Two specialist firms brought in for architecture and risk assurance contracts
Government’s new public-health agency has signed two suppliers to short-term deals to bring its cybersecurity infrastructure and operations up to speed.
The UK Health Security Agency has awarded a pair of three-month contracts, worth a cumulative £4m, to Amethyst Risk Management and 2T Security. The two firms – both of which are small, specialist outfits based in Buckinghamshire – each entered into an engagement with UKHSA on 1 February.
The two contracts list an identical list of potential services, although Amethyst’s contract is specified as relating to the agency’s “security architecture programme” while 2T’s deal addresses a “security risk assurance management service”.
According to newly published commercial documents, UKHSA’s security architecture requirements include the “development and delivery of processes including: … portfolio management; system review; technical design authority; development of technical security standards; [and] chairing pillar [and] capability security working groups”.
Its risk assurance needs, meanwhile, include external support with “risk assessment and analysis; risk reporting; third-party assurance; security control assessment; [and] control framework compliance”.
The architecture contract is worth £1.8m and the risk-assurance deal is valued at £2.1m.
Both contracts allow UKHSA to extend the engagement by two further periods of three months, which would take them to an end date of 31 October, and a total cumulative value of around £12m.
Founded last year, the agency became fully operational on 1 October 2021. It replaces and subsumes Public Health England, as well as the NHS Test and Trace programme and the Joint Biosecurity Centre, which was created at the start of the coronavirus crisis to advise government on pandemic response.