Cyber Security Services 3

This dynamic purchasing system (DPS) is available to all UK central government departments, wider public sector organisations and charities. The services available fall under the following categories:

• NCSC assured services
• consultancy and advice
• penetration testing
• incident response
• managed security services

The DPS allows you to shortlist suppliers based on your needs using a range of filters. Once you have established your shortlist you can use this to run a further competition.

• official route to market to buy NCSC assured services
• agility and flexibility to meet the public sector’s cyber security needs
• suppliers can apply to join at any time
• a dynamic filtering system, giving customers flexibility based on need
• quality and price can be assessed based on an individual customer’s need
• a dynamic pool of suppliers that can grow and evolve with the market

Please read the 'How to buy' tab below for detailed instructions on how to find out which suppliers are on this framework.

1. Register as a buyer. Note: although pages are headed ‘Supplier registration’ this is also where you can register as a buyer
2. Navigate to the Cyber Security Services 3 DPS and log in with your username and password, click on ‘confirm’ at the bottom of the text, and agree to the terms of use
3. on your ‘Manage your DPS Category Exports’ page you now have 2 options (in the bottom right-hand corner of the page):
   1. view appointed suppliers
   2. click on the link to create a new category export, this is how you filter the suppliers that can meet your needs
4. use the filtering tool to specify your needs, this will create a list of capable suppliers
5. save your filtered list of capable suppliers by clicking the ‘Save Category’ option
   1. from your ‘Manage your Category Exports’ page you can then export the list of suppliers and contact details (export is to an Excel spreadsheet)
6. log out of the DPS
7. Use the list to run a further competition. Invite the suppliers identified by the DPS to bid against your detailed specification and evaluation criteria.
   1. The list is valid for 2 working days only, from the date of its creation, because new suppliers may be applying to join at any point. If your further competition excludes eligible suppliers it potentially breaches procurement regulations. Obtain a fresh supplier list (steps 3.2 to 5) if you don’t use your list within 2 working days by clicking the ‘Search Again’ option for your export
   2. you can use your own eSourcing tool or the our eSourcing tool to run a further competition. The our eSourcing tool is free to use for public sector buyers
8. evaluate responses and award contract

Detailed buyer guidance is available in the documents section. Additionally, you can watch the How to use the Cyber Security Services 3 Dynamic Purchasing System video. 

Crown Commercial Service (CCS) became Government Commercial Agency (GCA) on 1 April 2026. Documents published before this date may still refer to CCS. All contract documents remain valid for existing and new contracts, and there are no changes to how you work with us.

1. RM3764.3 Buyer guide v8
2. RM3764.3 DPS appointment form v5
3. RM3764.3 Case studies v2
4. RM3764.3 DPS schedule 6: order form template and order schedules v2
5. RM3764.3 Template statement of requirement GovAssure v4
6. RM3764.3 Template statement of requirements security architecture v2
7. RM3764.3 Template statement of requirements incident response v2
8. RM3764.3 Template statement of requirements security operation centres v2
9. RM3764.3 Template statement of requirements penetration testing v2
10. RM3764.3 Template statement of requirements risk assessment v2
11. RM3764.3 DPS core terms v2.1
12. RM3764.3 DPS Schedule 7 order procedure v2.0
13. RM3764.3 Order schedules
14. RM3764.3 Joint schedules
15. RM3764.3 Cyber buyers’ guide to implementing social value
16. RM3764.3 Security specialists