Customer support call 0345 410 2222
Supplier support call 0345 010 3503

Cyber Security Services 2

Contract ID: RM3764ii

Start Date: 28/02/2017

End Date: 28/02/2020


Synopsis: Cyber security services, including consultancy, penetration testing, incident management and security assurance. National Cyber Security Centre certified.

Update: This framework has been extended for another 12 months until 28/02/2020. 

This will give CCS and NCSC time to review all routes to market for Government departments to protect their data.


Full description: This agreement covers cyber security services available for central government and wider public sector. Services offered are certified by the National Cyber Security Centre (NCSC). It covers services such as risk assessment and audit, as well as testing, managing cyber security incidents, and tailored assurance for systems, products and services. 



GDPR legislation was implemented on 25th May 2018, so CCS has updated the Cyber Security Services 2 Agreement and the Call-Off Contract template to include the GDPR clauses.  This was done as a Contract Variation following engagement with all suppliers to gain their acceptance of the changes.  Please refer to the Supplier Matrix on the Documents tab below for an update on which suppliers have accepted the variation.




  • All suppliers NCSC-certified
  • Short, medium and full tender further competition templates to meet differing timescales and requirements
  • Maximum call-off contract up to 3 years to accommodate complex projects
  • More suppliers will be added over the lifetime of the agreement as they receive their NCSC certification
  • Maximum day rates have been agreed. Suppliers can reduce their rates through further competition when they bid against your specific customer requirements.

Back to the top


Award under this framework is via further competition. CCS has created a suite of documents to help you run a further competition.

Using the Supplier Invite documents, invite all eligible suppliers to bid against your requirements. During this process you must keep an audit trail of any dialogue and communication with potential suppliers. This can either be done via your own procurement system or using CCS’s free eSourcing tool.

The tool contains a RM3764ii template, which has all the documents/templates you will need for your further competition, as well as all the suppliers live on this agreement.

Back to the top


Replacements: cash release savings

When you are replacing an existing cyber service, the whole cost of these current services will be compared on a customer by customer basis against the new total costs under this agreement. Savings will be shown by the reduction when compared to previous years cost.

Demand management savings

In situations where the cyber services being purchased are new (i.e. you are not replacing an existing service) there is still an opportunity to claim demand management savings. 

We record savings using the customer benefits record form and it is essential that you complete the form every time you enter into a call-off agreement.


Back to the top


“To retain the trust of citizens in online public sector services and systems, data held by government must be protected and all branches of government must implement appropriate levels of cyber security in the face of continuous attempts by hostile actors to gain access to government and public sector networks and data.”

National Cyber Security Strategy 2016-2021

This procurement supports Central Government and the Wider Public Sector in buying critical cyber security services. As demand for online and digital services increases so does the threat of cyber attack on government services; efficient and timely procurement is essential. This framework provides that additional assurance that services are quality certified by that NCSC, helping you to buy with confidence.

This agreement is a joint venture and collaboration between the Crown Commercial Service and the NSCS. Cyber Security Services 2 is a 12-month agreement, with the option to extend for a further 24 months. We continue to work with NCSC to ensure future iterations of this agreement meet the needs of the market and our central government and wider public sector customers.

Back to the top

Lot details

Lot Number Lot Name Lot Category Number of Suppliers Contract Expiry
All suppliers 37 - click here to view suppliers
1.1 Risk Assessment Technology 16 - click here to view suppliers 28/02/2020
1.2 Risk Management Technology 13 - click here to view suppliers 28/02/2020
1.3 Security Architecture Technology 8 - click here to view suppliers 28/02/2020
1.4 Audit and Review Technology 6 - click here to view suppliers 28/02/2020
2 Penetration Testing (CHECK) Technology 20 - click here to view suppliers 28/02/2020
3 Incident Response (CIR) Technology 4 - click here to view suppliers 28/02/2020
4 Tailored Evaluations (CTAS) Technology 6 - click here to view suppliers 28/02/2020

Back to the top

Framework Manager Contact Details

Digital Framework Management Team

Customer Service Desk: 0345 410 2222

Back to the top