SSRO Security Assessment and Penetration Test

The SSRO is seeking to appoint a supplier to provide a core programme of work surrounding Security Assessment and Penetration Test services. The Supplier is required to carry out in each year of the contract the core programme of work as detailed below. Phase 1: Security Assessment and Penetration Testing and reporting the results (one combined report or separate documents at Supplier discretion) as set out in the Service Specification. Phase 2: Liaising with the SSRO and the SSRO's IT Managed Service partner whilst they are resolving all critical vulnerabilities, and up to five additional non-critical vulnerabilities, per assessment. Phase 3: Retesting on all "critical" vulnerabilities, and the additional vulnerabilities per assessment (external, MS cloud, web application) following completion of remedial work implemented by the SSRO's IT Managed Service partner. The Phase dates for the first year of the contract will be: Phase 1 to be carried out between 6th July - 17 July, with final report(s) received by the SSRO no later than 17 July 2026; Phase 2 is expected to be completed by 25 September 2026; and Phase 3 is expected to be completed by 16 October 2026.