Planning

Penetration Testing Services 2026-2030

NHS ENGLAND

This public procurement record has 1 release in its history.

Planning

27 Mar 2026 at 11:04

UK1 - Pipeline Notice
Summary of the contracting process

NHS England has initiated the planning phase for the procurement of Penetration Testing Services, set to cover the period from 2026 to 2030. This tender, titled "Penetration Testing Services 2026-2030," falls within the services sector, specifically targeting computer-related professional services. The procurement process is backed by the Crown Commercial Services' Cyber Security Services 3 Dynamic Purchasing System (DPS) as its legal and procurement framework. The contract is structured as a 4-year call-off arrangement with potential extensions, with an estimated value of £6,000,000 to £7,200,000. The commencement date for service is planned for 28th October 2026, with NHS England operating from their headquarters at Wellington House in London, UK, and the call for procurement being announced on the 27th of March 2026. The procurement method is selective, ensuring that pre-qualified suppliers will be considered.

This tender presents significant opportunities for businesses that specialise in penetration testing and cyber security solutions. It is particularly well-suited for small and medium enterprises (SMEs), as indicated by the suitability criteria. Businesses that can deliver comprehensive, high-quality penetration testing services and have experience working in highly regulated environments like the NHS will find this tender particularly advantageous. Engaging with this procurement process not only offers potential financial gain but also the prestige of partnering with a prominent national healthcare entity, paving the way for future opportunities within the public sector.

Find more tenders on our Open Data Platform.
How relevant is this notice?

Notice Information

Notice Title

Penetration Testing Services 2026-2030

Notice Description

This requirement is for new procurement for the provision of Penetration testing for a 4 year call off contract (2+1+1). The procurement route is Crown Commercial Services' Cyber Security Services 3 Dynamic Purchasing System (DPS) - Ref RM3764. Penetration testing is required throughout various programmes, systems and services across NHS England and the wider NHS.

Notice Details

Publication & Lifecycle

Open Contracting ID
ocds-h6vhtk-067639
Publication Source
Find A Tender Service
Latest Notice
https://www.find-tender.service.gov.uk/Notice/028400-2026
Current Stage
Planning
All Stages
Planning

Procurement Classification

Notice Type
UK1 - Pipeline Notice
Procurement Type
Dynamic
Procurement Category
Services
Procurement Method
Selective
Procurement Method Details
Using pre-Procurement Act commercial tool
Tender Suitability
SME
Awardee Scale
Not specified

Common Procurement Vocabulary (CPV)

CPV Divisions

72 - IT services: consulting, software development, Internet and support

CPV Codes

72590000 - Computer-related professional services

Notice Value(s)

Tender Value
£6,000,000 £1M-£10M
Lots Value
Not specified
Awards Value
Not specified
Contracts Value
Not specified

Notice Dates

Publication Date
27 Mar 20261 weeks ago
Submission Deadline
Not specified
Future Notice Date
Not specified
Award Date
Not specified
Contract Period
28 Oct 2026 - 27 Oct 2028 2-3 years
Recurrence
Not specified

Notice Status

Tender Status
Planned
Lots Status
Planned
Awards Status
Not Specified
Contracts Status
Not Specified

Buyer & Supplier

Contracting Authority (Buyer)

Main Buyer
NHS ENGLAND
Contact Name
Available with D3 Tenders Premium →
Contact Email
Available with D3 Tenders Premium →
Contact Phone
Available with D3 Tenders Premium →

Buyer Location

Locality
LONDON
Postcode
SE1 8UG
Post Town
South East London
Country
England
Major Region (ITL 1)
TLI London
Basic Region (ITL 2)
TLI4 Inner London - East
Small Region (ITL 3)
TLI45 Lambeth
Delivery Location
Not specified
Local Authority
Lambeth
Electoral Ward
Waterloo & South Bank
Westminster Constituency
Vauxhall and Camberwell Green

Further Information

Notice Documents

Open Contracting Data Standard (OCDS)

View full OCDS Record for this contracting process

Download

The Open Contracting Data Standard (OCDS) is a framework designed to increase transparency and access to public procurement data in the public sector. It is widely used by governments and organisations worldwide to report on procurement processes and contracts. 

{
    "tag": [
        "compiled"
    ],
    "id": "ocds-h6vhtk-067639-2026-03-27T11:04:40Z",
    "date": "2026-03-27T11:04:40Z",
    "ocid": "ocds-h6vhtk-067639",
    "initiationType": "tender",
    "planning": {
        "documents": [
            {
                "id": "028400-2026",
                "documentType": "plannedProcurementNotice",
                "noticeType": "UK1",
                "description": "Pipeline notice on Find a Tender",
                "url": "https://www.find-tender.service.gov.uk/Notice/028400-2026",
                "datePublished": "2026-03-27T11:04:40Z",
                "format": "text/html"
            }
        ]
    },
    "parties": [
        {
            "id": "GB-PPON-PDPT-3135-BWWY",
            "name": "NHS England",
            "identifier": {
                "scheme": "GB-PPON",
                "id": "PDPT-3135-BWWY"
            },
            "address": {
                "streetAddress": "Wellington House, 133-135 Waterloo Rd",
                "locality": "London",
                "postalCode": "SE1 8UG",
                "country": "GB",
                "countryName": "United Kingdom",
                "region": "UKI45"
            },
            "contactPoint": {
                "email": "england.commercialqueries@nhs.net"
            },
            "roles": [
                "buyer"
            ],
            "details": {
                "url": "https://www.england.nhs.uk/",
                "classifications": [
                    {
                        "id": "publicAuthorityCentralGovernment",
                        "scheme": "UK_CA_TYPE",
                        "description": "Public authority - central government"
                    }
                ]
            }
        }
    ],
    "buyer": {
        "id": "GB-PPON-PDPT-3135-BWWY",
        "name": "NHS England"
    },
    "tender": {
        "id": "ocds-h6vhtk-067639",
        "legalBasis": {
            "id": "2023/54",
            "scheme": "UKPGA",
            "uri": "https://www.legislation.gov.uk/ukpga/2023/54/contents"
        },
        "title": "Penetration Testing Services 2026-2030",
        "description": "This requirement is for new procurement for the provision of Penetration testing for a 4 year call off contract (2+1+1). The procurement route is Crown Commercial Services' Cyber Security Services 3 Dynamic Purchasing System (DPS) - Ref RM3764. Penetration testing is required throughout various programmes, systems and services across NHS England and the wider NHS.",
        "items": [
            {
                "id": "1",
                "additionalClassifications": [
                    {
                        "scheme": "CPV",
                        "id": "72590000",
                        "description": "Computer-related professional services"
                    }
                ],
                "relatedLot": "1"
            }
        ],
        "value": {
            "amountGross": 7200000,
            "amount": 6000000,
            "currency": "GBP"
        },
        "procurementMethod": "selective",
        "procurementMethodDetails": "Using pre-Procurement Act commercial tool",
        "mainProcurementCategory": "services",
        "lots": [
            {
                "id": "1",
                "suitability": {
                    "sme": true
                },
                "contractPeriod": {
                    "startDate": "2026-10-28T00:00:00Z",
                    "endDate": "2028-10-27T23:59:59+01:00",
                    "maxExtentDate": "2030-10-28T23:59:59Z"
                },
                "hasRenewal": true,
                "status": "planned"
            }
        ],
        "status": "planned"
    },
    "relatedProcesses": [
        {
            "id": "framework",
            "relationship": [
                "framework"
            ],
            "title": "CCS - Cyber Security Services 3 - RM3764"
        }
    ],
    "language": "en"
}