Decision details

Procurement of IT Health Check and vulnerability scanning services

Decision Maker: Lead Specialist for ICT

Decision status: Recommendations Approved

Is Key decision?: No

Is subject to call in?: No

Decision:

Procurement of an IT Health Check (ITHC) in-line with Public Sector Network (PSN) compliance requirements and a non-exclusive arrangement to support IT web service vulnerability scans in the following 12-months (capped by value).

Reasons for the decision:

It is good practice for all organisations to perform IT security health checks (including "penetration tests") on a regular basis to test existing security mechanisms and identify vulnerabilities. The Council is specifically required to seek such a test on an annual basis as part of the compliance standards of being connected to the Public Sector Network (PSN).

In addition, it is good practice for organisations to perform targeted security checks ("vulnerability scans") following some internet-facing web service changes.

This agreement will ensure the Council can align with good security practices and meet the compliance standards of the Public Sector Network, as well as providing the ability for the Council to promptly conduct any internet-facing web service vulnerability scans that may become necessary in the year. This helps the Council protect both Council and resident data by identifying security risks so they can be mitigated promptly.

Alternative options considered:

Six companies listed on the National Cyber Security Centre website as suppliers of CHECK Penetration Testing services were offered the opportunity to quote for these services.

Four companies responded to the request. Of these, NTA Monitor Ltd (trading as Intertek NTA) provided the lowest price for a PSN-aligned IT Health Check, and also provided the lowest day rate. NTA Monitor Ltd was therefore recommended for award.

Source of Authority to take Decision:

Council Constitution dated 31st January 2024, Part 3, Page 3-40, paragraph 2(c):

GENERAL DELEGATION TO ALL JOINT STRATEGIC DIRECTORS, EXECUTIVE HEADS OF SERVICE, AND SERVICE LEADERS

2. To undertake the day-to-day management and operation of staff reporting to them and of the premises and services for which they are responsible in accordance with the policies and procedures laid down by the Council, including:

(c) entering into contracts (in consultation with the relevant Lead Councillor where the value is above £200,000), memoranda of understanding or other arrangements

Publication date: 06/02/2024

Date of decision: 06/02/2024