NHS conducts £300k cyber review of Covid Pass

Written by Sam Trendall on 6 April 2022 in News
News

Contract signed with consultancy Mason Advisory

Credit: QuoteInspector/CC BY-ND 4.0

The NHS Covid Pass system has undergone a £300,000 assessment of its cybersecurity set-up and key risks.

Newly published commercial documents reveal that, on 18 October, the Department of Health and Social Care signed a deal with IT consultancy Mason Advisory. The engagement, awarded via the cloud support lot of the G-Cloud 12 framework, ran until 31 March and covered the provision of the tech firm’s ‘cybersecurity assessment and implementation’ service.

According to the service’s listing on the Digital Marketplace platform, it offers customers support with the “development and review of cyber strategy and roadmaps” as well as “detailed cyber maturity and resilience assessments”.

For a cost of between £600 and £1,400 per person per day, buyers can also receive outsourced expert assistance with “incident and event response management”.

The text of the contract reveals that health-service tech agency NHSX was seeking support with “security architecture and infosec risk management”.

Four types of services are listed in the deal, beginning with a “mobilisation” period in which the supplier was expected to “conduct knowledge transfer and on-board additional resource”.


Related content


Mason Advisory was also contracted to provide monthly updates on: security design; threat, controls and risk management; and collaboration and reporting.

Over the course of its five-month term, the deal was worth £293,579 to the Salford-headquartered firm. 

Three other companies were listed in the contract as subcontractors or partners to the work: Ultima Business Solutions; Grayce Group; and Trysnet Solutions.

Since the launch of the digital vaccine passport system in May 2021, millions of citizens have accessed the Covid Pass – principally via the NHS App, which now has more than 22 million users across England. All but about 250,000 of these have adopted the technology since the start of the pandemic – including 18 million that have downloaded the app since the creation of the Covid Pass.

The app offers users two types of pass: one for use in domestic settings; and another that can be used for international travel. The latter version is now available for anyone aged 12 and upwards.

The domestic passes – which are only available to adults – are no longer a legal requirement for any venues or events, although businesses can still use the system as part of their own conditions of entry, if they so wish.

The passes contain a secure QR code which staff at travel hubs or venues can scan to verify its authenticity. The Covid Pass has been certified as interoperable with the equivalent EU system, meaning the UK-issued passes can now be scanned at locations across all member states, as well as in 37 other countries and regions that have also achieved certification.

 

About the author

Sam Trendall is editor of PublicTechnology. He can be reached on sam.trendall@dodsgroup.com.

Share this page

Tags

Categories

CONTRIBUTIONS FROM READERS

Please login to post a comment or register for a free account.

Related Articles

EXCL: Government red team security unit to test departmental defences with hostile reconnaissance
2 December 2022

Specialist supplier will support in searching – and then attempting to take advantage of – ‘vulnerabilities and exploitable information’

National Situation Centre taps mobile network data for ‘insights on behaviours of millions of people’
2 November 2022

Cabinet Office-based facility signs £800k deal with mobile network operator

Foreign Office signs £7.5m two-year deal to support cyber transformation
12 October 2022

Department signs deal with defence contractor

MoD brings in Amazon to boost tech skills of Armed Forces leaders
30 November 2022

Ministry claims that MoU is a first-of-its-kind deal