Cyber Security Services 2

Cyber security services, including consultancy, penetration testing, incident management and security assurance. National Cyber Security Centre certified.


25/9/2019 – Update – This  framework will expire on the 28 February 2020. We are currently working on the replacement agreement, Cyber Services 3.


This agreement covers cyber security services available for central government and wider public sector. Services offered are certified by the National Cyber Security Centre (NCSC). It covers services such as risk assessment and audit, as well as testing, managing cyber security incidents, and tailored assurance for systems, products and services.


GDPR legislation was implemented on 25th May 2018, so CCS has updated the Cyber Security Services 2 Agreement and the Call-Off Contract template to include the GDPR clauses. This was done as a Contract Variation following engagement with all suppliers to gain their acceptance of the changes. Please refer to the Supplier Matrix on the Documents tab below for an update on which suppliers have accepted the variation.


  • All suppliers NCSC-certified
  • Short, medium and full tender further competition templates to meet differing timescales and requirements
  • Maximum call-off contract up to 3 years to accommodate complex projects
  • More suppliers will be added over the lifetime of the agreement as they receive their NCSC certification
  • Maximum day rates have been agreed. Suppliers can reduce their rates through further competition when they bid against your specific customer requirements.

Products and suppliers

There are 38 suppliers on this framework

Lot 1.1: Certified Cyber Consultancy - Risk Assessment


17 suppliers

Lot 1.2: Certified Cyber Consultancy - Risk Management


15 suppliers

Lot 1.3: Certified Cyber Consultancy - Security Architecture


8 suppliers

Lot 1.4: Certified Cyber Consultancy - Audit and Review


5 suppliers

Lot 1.5: Certified Cyber Consultancy - Incident Management


No suppliers

Lot 2: Penetration Testing (CHECK)


21 suppliers

Lot 3: Cyber Incidents (CIR)


6 suppliers

Lot 4: Tailored Evaluations (CTAS)


6 suppliers

How to buy

Award under this framework is via further competition. CCS has created a suite of documents to help you run a further competition.

Using the Supplier Invite documents, invite all eligible suppliers to bid against your requirements. During this process you must keep an audit trail of any dialogue and communication with potential suppliers. This can either be done via your own procurement system or using CCS’s free eSourcing tool.

The tool contains a RM3764ii template, which has all the documents/templates you will need for your further competition, as well as all the suppliers live on this agreement.