Specialist firm has previously provided similar services for outgoing Verify service

Credit: Jernej Furman/CC BY 2.0

The Government Digital Service has signed a potential £300,000 contract for a specialist cyber firm to perform ongoing “IT health checks” for its digital-identity programme.

The technology agency entered into an initial two-year engagement with Fidus Information Security on 20 June 2022. The £100,000-a-year deal can be extended for two further periods of six months each, which would take its end date to summer 2025.

During that time period, the Cambridge-based firm will be asked “to conduct various IT health checks for [the GDS] digital identity programme over the contract duration”, according to a recently published procurement notice.

Related content

• Digital minister: ‘I’m one up from a Luddite – but I am grasping this enthusiastically’
• Leader appointed and £4.1m allocated to retire GOV.UK Verify
• GDS boss puts ‘mobile-first and hyperpersonalisation’ at heart of future service transformation

The precise nature of these checks is redacted from the contract, but the document adds that there “will be additional deliverables… for future IT health checks for digital identity programme during the contract period”.

The programme in question is currently engaged in a major project to deliver the One Login system, which is intended to provide a single identity-verification and sign-on system through which citizens can access all government services across all departments.

One of the many identity and login services that One Login will replace is the GDS-developed Verify service – for which Fidus has previously provided similar IT health check services, during a six-month contract that ran from early 2021.

The company describes itself as a “penetration and security testing consultancy”, which works with public-sector organisations “assess security posture, achieve regulatory compliance or build a strategic plan for the future”.

The recently published three-year digital and data strategy for government outlined that departments must finalise their plan for adopting One Login. The aim is then for all services throughout government to be on-boarded by 2025. This will begin with an initial tranche of five, which will be the first to go live with the new system once pilots begin in September.