Awarded to Security Alliance Limited

Start date: Tuesday 2 January 2018
Value: £49,200
Company size: SME
Department of Health and NHS Blood and Transplant

Threat Intelligence for Department of Health and NHS Blood and Transplant

3 Incomplete applications

1 SME, 2 large

5 Completed applications

2 SME, 3 large

Important dates

Monday 30 October 2017
Deadline for asking questions
Monday 6 November 2017 at 11:59pm GMT
Closing date for applications
Monday 13 November 2017 at 11:59pm GMT


Summary of the work
NHS Blood and Transplant is seeking a CBEST approved supplier to provide Threat Intelligence, ahead of Penetration Testing. The supplier is expected to collect, analyse and disseminate Critical Function-focused intelligence relating to:
• Targeting: potential attack surfaces across NHS BT.
• Threat Intelligence: relevant threat actors and probable threat scenarios.
Latest start date
Friday 8 December 2017
Expected contract length
Work to be completed by 31 March 2018.
No specific location, eg they can work remotely
Organisation the work is for
Department of Health and NHS Blood and Transplant
Budget range

About the work

Why the work is being done
Government Departments must remain resilient to cyber-attacks. To help these departments achieve this goal, the Cabinet Office launched a pilot GBEST security assessment framework.

The pilot scheme promotes intelligence-led penetration testing that seeks to mimic the actions of cyber attackers intent on compromising an organisation’s Critical Functions and the technology assets and people supporting those functions.

The provision of Threat Intelligence will provide insight into the most secure way to manage two critical NHS Blood and Transplant systems.
Problem to be solved
The key functions that would lead to compromise of confidentiality and integrity relate primarily to the blood services (Hematos and Pulse systems) and the organ transplant services (ODT system). These systems contain highly confidential data where, if compromised could result in severe clinical harm to many patients/donors.

The provider is expected to supply a summary of key threats to the functioning of these core functions, detailing the highest scoring threats to be prioritised by the Penetration Testers.

Reports are expected to be the standard of CBEST, prioritising risks to address in Phase 3 Penetration Test.
Who the users are and what they need to do
Government Departments need to ensure that they remain resilient to cyber attacks to ensure the safety of UK citizens. They need to be aware of any potential weaknesses and key threats so that these can be addressed and rectified.
Early market engagement
Any work that’s already been done
Existing team
Suppliers will be working with representatives from the Department of Health, NHS Digital, NHS Blood and Transplant, Cabinet Office and National Cyber Security Centre.
Current phase
Not applicable

Work setup

Address where the work will take place
Expected to be flexible and occasionally travel to NHS Blood and Transplant sites in England. Most work will be remote.
Working arrangements
To be agreed at contract award but will include 3 weeks of Threat Intelligence to be done ahead of a Penetration Testing period conducted by a separate service provider. 1 week overlap of work with Penetration Test service providers. Some availability required during Penetration testing phase that will last 6 weeks to answer any relevant questions from the Penetration Tester.
Security clearance
SC preferable with all those working on the project to have CTC as a minimum. Further details on security clearance can be found here:
Content is of a highly sensitive nature.

Additional information

Additional terms and conditions
The provider must share information as laid out in the GBEST Implementation Guide and abide by the GBEST Principles. Any non-disclosure agreements must not hinder the delivery of the scheme, specifically, relevant information should be readily shared between the Threat Intelligence provider, the Penetration Tester and GDS.

All expenses must be pre-agreed between the parties and must comply with the Cabinet Office Travel and Subsistence Policy.

All vendors are obliged to provide sufficient guarantees to implement appropriate technical and organisational measures so that the processing meets the requirements of GDPR and ensures the protection of the rights of data subjects.

Skills and experience

Buyers will use the essential and nice-to-have skills and experience to help them evaluate suppliers’ technical competence.

Essential skills and experience
  • Be CBEST approved, CREST certified Threat Intelligence Manager successfully assessed against CBEST criteria to supply CBEST Threat Intelligence Services
  • Have experience of assisting customers with Threat Modelling
Nice-to-have skills and experience
  • Previous experience of CBEST TI development.
  • Previous experience of CBEST application.

How suppliers will be evaluated

How many suppliers to evaluate
Proposal criteria
  • Project plan.
  • Previous experience.
  • Teams structure and CV's.
  • Value for Money.
Cultural fit criteria
  • Describe their approach for working with the Buyer (and alongside other suppliers) as part of an integrated, co-located effective and efficient delivery team.
  • Describe their experience of working with an organisation with the following characteristics: • Critical 24x7 Services • Healthcare Sector • Secure services
Payment approach
Fixed price
Assessment methods
Written proposal
Evaluation weighting

Technical competence


Cultural fit




Questions asked by suppliers

No questions have been answered yet