Back to the Knowledge hub

Cyber Security Services 3 DPS FAQs

CCS’ Cyber Security Services 3 DPS is Live and becoming a huge way the public sector is procuring these services – here’s what you need to know.

Cyber Security has been in the news a lot recently, with what seems is a fresh cyber threat or incident every week. As such, it is more important than ever that the public sector has easy access to suppliers of security services. CCS has created just that with the Cyber Security Services 3 DPS.


When does the Cyber Security Services 3 DPS come out?

The Dynamic Purchasing System (that’s what the DPS part stands for!) opened for business in February 2020. It will run continuously until February 2023.


So what do we know about it already?

We know that CCS has decided to run Cyber Security Services 3 as a Dynamic Purchasing System (DPS), meaning there will be no cap on the number of suppliers. Also, suppliers will be able to apply at any point through the life of the framework.

It also means that CCS can amend the agreement during its lifetime. Adding relevant services and scope that may pop up after some consultation with buyers and suppliers. This happened in June 2021, when the scope of the DPS was expanded to include; Security Specialists, Security Supply Chain Analysis, Security Strategy and Cyber Transformation.


Do we know anything about the filters yet?

At a recent briefing, CCS stated the DPS would have 4 categories:

1) Consultancy and Advice: 

  • Risk Management
  • Risk Assurance
  • Audit and Review
  • Security Architecture
  • Compliance and accreditations
  • Training
  • Policy and Development

2) Pen test/Health check:

  • Penetration testing
  • IT Health Check

3) Incident Management:

  • Incident Response
  • Disaster Recovery
  • Threat Intelligence

4) Data Destruction: 

  • Data and IT sanitation services

As we mentioned, in June 2021 Security Specialists, Security Supply Chain Analysis, Security Strategy and Cyber Transformation services were all added within scope too!


There wasn’t much uptake on Cyber Security Services 2 – how have CCS addressed this?

Cyber Security Services 2 wasn’t successful for a number of reasons – the supplier list was frozen, it was hard to get onto, and G-Cloud 10, running at the same time, was providing a duplicate route to market. To address this, CCS made some changes to the agreement’s third iteration.

For a start, this iteration is a DPS – fixing the issue of a frozen supplier list and making the agreement easier to access. A major change was also made during G-Cloud 11 – disallowing the procurement of NCSC assured services on the framework. This move negates the effect of the agreements running simultaneously, forcing buyers to procure NCSC assured services using Cyber Security Services 3.

The current technology, and overall government, landscape is calling for better cyber security and digital awareness. This DPS provides the way for government to step up their efforts. We’re sure we’ll be seeing Cyber Security Services 3 as a huge part of Central Gov and the wider public sector’s plans.

It all sounds very good to us. If you can provide the relevant services and solutions, you’ll need to be on this one!

Related resources

You may also be interested in