Leicestershire Health Informatics Service

Cloud Hosted Website and Application Security Testing

LHIS security professionals review and test cloud based websites and applications to ensure best practice and highlight areas of weakness and vulnerabilities. This process can be iterated during the development and implementation process to support best practice development. Testing includes the OWASP top ten and any current zero day attacks.


  • Contextualised reporting puts risks into real world content
  • Industry standard testing methodologies - OSSTMM, CHECK, CREST
  • Experienced qualified penetration testing staff with Public Sector experience
  • Wide ranging support mechanism for technical expertise
  • Experienced provider supporting public sector organisations nationwide
  • Highly experienced Tigerscheme qualified testing staff
  • CHECK Team Member and CHECK Team Leader equivalent qualifications
  • Assignment scope tailored to customer requirements
  • Repeat testing to ensure vulnerabilities have been succesfully resolved
  • Operating system, platform, web server and code testing


  • Contextualised Reporting - presenting risks in an organisational context
  • Post delivery support for report mediation
  • Value: excellent price, quality and service delivery, subscription based options
  • Partnership working approach
  • Wide range of additional support services available
  • Flexible reporting to suit local templates and risk approaches
  • Valued added services - e.g. retesting of fixed vulnerabilities included
  • Comprehensive reporting detailing assignment scope, testing, results and recommendations
  • Confidential service with qualified security vetted (SC/DV) staff
  • Responsive service able to respond to urgent requests


£450 per person per day

Service documents

G-Cloud 9


Leicestershire Health Informatics Service

Gemma Clayton




Planning service Yes
How the planning service works We will work with the customer to agree implementation as part of the SLA
Planning service works with specific services No


Training service provided Yes
How the training service works Clinical system and non clinical training
Training is tied to specific services No

Setup and migration

Setup and migration
Setup or migration service available Yes
How the setup or migration service works As agreed in the customer SLA.
Setup or migration service is for specific cloud services No

Quality assurance and performance testing

Quality assurance and performance testing
Quality assurance and performance testing service Yes
How the quality assurance and performance testing works Depending on the requirements outlined in the SLA we work with customers to ensure products and services meet required industry standards.

Security testing

Security testing
Security testing service Yes
Security testing type
  • Penetration testing
  • IT Health Checks
  • Risk analysis
Accredited security testers Yes
Security testing accreditations Tigerscheme
Certified Professional (CCP) risk analysts No

Ongoing support

Ongoing support
Ongoing support service Yes
Types of service supported
  • Buyer hosting or software
  • Hosting or software provided by your organisation
  • Hosting or software provided by a third-party organisation
How the support service works Via SLA as agreed with the customer

Service scope

Service scope
Service constraints Any constraints are agreed with the customer via SLA and managed accordingly.

User support

User support
Email or online ticketing support Email or online ticketing
Support response times SLA will define severity of issue and allocated response times.

Standard response time 1 hour

9.00am – 5.00pm - Monday to Friday. 24/7 available on request.
User can manage status and priority of support tickets Yes
Online ticketing support accessibility WCAG 2.0 AAA
Phone support Yes
Phone support availability 24 hours, 7 days a week
Web chat support No
Support levels Typically an SLA is drawn up detailing availability, resilience, redundancy and support arrangements and this is then managed during the lifetime of the system.

See below for standard response times within LHIS (which may differ if required). When calls are logged with our service desk we grade them with severities depending on the nature of the issue. The service desk operates according to ITIL change management procedures. Each severity has a standard response time as shown below. These standards are negotiable if required to meet customer needs, however customers should note this may have an impact on the service price.

Response Times
Severity Standard Response Times
1 8 Working Hours
2 16 Working Hours
3 24 Working Hours
4 40 Working Hours
5 10 Working Days
6 5 Working Days
7 5 Working Days
8 20 Working Days (from receipt into installation)

LHIS uses back office support and system functions from with the UK.

Service Levels are typically based on availability with varying options available from 99% to 99.9%.

Standard service hours for the reporting of incidents are 08:00 to 17:00 Monday to Friday excluding UK public holidays.

However 24 hour phone support can be provided at an extra cost.


Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Other security clearance
Government security clearance Up to Security Clearance (SC)


Price £450 per person per day
Discount for educational organisations No


Pricing document View uploaded document
Skills Framework for the Information Age rate card View uploaded document
Service definition document View uploaded document
Terms and conditions document View uploaded document
Return to top ↑