Vulnerability assessment service and tools supply framework

Helping you choose your preferred strategy to detect and assess internal and external vulnerabilities within your IT estate, so you can manage your security risks, compliance and quality.

The vulnerability assessment service and tools supply framework reaches the end of its contract term on 15 April 2024.

Due to the low uptake of services on this framework over the last 12 months, Jisc has no current plan to replace it. Those with existing contracts for services purchased via these frameworks should not be impacted. Jisc members and customers can continue to purchase services via this framework until 15 April 2024.

If you have any questions please contact your relationship manager, who will be happy to assist you.

With a choice of lots and suppliers, the framework allows you to engage a service provider to do the work for you and deliver a report and guidance. Alternatively, you can buy the tooling you need to run your own scans.

Using the framework

This framework is broken down into eight lots to offer the sector full access to the valuable tools and assessment service.

  • Lot 1 - Vulnerability assessment service: provides automated, security vulnerability assessments of your IT assets, including reporting and guidance on remediation actions
  • Lot 2–8 - Access to market-leading vulnerability assessment tools: provides an easy path to procure tools for you to conduct your own vulnerability scans

Stringent processes are fully transparent and comply with EU procurement rules so you can also rest assured that the suppliers chosen will provide you with the best value for money and quality of service.

You can request the full invitation to tender by emailing procurement@jisc.ac.uk.

The agreement will continue irrespective of the ongoing negotiations and outcome of the UK’s decision to leave the European Union. The Public Contracts Regulations 2015 continue to apply to this procurement process.

List of available lots and supplier contact details

Lot 1 - vulnerability assessment service

A managed service providing the requested vulnerability scan, results and associated report.

CCL Solutions Group – offering a Tenable based service
Email: vas.ccl@jisc.ac.uk

Khipu Networks – offering a Greenbone based solution
Email: vas.khipu@jisc.ac.uk

Lot 2 - BeyondTrust or equivalent

The supply and support of BeyondTrust or equivalent solutions

IP Performance - offering Wallix as a solution
Email: vas.ipp@jisc.ac.uk

Lot 3 - Nextpose or equivalent

The supply and support of Nextpose or equivalent solutions - Not awarded

Lot 4 - Qualys or equivalent

The supply and support of Qualys or equivalent solutions - Not awarded

Lot 5 - Tenable Nessus or equivalent

The supply and support of Tenable Nessus or equivalent solutions

IP Performance - offering PCYSYS as a solution
Email: vas.ipp@jisc.ac.uk

Lot 6 - Tripwire IP360 or equivalent

The supply and support of Tripwire IP360 or equivalent solutions - Not awarded

Lot 7 - Vulnerability Manager Plus or equivalent

The supply and support of Vulnerability Manager Plus or equivalent solutions - Not awarded

Lot 8 - Other tools

The supply and support of other vulnerability assessment and scanning solutions

Khipu Networks – offering a Greenbone based solution
Email: vas.khipu@jisc.ac.uk

Key features and benefits

  • OJEU-compliant
    An Official Journal of the European Union (OJEU) compliant route to market (contract notices are available on request)
  • Value for money
    Rates are agreed with suppliers via this framework, so you will not have extra charges. We can also help you identify your specific vulnerability tools and assessment needs, to identify any unnecessary requirements
  • Save procurement time
    We have pre-qualified all suppliers to ensure they can meet your requirements to save your time - depending on the equipment or service being purchased, your procurement could be completed in a few days
  • Jisc-procured framework
    Ensure that you have access to the latest technology and credible suppliers in this market 
  • Improved security
    This meets the highest security standards and is ISO9001 and ISO27001 certified. Helps your organisation to detect vulnerabilities such as Heartbleed and Shellshock
  • Tailored services
    Meets the needs of the UK education and research sector and offer you the flexibility to scan your own networks and generate bespoke reports on known security vulnerabilities specific to your systems
  • Easy installation tools
    Simple to implement and integrate with existing IT systems, enabling you to analyse your IT network devices, identify security vulnerabilities and resolve security issues
  • Compliance
    By identifying and resolving vulnerabilities on your network, your organisation can reduce the risk of information security breaches and associated costs. It can scan public-facing IP addresses for payment card industry data security standard (PCI DSS) compliance and can be accredited by an approved scanning vendor (ASV) if required.

Eligibility

Access to the framework is freely available to members of Jisc and/or those providing or supporting education, research or culture, such as:

  • All higher and further education institutions
  • All laboratories and other establishments of the Research Councils
  • The funding bodies for research, higher and further education across the UK   
  • Local government authorities that provide broadband ICT services to schools, or commission these services from third parties
  • Regional Broadband Consortia (RBCs) and any other vehicles created by local government authorities in England to aggregate the provision of broadband ICT services to schools
  • The equivalent bodies in Scotland, Wales and Northern Ireland providing broadband ICT services to schools
  • Individual schools, whether under local government control or with other governance
  • Individual or groups of libraries or museums, whether under local government control or with other governance
  • IOther bodies whose core purpose is the support or advancement of education or research

Full information on eligibility is available in the vulnerability assessment service and tools supply framework buyer’s guide (pdf).

Service package costs

Costs are available directly from the providers on the framework.

How to get started

Whether you know your requirements or are just starting out, get in touch and we will help you with your next steps.

Email securityservices@jisc.ac.uk

If you require penetration testing, we provide this through our penetration testing service.

ISO certification

This service is included within the scope of our ISO9001 and ISO27001 certificates.

Read more about International Organisation for Standardisation (ISO) standards and view Jisc certificates.

ISO 9001-2015 UKAS logo

ISO/IEC 27001 UKAS logo