Notice Information
Notice Title
Network and Information Security (NIS) Audit Services for HSCNI
Notice Description
An Assured Audit Service Provider from the National Cyber Security Centre (NCSC) Cyber Resilience Audit Scheme is to complete an on-site Network and Information Security (NIS) Compliance Audit of the essential service and supporting network and information systems. The objective of the NIS Audit Services is to assist the NIS Competent Authority (CA) in assessing the OES level of compliance with regulation 10 of the Network and Information Systems Regulations 2018. The Compliance Audit will use the (NCSC) Cyber Assessment Framework (CAF) which determines the minimum standard expected from the OES. Assessment will be made against each Contributing Outcome and associated Indicators of Good Practice (IGP) and "Not Good" practice as outlined in the CAF. The scope of the NIS Compliance Audit is to be against the OES essential service, as defined by the OES. This will encompass all critical network and information systems and processes necessary for the continued delivery of the essential service.
Lot Information
Lot 1: BHSCT, NIAS
Belfast Health and Social Care Trust (BHSCT) and Northern Ireland Ambulance Service (NIAS)
Renewal: The inclusion of a 12-month extension option is primarily to provide flexibility in the event that follow-up audit schedules are adjusted or delayed. Audit timelines can shift due to factors such as resource availability, changes in regulatory requirements, or unforeseen operational constraints. By allowing for an extension, we ensure continuity of service without the need for a new procurement process, maintain compliance with NIS obligations, and avoid any gaps that could impact audit readiness or certification status.
Lot 2: SEHSCT, SHSCT, WHSCT, NHSCTSouthern Health and Social Care Trust (SHSCT), South Eastern Health and Social Care Trust (SEHSCT), Northern Health and Social Care Trust (NHSCT), and Western Health and Social Care Trust (WHSCT)
Renewal: The inclusion of a 12-month extension option is primarily to provide flexibility in the event that follow-up audit schedules are adjusted or delayed. Audit timelines can shift due to factors such as resource availability, changes in regulatory requirements, or unforeseen operational constraints. By allowing for an extension, we ensure continuity of service without the need for a new procurement process, maintain compliance with NIS obligations, and avoid any gaps that could impact audit readiness or certification status.
Planning Information
This is a Prior Information Notice to seek engagement with the market place to gather information associated with the supply and delivery of a Network and Information Systems (NIS) Compliance Audit. To this end the Business Services Organisation, Procurement and Logistics Service on behalf of Health and Social Care Northern Ireland (HSCNI), wish to engage with potential suppliers to obtain a market view of the potential requirements through the completion of a Questionnaire. Any interested suppliers are required to submit their response through the eTendersNI secure messaging area of the Call for Tender (CfT) Ref: 6008215. All correspondence in relation to this Pre-Market Engagement exercise must be communicated via the eTendersNI secure messaging area. Suppliers will be required to submit their completed Questionnaire no later than 3pm on 25 July 2025. To register on eTendersNI and access the Questionnaire, please use the following link: - https://etendersni.gov.uk and locate CfT Ref: 6008215. Suppliers should also note that any interest shown does not constitute a commitment to participate in any future tendering exercise.
Notice Details
Publication & Lifecycle
- Open Contracting ID
- ocds-h6vhtk-0559e2
- Publication Source
- Find A Tender Service
- Latest Notice
- https://www.find-tender.service.gov.uk/Notice/018049-2026
- Current Stage
- Tender
- All Stages
- Planning, Tender
Procurement Classification
- Notice Type
- UK4 - Tender Notice
- Procurement Type
- Standard
- Procurement Category
- Services
- Procurement Method
- Open
- Procurement Method Details
- Open procedure
- Tender Suitability
- Not specified
- Awardee Scale
- Not specified
Common Procurement Vocabulary (CPV)
- CPV Divisions
72 - IT services: consulting, software development, Internet and support
-
- CPV Codes
72000000 - IT services: consulting, software development, Internet and support
72200000 - Software programming and consultancy services
72220000 - Systems and technical consultancy services
72223000 - Information technology requirements review services
72224000 - Project management consultancy services
72227000 - Software integration consultancy services
72800000 - Computer audit and testing services
72810000 - Computer audit services
Notice Value(s)
- Tender Value
- £450,000 £100K-£500K
- Lots Value
- £450,000 £100K-£500K
- Awards Value
- Not specified
- Contracts Value
- Not specified
Notice Dates
- Publication Date
- 27 Feb 20262 days ago
- Submission Deadline
- 26 Mar 20264 weeks to go
- Future Notice Date
- 25 Jul 2025Expired
- Award Date
- Not specified
- Contract Period
- 29 Apr 2026 - 29 Apr 2030 4-5 years
- Recurrence
- Not specified
Notice Status
- Tender Status
- Active
- Lots Status
- Active
- Awards Status
- Not Specified
- Contracts Status
- Not Specified
Buyer & Supplier
Contracting Authority (Buyer)
- Main Buyer
- BUSINESS SERVICES ORGANISATION (BSO) PROCUREMENT AND LOGISTICS SERVICE (PALS).
- Additional Buyers
BUSINESS SERVICES ORGANISATION PROCUREMENT AND LOGISTICS SERVICE
- Contact Name
- Available with D3 Tenders Premium →
- Contact Email
- Available with D3 Tenders Premium →
- Contact Phone
- Available with D3 Tenders Premium →
Buyer Location
- Locality
- BELFAST
- Postcode
- BT12 6HU
- Post Town
- Northern Ireland
- Country
- Northern Ireland
-
- Major Region (ITL 1)
- TLN Northern Ireland
- Basic Region (ITL 2)
- TLN0 Northern Ireland
- Small Region (ITL 3)
- TLN06 Belfast
- Delivery Location
- Not specified
-
- Local Authority
- Belfast
- Electoral Ward
- Blackstaff
- Westminster Constituency
- Belfast South and Mid Down
Further Information
Notice Documents
-
https://www.find-tender.service.gov.uk/Notice/018049-2026
27th February 2026 - Tender notice on Find a Tender -
https://www.find-tender.service.gov.uk/Notice/037752-2025
7th July 2025 - Preliminary market engagement notice on Find a Tender
Open Contracting Data Standard (OCDS)
View full OCDS Record for this contracting process
The Open Contracting Data Standard (OCDS) is a framework designed to increase transparency and access to public procurement data in the public sector. It is widely used by governments and organisations worldwide to report on procurement processes and contracts.
{
"tag": [
"compiled"
],
"id": "ocds-h6vhtk-0559e2-2026-02-27T15:21:26Z",
"date": "2026-02-27T15:21:26Z",
"ocid": "ocds-h6vhtk-0559e2",
"initiationType": "tender",
"parties": [
{
"id": "GB-PPON-PWNJ-1991-NGDW",
"name": "Business Services Organisation (BSO) Procurement and Logistics Service (PaLS).",
"identifier": {
"scheme": "GB-PPON",
"id": "PWNJ-1991-NGDW"
},
"address": {
"streetAddress": "77 Boucher Crescent",
"locality": "Belfast",
"postalCode": "BT12 6HU",
"country": "GB",
"countryName": "United Kingdom",
"region": "UKN06"
},
"contactPoint": {
"email": "ict.sourcing@hscni.net"
},
"roles": [
"buyer"
],
"details": {
"classifications": [
{
"id": "publicAuthorityCentralGovernment",
"scheme": "UK_CA_TYPE",
"description": "Public authority - central government"
},
{
"id": "GB-NIR",
"scheme": "UK_CA_DEVOLVED_REGULATIONS",
"description": "Northern Irish devolved regulations apply"
}
]
}
}
],
"buyer": {
"id": "GB-PPON-PWNJ-1991-NGDW",
"name": "Business Services Organisation (BSO) Procurement and Logistics Service (PaLS)."
},
"planning": {
"milestones": [
{
"id": "engagement",
"type": "engagement",
"description": "This is a Prior Information Notice to seek engagement with the market place to gather information associated with the supply and delivery of a Network and Information Systems (NIS) Compliance Audit. To this end the Business Services Organisation, Procurement and Logistics Service on behalf of Health and Social Care Northern Ireland (HSCNI), wish to engage with potential suppliers to obtain a market view of the potential requirements through the completion of a Questionnaire. Any interested suppliers are required to submit their response through the eTendersNI secure messaging area of the Call for Tender (CfT) Ref: 6008215. All correspondence in relation to this Pre-Market Engagement exercise must be communicated via the eTendersNI secure messaging area. Suppliers will be required to submit their completed Questionnaire no later than 3pm on 25 July 2025. To register on eTendersNI and access the Questionnaire, please use the following link: - https://etendersni.gov.uk and locate CfT Ref: 6008215. Suppliers should also note that any interest shown does not constitute a commitment to participate in any future tendering exercise.",
"dueDate": "2025-07-25T23:59:59+01:00",
"status": "scheduled"
}
],
"documents": [
{
"id": "037752-2025",
"documentType": "marketEngagementNotice",
"noticeType": "UK2",
"description": "Preliminary market engagement notice on Find a Tender",
"url": "https://www.find-tender.service.gov.uk/Notice/037752-2025",
"datePublished": "2025-07-07T13:27:48+01:00",
"format": "text/html"
}
]
},
"tender": {
"id": "6190559",
"legalBasis": {
"id": "2023/54",
"scheme": "UKPGA",
"uri": "https://www.legislation.gov.uk/ukpga/2023/54/contents"
},
"title": "Network and Information Security (NIS) Audit Services for HSCNI",
"description": "An Assured Audit Service Provider from the National Cyber Security Centre (NCSC) Cyber Resilience Audit Scheme is to complete an on-site Network and Information Security (NIS) Compliance Audit of the essential service and supporting network and information systems. The objective of the NIS Audit Services is to assist the NIS Competent Authority (CA) in assessing the OES level of compliance with regulation 10 of the Network and Information Systems Regulations 2018. The Compliance Audit will use the (NCSC) Cyber Assessment Framework (CAF) which determines the minimum standard expected from the OES. Assessment will be made against each Contributing Outcome and associated Indicators of Good Practice (IGP) and \"Not Good\" practice as outlined in the CAF. The scope of the NIS Compliance Audit is to be against the OES essential service, as defined by the OES. This will encompass all critical network and information systems and processes necessary for the continued delivery of the essential service.",
"items": [
{
"id": "1",
"additionalClassifications": [
{
"scheme": "CPV",
"id": "72000000",
"description": "IT services: consulting, software development, Internet and support"
},
{
"scheme": "CPV",
"id": "72200000",
"description": "Software programming and consultancy services"
},
{
"scheme": "CPV",
"id": "72220000",
"description": "Systems and technical consultancy services"
},
{
"scheme": "CPV",
"id": "72223000",
"description": "Information technology requirements review services"
},
{
"scheme": "CPV",
"id": "72224000",
"description": "Project management consultancy services"
},
{
"scheme": "CPV",
"id": "72227000",
"description": "Software integration consultancy services"
},
{
"scheme": "CPV",
"id": "72800000",
"description": "Computer audit and testing services"
},
{
"scheme": "CPV",
"id": "72810000",
"description": "Computer audit services"
}
],
"relatedLot": "1"
},
{
"id": "2",
"additionalClassifications": [
{
"scheme": "CPV",
"id": "72000000",
"description": "IT services: consulting, software development, Internet and support"
},
{
"scheme": "CPV",
"id": "72200000",
"description": "Software programming and consultancy services"
},
{
"scheme": "CPV",
"id": "72220000",
"description": "Systems and technical consultancy services"
},
{
"scheme": "CPV",
"id": "72223000",
"description": "Information technology requirements review services"
},
{
"scheme": "CPV",
"id": "72224000",
"description": "Project management consultancy services"
},
{
"scheme": "CPV",
"id": "72227000",
"description": "Software integration consultancy services"
},
{
"scheme": "CPV",
"id": "72800000",
"description": "Computer audit and testing services"
},
{
"scheme": "CPV",
"id": "72810000",
"description": "Computer audit services"
}
],
"relatedLot": "2"
}
],
"mainProcurementCategory": "services",
"lots": [
{
"id": "1",
"contractPeriod": {
"startDate": "2026-04-30T00:00:00+01:00",
"endDate": "2030-04-29T23:59:59+01:00",
"maxExtentDate": "2031-04-29T23:59:59+01:00"
},
"status": "active",
"title": "Lot 1: BHSCT, NIAS",
"description": "Belfast Health and Social Care Trust (BHSCT) and Northern Ireland Ambulance Service (NIAS)",
"value": {
"amountGross": 180000,
"amount": 150000,
"currency": "GBP"
},
"awardCriteria": {
"criteria": [
{
"type": "quality",
"name": "AC01 - Methodology",
"numbers": [
{
"number": 10,
"weight": "percentageExact"
}
]
},
{
"type": "quality",
"name": "AC02 - Project Plan",
"numbers": [
{
"number": 25,
"weight": "percentageExact"
}
]
},
{
"type": "quality",
"name": "AC03 - Associated Risks",
"numbers": [
{
"number": 25,
"weight": "percentageExact"
}
]
},
{
"type": "price",
"name": "Price",
"numbers": [
{
"number": 30,
"weight": "percentageExact"
}
]
},
{
"type": "quality",
"name": "Social Value",
"numbers": [
{
"number": 10,
"weight": "percentageExact"
}
]
}
]
},
"hasRenewal": true,
"renewal": {
"description": "The inclusion of a 12-month extension option is primarily to provide flexibility in the event that follow-up audit schedules are adjusted or delayed. Audit timelines can shift due to factors such as resource availability, changes in regulatory requirements, or unforeseen operational constraints. By allowing for an extension, we ensure continuity of service without the need for a new procurement process, maintain compliance with NIS obligations, and avoid any gaps that could impact audit readiness or certification status."
}
},
{
"id": "2",
"title": "Lot 2: SEHSCT, SHSCT, WHSCT, NHSCT",
"description": "Southern Health and Social Care Trust (SHSCT), South Eastern Health and Social Care Trust (SEHSCT), Northern Health and Social Care Trust (NHSCT), and Western Health and Social Care Trust (WHSCT)",
"status": "active",
"value": {
"amountGross": 360000,
"amount": 300000,
"currency": "GBP"
},
"awardCriteria": {
"criteria": [
{
"type": "quality",
"name": "AC01 - Methodology",
"numbers": [
{
"number": 10,
"weight": "percentageExact"
}
]
},
{
"type": "quality",
"name": "AC02 - Project Plan",
"numbers": [
{
"number": 25,
"weight": "percentageExact"
}
]
},
{
"type": "quality",
"name": "AC03 - Associated Risks",
"numbers": [
{
"number": 25,
"weight": "percentageExact"
}
]
},
{
"type": "price",
"name": "Price",
"numbers": [
{
"number": 30,
"weight": "percentageExact"
}
]
},
{
"type": "quality",
"name": "Social Value",
"numbers": [
{
"number": 10,
"weight": "percentageExact"
}
]
}
]
},
"contractPeriod": {
"startDate": "2026-04-30T00:00:00+01:00",
"endDate": "2030-04-29T23:59:59+01:00",
"maxExtentDate": "2031-04-29T23:59:59+01:00"
},
"hasRenewal": true,
"renewal": {
"description": "The inclusion of a 12-month extension option is primarily to provide flexibility in the event that follow-up audit schedules are adjusted or delayed. Audit timelines can shift due to factors such as resource availability, changes in regulatory requirements, or unforeseen operational constraints. By allowing for an extension, we ensure continuity of service without the need for a new procurement process, maintain compliance with NIS obligations, and avoid any gaps that could impact audit readiness or certification status."
}
}
],
"status": "active",
"value": {
"amountGross": 540000,
"amount": 450000,
"currency": "GBP"
},
"procurementMethod": "open",
"procurementMethodDetails": "Open procedure",
"aboveThreshold": true,
"submissionMethodDetails": "https://etendersni.gov.uk",
"submissionTerms": {
"electronicSubmissionPolicy": "allowed",
"languages": [
"en"
]
},
"tenderPeriod": {
"endDate": "2026-03-26T15:00:00+00:00"
},
"enquiryPeriod": {
"endDate": "2026-03-13T15:00:00+00:00"
},
"awardPeriod": {
"endDate": "2026-04-30T23:59:59+01:00"
},
"documents": [
{
"id": "conflictOfInterest",
"documentType": "conflictOfInterest",
"description": "Not published"
},
{
"id": "018049-2026",
"documentType": "tenderNotice",
"noticeType": "UK4",
"description": "Tender notice on Find a Tender",
"url": "https://www.find-tender.service.gov.uk/Notice/018049-2026",
"datePublished": "2026-02-27T15:21:26Z",
"format": "text/html"
}
],
"contractTerms": {
"financialTerms": "One invoice per Trust to be submitted upon the completion of Final Audit Report"
}
},
"language": "en"
}