercial framework to make it easier for local health and care organisations to access support

We have updated our privacy policy. In the latest update it explains what cookies are and how we use them on our site. To learn more about cookies and their benefits, please view our privacy policy. Please be aware that parts of this site will not function correctly if you disable cookies. By continuing to use this site, you consent to our use of cookies in accordance with our privacy policy unless you have disabled them.