Vulnerability assessment service and tools supply framework
Helping you choose your preferred strategy to detect and assess internal and external vulnerabilities within your IT estate, so you can manage your security risks, compliance and quality.
With a choice of lots and suppliers, the framework allows you to engage a service provider to do the work for you and deliver a report and guidance. Alternatively, you can buy the tooling you need to run your own scans.
Using the framework
This framework is broken down into eight lots to offer the sector full access to the valuable tools and assessment service.
- Lot 1 - Vulnerability assessment service: provides automated, security vulnerability assessments of your IT assets, including reporting and guidance on remediation actions
- Lot 2–8 - Access to market-leading vulnerability assessment tools: provides an easy path to procure tools for you to conduct your own vulnerability scans
Stringent processes are fully transparent and comply with EU procurement rules so you can also rest assured that the suppliers chosen will provide you with the best value for money and quality of service.
You can request the full invitation to tender by emailing procurement@jisc.ac.uk.
The agreement will continue irrespective of the ongoing negotiations and outcome of the UK’s decision to leave the European Union. The Public Contracts Regulations 2015 continue to apply to this procurement process.
List of available lots and supplier contact details
Lot 1 - vulnerability assessment service
A managed service providing the requested vulnerability scan, results and associated report.
CCL Solutions Group – offering a Tenable based service
Email: vas.ccl@jisc.ac.uk
Khipu Networks – offering a Greenbone based solution
Email: vas.khipu@jisc.ac.uk
Lot 2 - BeyondTrust or equivalent
The supply and support of BeyondTrust or equivalent solutions
IP Performance - offering Wallix as a solution
Email: vas.ipp@jisc.ac.uk
Lot 3 - Nextpose or equivalent
The supply and support of Nextpose or equivalent solutions - Not awarded
Lot 4 - Qualys or equivalent
The supply and support of Qualys or equivalent solutions - Not awarded
Lot 5 - Tenable Nessus or equivalent
The supply and support of Tenable Nessus or equivalent solutions
IP Performance - offering PCYSYS as a solution
Email: vas.ipp@jisc.ac.uk
Lot 6 - Tripwire IP360 or equivalent
The supply and support of Tripwire IP360 or equivalent solutions - Not awarded
Lot 7 - Vulnerability Manager Plus or equivalent
The supply and support of Vulnerability Manager Plus or equivalent solutions - Not awarded
Lot 8 - Other tools
The supply and support of other vulnerability assessment and scanning solutions
Khipu Networks – offering a Greenbone based solution
Email: vas.khipu@jisc.ac.uk
Lot 1 - vulnerability assessment service
A managed service providing the requested vulnerability scan, results and associated report.
CCL Solutions Group – offering a Tenable based service
Email: vas.ccl@jisc.ac.uk
Khipu Networks – offering a Greenbone based solution
Email: vas.khipu@jisc.ac.uk
Lot 2 - BeyondTrust or equivalent
The supply and support of BeyondTrust or equivalent solutions
IP Performance - offering Wallix as a solution
Email: vas.ipp@jisc.ac.uk
Lot 3 - Nextpose or equivalent
The supply and support of Nextpose or equivalent solutions - Not awarded
Lot 4 - Qualys or equivalent
The supply and support of Qualys or equivalent solutions - Not awarded
Lot 5 - Tenable Nessus or equivalent
The supply and support of Tenable Nessus or equivalent solutions
IP Performance - offering PCYSYS as a solution
Email: vas.ipp@jisc.ac.uk
Lot 6 - Tripwire IP360 or equivalent
The supply and support of Tripwire IP360 or equivalent solutions - Not awarded
Lot 7 - Vulnerability Manager Plus or equivalent
The supply and support of Vulnerability Manager Plus or equivalent solutions - Not awarded
Lot 8 - Other tools
The supply and support of other vulnerability assessment and scanning solutions
Khipu Networks – offering a Greenbone based solution
Email: vas.khipu@jisc.ac.uk
Key features and benefits
- OJEU-compliant
An Official Journal of the European Union (OJEU) compliant route to market (contract notices are available on request) - Value for money
Rates are agreed with suppliers via this framework, so you will not have extra charges. We can also help you identify your specific vulnerability tools and assessment needs, to identify any unnecessary requirements - Save procurement time
We have pre-qualified all suppliers to ensure they can meet your requirements to save your time - depending on the equipment or service being purchased, your procurement could be completed in a few days - Jisc-procured framework
Ensure that you have access to the latest technology and credible suppliers in this market - Improved security
This meets the highest security standards and is ISO9001 and ISO27001 certified. Helps your organisation to detect vulnerabilities such as Heartbleed and Shellshock - Tailored services
Meets the needs of the UK education and research sector and offer you the flexibility to scan your own networks and generate bespoke reports on known security vulnerabilities specific to your systems - Easy installation tools
Simple to implement and integrate with existing IT systems, enabling you to analyse your IT network devices, identify security vulnerabilities and resolve security issues - Compliance
By identifying and resolving vulnerabilities on your network, your organisation can reduce the risk of information security breaches and associated costs. It can scan public-facing IP addresses for payment card industry data security standard (PCI DSS) compliance and can be accredited by an approved scanning vendor (ASV) if required.
- OJEU-compliant
An Official Journal of the European Union (OJEU) compliant route to market (contract notices are available on request) - Value for money
Rates are agreed with suppliers via this framework, so you will not have extra charges. We can also help you identify your specific vulnerability tools and assessment needs, to identify any unnecessary requirements - Save procurement time
We have pre-qualified all suppliers to ensure they can meet your requirements to save your time - depending on the equipment or service being purchased, your procurement could be completed in a few days - Jisc-procured framework
Ensure that you have access to the latest technology and credible suppliers in this market - Improved security
This meets the highest security standards and is ISO9001 and ISO27001 certified. Helps your organisation to detect vulnerabilities such as Heartbleed and Shellshock - Tailored services
Meets the needs of the UK education and research sector and offer you the flexibility to scan your own networks and generate bespoke reports on known security vulnerabilities specific to your systems - Easy installation tools
Simple to implement and integrate with existing IT systems, enabling you to analyse your IT network devices, identify security vulnerabilities and resolve security issues - Compliance
By identifying and resolving vulnerabilities on your network, your organisation can reduce the risk of information security breaches and associated costs. It can scan public-facing IP addresses for payment card industry data security standard (PCI DSS) compliance and can be accredited by an approved scanning vendor (ASV) if required.
Eligibility
Access to the framework is freely available to members of Jisc and/or those providing or supporting education, research or culture, such as:
- All higher and further education institutions
- All laboratories and other establishments of the Research Councils
- The funding bodies for research, higher and further education across the UK
- Local government authorities that provide broadband ICT services to schools, or commission these services from third parties
- Regional Broadband Consortia (RBCs) and any other vehicles created by local government authorities in England to aggregate the provision of broadband ICT services to schools
- The equivalent bodies in Scotland, Wales and Northern Ireland providing broadband ICT services to schools
- Individual schools, whether under local government control or with other governance
- Individual or groups of libraries or museums, whether under local government control or with other governance
- IOther bodies whose core purpose is the support or advancement of education or research
Full information on eligibility is available in the vulnerability assessment service and tools supply framework buyer’s guide (pdf).
Access to the framework is freely available to members of Jisc and/or those providing or supporting education, research or culture, such as:
- All higher and further education institutions
- All laboratories and other establishments of the Research Councils
- The funding bodies for research, higher and further education across the UK
- Local government authorities that provide broadband ICT services to schools, or commission these services from third parties
- Regional Broadband Consortia (RBCs) and any other vehicles created by local government authorities in England to aggregate the provision of broadband ICT services to schools
- The equivalent bodies in Scotland, Wales and Northern Ireland providing broadband ICT services to schools
- Individual schools, whether under local government control or with other governance
- Individual or groups of libraries or museums, whether under local government control or with other governance
- IOther bodies whose core purpose is the support or advancement of education or research
Full information on eligibility is available in the vulnerability assessment service and tools supply framework buyer’s guide (pdf).
Service package costs
Costs are available directly from the providers on the framework.
How to get started
Whether you know your requirements or are just starting out, get in touch and we will help you with your next steps.
If you require penetration testing, we provide this through our penetration testing service.
ISO certification
This service is included within the scope of our ISO9001 and ISO27001 certificates.
