NHS conducts £300k cyber review of Covid Pass

Written by Sam Trendall on 6 April 2022 in News
News

Contract signed with consultancy Mason Advisory

Credit: QuoteInspector/CC BY-ND 4.0

The NHS Covid Pass system has undergone a £300,000 assessment of its cybersecurity set-up and key risks.

Newly published commercial documents reveal that, on 18 October, the Department of Health and Social Care signed a deal with IT consultancy Mason Advisory. The engagement, awarded via the cloud support lot of the G-Cloud 12 framework, ran until 31 March and covered the provision of the tech firm’s ‘cybersecurity assessment and implementation’ service.

According to the service’s listing on the Digital Marketplace platform, it offers customers support with the “development and review of cyber strategy and roadmaps” as well as “detailed cyber maturity and resilience assessments”.

For a cost of between £600 and £1,400 per person per day, buyers can also receive outsourced expert assistance with “incident and event response management”.

The text of the contract reveals that health-service tech agency NHSX was seeking support with “security architecture and infosec risk management”.

Four types of services are listed in the deal, beginning with a “mobilisation” period in which the supplier was expected to “conduct knowledge transfer and on-board additional resource”.


Related content


Mason Advisory was also contracted to provide monthly updates on: security design; threat, controls and risk management; and collaboration and reporting.

Over the course of its five-month term, the deal was worth £293,579 to the Salford-headquartered firm. 

Three other companies were listed in the contract as subcontractors or partners to the work: Ultima Business Solutions; Grayce Group; and Trysnet Solutions.

Since the launch of the digital vaccine passport system in May 2021, millions of citizens have accessed the Covid Pass – principally via the NHS App, which now has more than 22 million users across England. All but about 250,000 of these have adopted the technology since the start of the pandemic – including 18 million that have downloaded the app since the creation of the Covid Pass.

The app offers users two types of pass: one for use in domestic settings; and another that can be used for international travel. The latter version is now available for anyone aged 12 and upwards.

The domestic passes – which are only available to adults – are no longer a legal requirement for any venues or events, although businesses can still use the system as part of their own conditions of entry, if they so wish.

The passes contain a secure QR code which staff at travel hubs or venues can scan to verify its authenticity. The Covid Pass has been certified as interoperable with the equivalent EU system, meaning the UK-issued passes can now be scanned at locations across all member states, as well as in 37 other countries and regions that have also achieved certification.

 

About the author

Sam Trendall is editor of PublicTechnology. He can be reached on sam.trendall@dodsgroup.com.

Share this page

Tags

Categories

CONTRIBUTIONS FROM READERS

Please login to post a comment or register for a free account.

Related Articles

Nuclear clean-up agency seeks £2m-a-year partner to help improve cyber-resilience
11 May 2022

Specialist firm sought to help identify areas where security could be bolstered

Researchers detect ‘multiple spyware infections’ of Downing St and FCDO since 2020
19 April 2022

Canadian academics claim that attack on No. 10 using Pegasus software was launched from the UAE

DHSC picks IT firm to support NHS Covid Pass in potential £18m deal
12 April 2022

Department is to work with Netcompany – which is also supporting the NHS Covid-19 contact-tracing app

Public bodies encouraged to cancel contracts with Russian suppliers
30 March 2022

Deals that could be under review include energy supply contacts and some tech consultancy engagements