Police Digital Service Cyber Security Penetration Testing Framework

Police Digital Service Cyber Security Penetration Testing Framework

To provide Protective Monitoring; Incident Management; Threat Intelligence.

Cyber Security Penetration Testing Framework

Contract summary



    • IT services: consulting, software development, Internet and support – 72000000
    • Software programming and consultancy services – 72200000
    • Systems and technical consultancy services – 72220000

Location of contract

Any region

Value of contract

£750,000 to £1,000,000

Procurement reference


Published date

30 July 2021

Closing date

1 September 2021

Closing time


Contract start date

12 October 2021

Contract end date

11 October 2023

Contract type

Service contract

Procedure type

Open procedure

Contract is suitable for SMEs?


Contract is suitable for VCSEs?





The NMC, through the Contracting Authority, currently provides a centralised suite of operational security services to Contracting Bodies (as described in Appendix 3). These services include the following:

• Protective Monitoring;
• Incident Management;
• Threat Intelligence;
• Threat Hunting;
• Vulnerability Assessment;
• Malware Analysis; and
• Penetration Testing Co-ordination.

This framework is being established to streamline the procurement of Penetration Testing on behalf of UK Policing. The full scope of the Services to be provided by the Framework Suppliers is detailed in the Statement of Requirements (Appendix 1).

The NMC services are currently provided in association with British Telecommunications plc, who, in relation to the Penetration Testing Co-ordination, will provide initial support (prior to the engagement of the Framework Supplier), post testing review, remediation and mitigation assistance to Contracting Bodies.

Contracting Authorities are required to perform an annual IT Health Check however, may require a higher frequency of Services depending on changes to IT infrastructure or best practice guidance. Given the nature of the Services being procured, Contracting Bodies are expected to enter into multiple Call – Off Contracts and rotate between the selected Framework Suppliers, to ensure that their systems remain robust to the risk of different cyber-attacks.

The Framework Agreement is expected to commence in or around October 2021 for a period of 2 years (24 calendar months). Anticipated spend under the Framework Agreement is not expected to exceed £1,000,000. This figure has been calculated on the assumption that the Framework Agreement runs for its maximum possible term and that a number of Call Off Contracts are awarded by Contracting Bodies. For the avoidance of doubt, the Contracting Authority gives no warranty or representation as to the value of any Call Off Contract, or the number of Call Off Contracts, if any, which may be awarded.

The Contracting Authority intends to award the Framework Agreement based on the most economically advantageous tender (MEAT). The Contracting Authority will not be bound to accept the lowest price or any Tender submitted, but will be evaluating Tenders on the quality and price criteria set forth in this ITT.

The procurement documents will be made available to each bidder upon completion of an NDA. Please contact Krish Khanna at Krish.Khanna@tltsolicitors.com to receive a copy of the NDA.


How to apply


Follow the instructions given in the description or the more information section.


About the buyer


Contact name

Krish Khanna


33 Queen Street,


+44 7970217549