HMRC issues £7.5m contract notice to improve cybersecurity

HMRC's Chief Digital and Information Office (CDIO), the internal department tasked with the provision of critical IT services, is looking for enterprise-wide security improvements to support "transformational, remediatory and enabling" strategic planning and delivery activities.

Two projects - Cyber Remediation, and Cyber Operations - fall within HMRC's Enterprise Security Programme. The tender deadline is 5th December.

The projects' objectives are to deliver risk mitigation by remediating known vulnerabilities across HMRC's systems and services through the application of patches, configuration changes and encryption, additional access and session monitoring controls as well as strengthening networks, vulnerability assessment security controls, assurance and increasing capacity to mitigate, detect and respond to cybersecurity threats.

Services in scope are a range of services that HMRC uses and relies upon to deliver its duties to the UK public. They are categorised in terms of critically and assigned a Gold/Silver/Bronze status. Many of these services are deemed "critical national infrastructure", such as Real Time Information, New Tax Credits and National Insurance and PAYE Service.

The successful supplier will need to provide "significant" project management activities co-ordinating delivery management and assurance working with internal HMRC delivery groups and IT suppliers.

Key activities will cover the ordering and monitoring of work packages and delivery requests from initiation through to implementation, including handover of changes to the HMRC Service owner community.