With a choice of lots and suppliers, the framework allows you to engage a service provider to do the work for you and deliver a report and guidance. Alternatively, you can buy the tooling you need to run your own scans.
This framework is broken down into eight lots to offer the sector full access to the valuable tools and assessment service.
Lot 1 - Vulnerability assessment service: provides automated, security vulnerability assessments of your IT assets, including reporting and guidance on remediation actions
Lot 2–8 - Access to market-leading vulnerability assessment tools:provides an easy path to procure tools for you to conduct your own vulnerability scans
Stringent processes are fully transparent and comply with EU procurement rules so you can also rest assured that the suppliers chosen will provide you with the best value for money and quality of service.
The agreement will continue irrespective of the ongoing negotiations and outcome of the UK’s decision to leave the European Union. The Public Contracts Regulations 2015 continue to apply to this procurement process.
List of available lots and supplier contact details
Suppliers (first ranked supplier in italics)
Lot 1 - vulnerability assessment service A managed service providing the requested vulnerability scan, results and associated report.
Value for money Rates are agreed with suppliers via this framework, so you will not have extra charges. We can also help you identify your specific vulnerability tools and assessment needs, to identify any unnecessary requirements
Save procurement time We have pre-qualified all suppliers to ensure they can meet your requirements to save your time - depending on the equipment or service being purchased, your procurement could be completed in a few days
Jisc-procured framework Ensure that you have access to the latest technology and credible suppliers in this market
Improved security This meets the highest security standards and is ISO9001 and ISO27001 certified. Helps your organisation to detect vulnerabilities such as Heartbleed and Shellshock
Tailored services Meets the needs of the UK education and research sector and offer you the flexibility to scan your own networks and generate bespoke reports on known security vulnerabilities specific to your systems
Easy installation tools Simple to implement and integrate with existing IT systems, enabling you to analyse your IT network devices, identify security vulnerabilities and resolve security issues
Compliance By identifying and resolving vulnerabilities on your network, your organisation can reduce the risk of information security breaches and associated costs. It can scan public-facing IP addresses for payment card industry data security standard (PCI DSS) compliance and can be accredited by an approved scanning vendor (ASV) if required.
Access to the framework is freely available to members of Jisc and/or those providing or supporting education, research or culture, such as:
All higher and further education institutions
All laboratories and other establishments of the Research Councils
The funding bodies for research, higher and further education across the UK
Local government authorities that provide broadband ICT services to schools, or commission these services from third parties
Regional Broadband Consortia (RBCs) and any other vehicles created by local government authorities in England to aggregate the provision of broadband ICT services to schools
The equivalent bodies in Scotland, Wales and Northern Ireland providing broadband ICT services to schools
Individual schools, whether under local government control or with other governance
Individual or groups of libraries or museums, whether under local government control or with other governance
IOther bodies whose core purpose is the support or advancement of education or research