Cyber Security Services 3

A flexible commercial agreement that offers an extensive range of cyber security services to help improve organisational cyber resilience and security posture.  


This dynamic purchasing system (DPS) is available to all UK central government departments, wider public sector organisations and charities. The services available fall under the following categories:

  • NCSC assured services
  • consultancy and advice
  • penetration testing
  • incident response
  • managed security services

The DPS allows you to shortlist suppliers based on your needs using a range of filters. Once you have established your shortlist you can use this to run a further competition.


  • official route to market to buy NCSC assured services
  • agility and flexibility to meet the public sector’s cyber security needs
  • suppliers can apply to join at any time
  • a dynamic filtering system, giving customers flexibility based on need
  • quality and price can be assessed based on an individual customer’s need
  • a dynamic pool of suppliers that can grow and evolve with the market

Products and suppliers

Please read the 'How to buy' tab below for detailed instructions on how to find out which suppliers are on this agreement.

Lot 1: Cyber Security Services 3
You can access the following services:
  • consultancy and advice including:
    • risk assessment and management
    • audit and reviews
    • security architecture
    • certification
    • training
    • policy
    • security specialists
    • supply chain analysis
    • cyber transformation
    • security strategy
  • penetration testing including the National Cyber Security Centre (NCSC) assured service CHECK and IT health check
  • incident management including cyber incident response, disaster recovery, threat intelligence and business continuity disaster recovery (BCDR)
  • data destruction and IT sanitisation, the process of removing data so it cannot be accessed
  • managed security services including crest accredited Security Operations Centre (SOC) and managed detection and response


How to buy

  1. Register as a buyer. Note: although pages are headed ‘Supplier registration’ this is also where you can register as a buyer
  2. Navigate to the Cyber Security Services 3 DPS and log in with your username and password, click on ‘confirm’ at the bottom of the text, and agree to the terms of use
  3. on your ‘Manage your DPS Category Exports’ page you now have 2 options (in the bottom right-hand corner of the page):
    1. view appointed suppliers
    2. click on the link to create a new category export, this is how you filter the suppliers that can meet your needs
  4. use the filtering tool to specify your needs, this will create a list of capable suppliers
  5. save your filtered list of capable suppliers by clicking the ‘Save Category’ option
    1. from your ‘Manage your Category Exports’ page you can then export the list of suppliers and contact details (export is to an Excel spreadsheet)
  6. log out of the DPS
  7. Use the list to run a further competition. Invite the suppliers identified by the DPS to bid against your detailed specification and evaluation criteria.
    1. The list is valid for 2 working days only, from the date of its creation, because new suppliers may be applying to join at any point. If your further competition excludes eligible suppliers it potentially breaches procurement regulations. Obtain a fresh supplier list (steps 3.2 to 5) if you don’t use your list within 2 working days by clicking the ‘Search Again’ option for your export
    2. you can use your own eSourcing tool or the CCS eSourcing tool to run a further competition. The CCS eSourcing tool is free to use for public sector buyers
  8. evaluate responses and award contract

Detailed buyer guidance is available in the documents section. Additionally, you can watch the How to use the Cyber Security Services 3 Dynamic Purchasing System video.