South-East police forces on the hunt for information assurance services in £20m tender

Penetration testing, CLAS advice, RMADS and PIA all included in two-year contract

South-East police forces are on the lookout for information assurance services in a contract worth up to £20m.

The police and crime commissioner for Surrey has issued a tender on behalf of police forces within the South East Regional Information Security Management Group including: British Transport Police, Civil Nuclear Constabulary, Essex Police, Hampshire Police, Hertfordshire Police, Kent Police, Metropolitan Police Service, Surrey Police, Sussex Police and Thames Valley Police.

The framework will cover four lots. The first is for penetration testing, which includes an annual IT health check. The Official Journal of the European Union notice states that this lot involves ethical hackers testing key elements of the system to provide assurances and advice around its security.

The second lot is for CESG Listed Advisors Scheme (CLAS) advice.

"CLAS consultants offer specialised advice regarding securing a solution to an acceptable CESG standard. These individuals have been approved by CESG who also maintain their vetting," the notice states.

The third lot is for RMADS (Risk Management Accreditation Document Set). RMADS is required for systems holding restricted data for accreditation, and is an information assurance standard stipulated by the government to comply with HMG's security policy framework.

The fourth and final lot is for the privacy impact assessment (PIA), a requirement under the Data Protection Act for any system that holds personal data.

The contract will be for an initial term of two years with the option to extend for two further terms of a year each. Tenders may be submitted for one or more lots.

The framework agreement is worth between £10m and £20m and is covered by the Government Procurement Agreement (GPA).