NHS NES

National NHS boards of Scotland accelerate secure digital transformation with multiyear Commissum partnership.

Challenge

Healthcare is undergoing a digital transformation and the NHS in Scotland is no different. This transformation has enabled the NHS to deliver better services to its patients and users online, whilst still maintaining the highest levels of data and system security. 

With the large amounts of sensitive personal data it holds, the NHS is an attractive target for malicious threat actors. This, alongside ensuring regulatory data compliance, means cyber security is a critical priority and the NHS National boards of Scotland looked to Commissum to support them. 

NHS Education for Scotland (NES), headquartered in Edinburgh, is a special health board responsible for the development and delivery of education services for those who work for NHS Scotland, health and social care sector and other public bodies. NES service the whole of Scotland and its special boards, meaning that it is imperative they manage cyber security effectively and resources are accessible to its users when they need to be. Due to NES’ reliance on digital services for their daily operations, they have always been conscious of their cyber security posture and pioneering to embed this security culture in all parts of NHS Scotland. 

Commissum’s relationship with the NHS National Boards of Scotland began in 2013. However, following the growth of the ad hoc work, NES took the decision to publish a tender for a 3-year single supplier contract to support all the national health boards in Scotland with their penetration testing requirements to NCSC CHECK standards. This was an open market tender which was innovative in its approach as it brought the seven national boards together for the first time procuring cyber security services. This framework has three clear benefits:

  • Standardise cyber testing within the NHS National Boards of Scotland to ensure a baseline level of security for all boards
  • Save time and improve efficiency by removing the need to tender for each ad-hoc engagement
  • Guarantee best value for the public purse. 

The benefits of the contract have been realised to a high degree; it has become a model contract in terms of the value it has delivered in meeting its original aims but also in promoting cyber security within the wider Scottish NHS organisations. 

Commissum has uniquely delivered value through its high levels of commitment to the contract and helped the NHS boards to deliver on their digital transformation agenda. 

Thanks to the framework, NES has noted an increase in technical assurance services across the special boards, meaning that they are placing greater emphasis and importance on cyber security.

“A single supplier framework was an idea that we toyed with for a while but weren’t sure how it would work in the long run. Partnering with Commissum has simplified the procurement process, freeing up time for us to focus on the job at hand. Commissum has always delivered what they say they will and to the highest standards. We have thoroughly enjoyed working together thus far and look forward to continuing this collaboration in the future.” 

 Declan Walkden, Procurement Manager, NES