CCS Webinar: Cyber Security Services 3
In case you weren’t able to make the recent supplier engagement session, here’s a summary of the current thinking regarding Cyber Security Services 3.
With cyber being one of the hot topics of the moment and mounting pressures for cyber security: for example, the development of 5G and Digitisation of NHS services. It is more important than ever that the public sector has easy access to suppliers of cyber services. Enter Cyber Security Services 3!
CCS current goals for the agreement:
- To provide a compliant route to market for cyber security services.
- Work with NCSC on providing a route for assured cyber security services. CSS3 will be the most efficient way to procure NCSC approved services, as GC11 no longer offers a route to such services.
- Strive to support customers and suppliers to manage an ever-changing landscape
The current Cyber Security Services 2 framework (CSS2) has 4 lots and CCS said they haven’t had much interaction with this framework.
Why CSS2 wasn’t successful:
- Frozen supplier list
- Difficult to get onto CCS frameworks
- Suppliers want simpler terms and conditions
- G-Cloud 10 provided a duplicate route to market
So how do they plan to address these challenges with CSS3?
- Move to a DPS – Easier to access and use!
- New plain English style contract
- GC10 duplication of services- It is now no longer possible to procure NCSC assured services on GC11
That all sounds good right, but what will it look like?
- As we mentioned above this agreement will be a Dynamic Purchasing System
- Same scope of services as CSS2, but with additions!
- Look similar to the current lots in terms of the services- may be a slight change in this range: certified cyber consultancy, penetration testing and cyber incidents responses
- Won’t have lots – instead it will have a filter system
- Will use the public sector contract as its terms and conditions
The provisional application timeline:
|PIN Live||May 2019|
|Market Engagement||June and July 2019|
|Internal Review||August and September 2019|
|DPS testing complete||October 2019|
|OJEU published||November 2019|
|DPS Live||December 2019|
|Cyber Security 2 scheduled to expire||February 2020|
Currently the thinking around supplier assurances is:
CCS selection stage will be streamlined:
- Supplier Registration Service and DUNS number
- Financial check against the score and threshold
- Confirmation from NCSC of assurance details
NCSC evaluation of supplier services to get not the DPS will be provided by NCSC:
- CIR – Incident Response
- Certified Cyber Security Consultancy
- CHECK – Pen Testing
CCS are still in the process of market engagement so if you have some thoughts on the current plan, get in touch with them at firstname.lastname@example.org. They are particularly interested in hearing what filters would be useful to use within the DPS.
We can’t wait to see how it turns out!