Customer support call 0345 410 2222
Supplier support call 0345 010 3503

Cyber Security Services 2

Contract ID: RM3764ii

Start Date: 28/02/2017

End Date: 28/02/2019


Extension Notification

CCS is taking up the option of extending Cyber Security Services 2 for up to 12 months, in line with the framework terms.

The (up to) 12 month extension will commence on 1 March 2018.

To read more about the extension please visit the Digital Future Strategy page.

GDPR legislation was implemented on 25th May 2018, so CCS has updated the Cyber Security Services 2 Agreement and the Call-Off Contract template to include the GDPR clauses.  This was done as a Contract Variation following engagement with all suppliers to gain their acceptance of the changes.  Please refer to the Supplier Matrix on the Documents tab below for an update on which suppliers have accepted the variation.

Guidance on how CCS has prepared for GDPR can be found here.  An FAQ document is also available on the Documents tab below. However, if you have any questions, please email cloud_digital[at][dot]uk

What can this agreement offer?

As cyber attacks become more frequent and sophisticated, the public sector in particular needs to lead the way in ensuring that their systems are safe and secure, and that vital services are protected.

The Cyber Security Services 2 framework is an EU compliant and regulated route to market for buyers from across central government and the wider public sector, to buy National Cyber Security Centre (NCSC) certified cyber security services.

Together with NCSC we have expanded the certified services on offer in this iteration of the agreement, to better meet the current needs of public sector organisations. Services available are split across 4 lots:

Lot 1: Certified Cyber Consultancy

  • 1.1 Risk Assessment
  • 1.2 Risk Management
  • 1.3 Security Architecture
  • 1.4 Audit and Review
  • 1.5 Incident Management

Lot 2: Penetration Testing (CHECK)

Lot 3: Cyber Incidents (CIR)

Lot 4: Tailored Evaluation (CTAS)

Find out more about each of these lots and example service offerings in the Buyers Guide under the Documents tab.

How have the suppliers been evaluated?

We have put together some advice to help you understand the benfits of NCSC certificates. 

This information can be found here

Interested in finding out more?

Our technology framework teams host a series of webinars to help explain what, and how, you can buy technology and digital solutions through our agreements. See what we have coming up here: 




Change notes

  • With effect from June 2017 Pentest Limited organisation has renamed to Secarma Limited. This is a simple change of name - the legal entity, i.e. company number 04217114 and DUNS number remain unchanged.
  • With effect from July 2017 EntServ UK Ltd has renamed to EntServ Uk Ltd part of the DXC Technologies Group. This is a simple change of name - the legal entity, i.e. company number 00053419 and DUNS number remain unchanged.
  • With effect from August 2017 Info-Assure Limited organisation has renamed to BSI Cybersecurity and Information Resilience (UK) Limited. This is a simple change of name - the legal entity, i.e. company number 06736691 and DUNS number remain unchanged.

Customers with open call-off contracts may wish to consider whether any action is necessary but this is unlikely in the above case.


Get in touch

 Email: cloud_digital[at][dot]uk

 Bookmark this page

 Find out about other Digital Future agreements

 Follow us on Twitter: @UKDigitalFuture


  • All suppliers live on this agreement are certified by the NCSC, giving you confidence in the quality of the service
  • Short, medium and full tender mini competition templates depending on your timescales and requirements
  • Simply fill out your requirements and let the suppliers tell you how they’ll deliver it
  • We’ve increased the maximum call-off contract length to up to 3 years, giving you more time if needed to deliver more complex projects
  • More and more suppliers will be added throughout the lifetime of the agreement, as they receive their certification through NCSC
  • The supplier’s maximum day rates have been agreed: meaning that they can’t charge you more than what they have specified at framework level. Suppliers can reduce their rates through further competition, in their bids against your specific customer requirements

Back to the top


Award under this framework is via a further competition process. We have created a suite of documents to help you run your further competition – all you need to do is add your content.

Using the Supplier Search document, invite all eligible suppliers to bid against your requirements. During this mini competition process you must keep an audit trail of any dialogue and communication with the potential suppliers. This can either be done via your own procurement system or utilising the free CCS eSourcing tool.


CCS eSourcing tool can be accessed via this link: 


The eSourcing tool contains a RM3764ii template, which contains all the documents/templates you will need for your mini competition, as well as all the suppliers ‘live’ on this agreement. These documents are also available on the agreement webpage. More guidance on how to use the eSourcing tool can be found here: guidance-for- customers

Back to the top


Replacements: cash release savings

When you are replacing an existing cyber service, the whole cost of these current services will be compared on a customer by customer basis against the new total costs under this agreement. Savings will be shown by the reduction when compared to previous years cost.

Demand management savings

In situations where the cyber services being purchased are new (i.e. you are not replacing an existing service) there is still an opportunity to claim demand management savings. 

We record savings using the customer benefits record form and it is essential that you complete the form every time you enter into a call-off agreement.


Back to the top


“To retain the trust of citizens in online public sector services and systems, data held by government must be protected and all branches of government must implement appropriate levels of cyber security in the face of continuous attempts by hostile actors to gain access to government and public sector networks and data.”

National Cyber Security Strategy 2016-2021

This procurement supports Central Government and the Wider Public Sector in buying critical cyber security services. As demand for online and digital services increases so does the threat of cyber attack on government services; efficient and timely procurement is essential. This framework provides that additional assurance that services are quality certified by that NCSC, helping you to buy with confidence.

This agreement is a joint venture and collaboration between the Crown Commercial Service and the NSCS. Cyber Security Services 2 is a 12-month agreement, with the option to extend for a further 24 months. We continue to work with NCSC to ensure future iterations of this agreement meet the needs of the market and our central government and wider public sector customers.

Back to the top

Lot details

Lot Number Lot Name Lot Category Number of Suppliers Contract Expiry
All suppliers 39 - click here to view suppliers
1.1 Risk Assessment Technology 13 - click here to view suppliers 28/02/2019
1.2 Risk Management Technology 12 - click here to view suppliers 28/02/2019
1.3 Security Architecture Technology 7 - click here to view suppliers 28/02/2019
1.4 Audit and Review Technology 7 - click here to view suppliers 28/02/2019
2 Penetration Testing (CHECK) Technology 23 - click here to view suppliers 28/02/2019
3 Incident Response (CIR) Technology 5 - click here to view suppliers 28/02/2019
4 Tailored Evaluations (CTAS) Technology 6 - click here to view suppliers 28/02/2019

Back to the top

Framework Manager Contact Details

Digital Framework Management Team

Customer Service Desk: 0345 410 2222

Back to the top