---
title: "Provision of Army Digital Services Security & Vulnerability Assessments Specialist & Technical Capability (DInfoCom/0212)"
ocid: "ocds-b5fd17-78275948-9210-49c0-92c9-c610861b6a45"
canonical_url: "https://d3tenders.com/contract/?ocid=ocds-b5fd17-78275948-9210-49c0-92c9-c610861b6a45"
markdown_url: "https://d3tenders.com/contract/ocds-b5fd17-78275948-9210-49c0-92c9-c610861b6a45.md"
json_url: "https://d3tenders.com/contract/ocds-b5fd17-78275948-9210-49c0-92c9-c610861b6a45.json"
source: "Contracts Finder"
current_stage: "Award"
buyer: "MINISTRY OF DEFENCE"
published: "2022-09-21"
---

# Provision of Army Digital Services Security & Vulnerability Assessments Specialist & Technical Capability (DInfoCom/0212)

Buyer: MINISTRY OF DEFENCE  
Current stage: Award  
OCID: ocds-b5fd17-78275948-9210-49c0-92c9-c610861b6a45

[View canonical contract page](https://d3tenders.com/contract/?ocid=ocds-b5fd17-78275948-9210-49c0-92c9-c610861b6a45)  
[Download OCDS JSON](https://d3tenders.com/contract/ocds-b5fd17-78275948-9210-49c0-92c9-c610861b6a45.json)

## Summary

The Ministry of Defence has awarded a contract for the provision of Army Digital Services Security & Vulnerability Assessments Specialist & Technical Capability to NCC Group Security Services Limited. The contract, valued at £459,000, falls under the services category and involves conducting code-assisted Vulnerability Assessments and Penetration Testing on applications and infrastructure. The procurement method used was selective, with a call-off from a framework agreement. The contract period runs from 1st October 2022 to 30th September 2024, and the tender period ended on 22nd July 2022. The procurement took place in the South East region of the United Kingdom.

This procurement opportunity presents a chance for businesses specialising in computer testing services to grow their operations. The Ministry of Defence sought assistance to identify vulnerabilities in their digital infrastructure, making it ideal for companies with expertise in cybersecurity assessment services. Small and medium-sized enterprises (SMEs) are considered suitable for this opportunity. The contract, with a designated value and scope, allows suppliers to contribute to national security efforts by fortifying the Army's digital systems against potential attacks, thus safeguarding critical information and services.

## Notice

There is a requirement for specialist technical assistance to provide code assisted Vulnerability Assessments (VA) and Penetration Testing (PT) security assessments on both new and in-service applications/infrastructure. Security assessments, PT's and VA's are used to identify vulnerabilities in code and infrastructure (networks, servers, operating systems and applications) that could potentially be exploited. Attackers can be hackers trying to gain access into our network or systems, state sponsored activists or an insider threat. They will aim to either extract information that is held on applications and hosting environments or cause extensive disruption to services. ADS has 2 hosting environments, the Army Hosting Environment (AHE) and Joint Server Farm (JSF). The JSF is accessible from the internet via the Defence Gateway and holds information classified at Official. The AHE holds Official, Secret and Sensitive Personal Information which if extracted would not only be damaging to the Army's reputation, it could jeopardise potential operations. It could also incur fines from the Information Commissioner if there were a breach of personal information. An attack to disrupt any of the services ADS provides would significantly erode the Army's ability to operate, as many of the systems support day to day activities and processes. It is therefore imperative that vulnerabilities are identified and remedied/mitigated to reduce the risk of these occurrences. All new applications expecting to be hosted on the AHE or the JSF must have a vulnerability assessment before being allowed onto the environment to ensure there are no weaknesses which could potentially allow an attacker access to the wider infrastructure and applications. Existing applications, hosting environments and platforms must be VA'd on a rolling programme to ensure any changes do not increase vulnerability and potential for being attacked.

## Key Details

| Field | Value |
| --- | --- |
| Publication source | Contracts Finder |
| Latest notice | https://www.contractsfinder.service.gov.uk/Notice/496afb84-832e-49e2-a8cb-a5b6430f5aa6 |
| Notice type | Award Notice |
| Procurement type | Framework |
| Procurement category | Services |
| Procurement method | Selective |
| Procurement method details | Call-off from a framework agreement |
| Tender suitability | SME |
| Awardee scale | Large |
| All stages | Award |

## Dates

| Field | Value |
| --- | --- |
| Publication date | 21 Sep 2022 |
| Submission deadline | 22 Jul 2022 |
| Future notice date | Not specified |
| Award date | 26 Jul 2022 |
| Contract period | 30 Sep 2022 - 30 Sep 2024 |
| Recurrence | Not specified |

## Values

| Field | Value |
| --- | --- |
| Tender value | £459,000 |
| Lots value | Not specified |
| Awards value | £459,000 |
| Contracts value | Not specified |

## Status

| Field | Value |
| --- | --- |
| Tender status | Complete |
| Lots status | Not specified |
| Awards status | Active |
| Contracts status | Not specified |

## Buyer

| Field | Value |
| --- | --- |
| Main buyer | MINISTRY OF DEFENCE |
| Locality | ANDOVER |
| Post town | Salisbury |
| Postcode | SP11 8HJ |
| Country | England |
| ITL 1 | TLJ South East (England) |
| ITL 2 | TLJ3 Hampshire and Isle of Wight |
| ITL 3 | TLJ36 Central Hampshire |
| Local authority | Test Valley |
| Electoral ward | Andover Millway |
| Westminster constituency | North West Hampshire |
| Delivery location | TLJ South East (England) |

## Supplier

| Field | Value |
| --- | --- |
| Number of suppliers | 1 |
| Supplier names | NCC GROUP SECURITY SERVICES |

## CPV Codes

### Divisions

- 72 - IT services: consulting, software development, Internet and support

### Codes

- 72820000 - Computer testing services

## Release History

- 21 Sep 2022 at 11:09 - Award - Award Notice - https://www.contractsfinder.service.gov.uk/Notice/496afb84-832e-49e2-a8cb-a5b6430f5aa6

## Documents

- https://www.contractsfinder.service.gov.uk/Notice/496afb84-832e-49e2-a8cb-a5b6430f5aa6
  21st September 2022 - Awarded contract notice on Contracts Finder
- https://www.contractsfinder.service.gov.uk/Notice/Attachment/6b2204ba-f6c2-49fb-816a-ba9105d3823c
- https://www.contractsfinder.service.gov.uk/Notice/Attachment/74b21b58-5288-430a-a183-704c2a8efb27
- https://www.contractsfinder.service.gov.uk/Notice/Attachment/f6d4bc7e-ea08-4206-91a2-cbd957f731ad

## Provenance

This Markdown file is an alternate public rendering of the D3 Tenders contract record. The canonical page is https://d3tenders.com/contract/?ocid=ocds-b5fd17-78275948-9210-49c0-92c9-c610861b6a45. The underlying structured data is available as OCDS JSON at https://d3tenders.com/contract/ocds-b5fd17-78275948-9210-49c0-92c9-c610861b6a45.json.