Cyber Incident Response Contract Value Extension - Deloitte Reg 72(1)(b)

Descriptions

This contract is to extend the Cyber Incident Reponse contract. The Cyber Security Operations Centre provides cyber incident response services (CIRT) to NHS England and other organisations in the NHS ecosystem. As part of the vulnerability response the CSOC required support from Deloitte (one of our CIRT providers on retainer) to carry out forensic investigations and threat hunting to detect possible exploitations of vulnerability and attacks. This variation increase of 25% of the overall contract charge. This is due to unforeseen cyber incidents requiring CIRT teams to be deployed to NHS organisations to both prevent cyber incidents and/or investigate/recover from cyber incidents. These teams are able to support NHS organisations with patching, forensic investigations as well as recovery activities if local teams do not have capacity/capability. The CIRT capability is provided by 3rd party NCSC certified suppliers and the CSOC has call-off contracts in-place enabling the CSOC to periodically top-up a retainer of hours and call-off as needed. There are a number of reasons why a new procurement process has not been possible until now. NHS England is committed to procuring the future provision and requires adequate time to do so. The total value of this modification does not exceed 50% of the original contract value.