HSCIC/DH Security Testing Services Call-Off - Framework RM1557vi

HSCIC on behalf of Department of Health have contracted with a Primary and Secondary supplier for requirements relating to specialist security testing services, which are: • Security Testing and Vulnerability Analysis - such as Penetration testing, the provision of suitably (Check or Crest) qualified individuals able to perform application and infrastructure security testing in line with CESG requirements; • Security Assessment and audits – the provision of CLAS/ISO27001 Lead Auditors, who can perform all tests/audits against government standards/ISO27001/good practice; • Security consultancy – the provision of suitably (Check or Crest) qualified individuals to deliver specific security-related advice and consultancy in the areas of, but not limited to technology, architecture, risk assessment, risk treatment (as part of the ISO27001 ISMS risk assessment report) and threat assessment; • Security assurance – the provision of suitably (Check or Crest) qualified individuals to carry out assurance activities, including but not limited to supplier compliance reviews; • Forensics and investigations – the provision of suitably (Check or Crest) qualified individuals to conduct forensic and investigatory work, including but not limited to on site forensics, general security investigations and disk analysis. This is the primary contract.