Decision Maker: Lead Specialist for ICT
Decision status: Recommendations Approved
Is Key decision?: No
Is subject to call in?: No
Procurement of an IT Health Check (ITHC)
in-line with Public Sector Network (PSN) compliance requirements
and a non-exclusive arrangement to support IT web service
vulnerability scans in the following 12-months (capped by
value).
It is good practice for all organisations to
perform IT security health checks (including "penetration tests")
on a regular basis to test existing security mechanisms and
identify vulnerabilities. The Council is specifically required to
seek such a test on an annual basis as part of the compliance
standards of being connected to the Public Sector Network
(PSN).
In addition, it is good practice for organisations to perform
targeted security checks ("vulnerability scans") following some
internet-facing web service changes.
This agreement will ensure the Council can align with good security
practices and meet the compliance standards of the Public Sector
Network, as well as providing the ability for the Council to
promptly conduct any internet-facing web service vulnerability
scans that may become necessary in the year. This helps the Council
protect both Council and resident data by identifying security
risks so they can be mitigated promptly.
Six companies listed on the National Cyber
Security Centre website as suppliers of CHECK Penetration Testing
services were offered the opportunity to quote for these
services.
Four companies responded to the request. Of these, NTA Monitor Ltd
(trading as Intertek NTA) provided the lowest price for a
PSN-aligned IT Health Check, and also provided the lowest day rate.
NTA Monitor Ltd was therefore recommended for award.
Council Constitution dated 31st January 2024,
Part 3, Page 3-40, paragraph 2(c):
GENERAL DELEGATION TO ALL JOINT STRATEGIC DIRECTORS, EXECUTIVE
HEADS OF SERVICE, AND SERVICE LEADERS
2. To undertake the day-to-day management and operation of staff
reporting to them and of the premises and services for which they
are responsible in accordance with the policies and procedures laid
down by the Council, including:
(c) entering into contracts (in consultation with the relevant Lead
Councillor where the value is above £200,000), memoranda of
understanding or other arrangements
Publication date: 06/02/2024
Date of decision: 06/02/2024