Published date: 21 September 2022
Awarded contract - This means that the contract has been awarded to a supplier.
Contract summary
Industry
Computer testing services - 72820000
Location of contract
South East
Value of contract
£459,000
Procurement reference
703103456
Published date
21 September 2022
Closing date
22 July 2022
Closing time
12pm
Contract start date
1 October 2022
Contract end date
30 September 2024
Contract type
Service contract
Procedure type
Call-off from a framework agreement
A mini-competition or direct purchase from a pre-established framework agreement.
Contract is suitable for SMEs?
Yes
Contract is suitable for VCSEs?
No
Description
There is a requirement for specialist technical assistance to provide code assisted Vulnerability Assessments (VA) and Penetration Testing (PT) security assessments on both new and in-service applications/infrastructure. Security assessments, PT's and VA's are used to identify vulnerabilities in code and infrastructure (networks, servers, operating systems and applications) that could potentially be exploited. Attackers can be hackers trying to gain access into our network or systems, state sponsored activists or an insider threat. They will aim to either extract information that is held on applications and hosting environments or cause extensive disruption to services.
ADS has 2 hosting environments, the Army Hosting Environment (AHE) and Joint Server Farm (JSF). The JSF is accessible from the internet via the Defence Gateway and holds information classified at Official. The AHE holds Official, Secret and Sensitive Personal Information which if extracted would not only be damaging to the Army's reputation, it could jeopardise potential operations. It could also incur fines from the Information Commissioner if there were a breach of personal information. An attack to disrupt any of the services ADS provides would significantly erode the Army's ability to operate, as many of the systems support day to day activities and processes. It is therefore imperative that vulnerabilities are identified and remedied/mitigated to reduce the risk of these occurrences.
All new applications expecting to be hosted on the AHE or the JSF must have a vulnerability assessment before being allowed onto the environment to ensure there are no weaknesses which could potentially allow an attacker access to the wider infrastructure and applications. Existing applications, hosting environments and platforms must be VA'd on a rolling programme to ensure any changes do not increase vulnerability and potential for being attacked.
More information
Attachments
-
- 20220921-703103456_0212_RM3764_Order_Form_redacted.docx
- Signed contract
-
- 20220727-703103456_0212_RM3764_Joint_Schedules_redacted.docx
- Contract schedules
-
- 20220727-703103456_0212_RM3764_Order_Schedules_redacted.docx
- Contract schedules
Award information
Awarded date
27 July 2022
Contract start date
1 October 2022
Contract end date
30 September 2024
Total value of contract
£459,000
This contract was awarded to 1 supplier.
NCC GROUP SECURITY SERVICES LIMITED
Address
Xyz Building,2 Hardman Boulevard
MANCHESTER
M3 3AQ
GBReference
Companies House number: 04474600
Supplier is SME?
No
Supplier is VCSE?
No
Additional details
-
£459,000 'Core' value with £1,500,000 Ad-Hoc Tasking Value for any additional assessments
About the buyer
Address
D Info Commercial, Army HQ
Andover
SP11 8HJ
England
Share this notice
Closing: 22 July 2022, 12pm
All content is available under the
