Scope
Reference
P21.85
Description
OpenAthens Authentication for NHS Wales e-Library Users not based at a fixed location/IP address.
Contract 1. OpenAthens Authentication
Supplier
Contract value
- £187,236.04 excluding VAT
- £224,683.26 including VAT
Above the relevant threshold
Earliest date the contract will be signed
27 June 2025
Contract dates (estimated)
- 1 July 2025 to 30 June 2028
- Possible extension to 30 June 2030
- 5 years
Description of possible extension:
Three (3) year contract to commence from 1st July 2025 - 30th June 2028, with the option to extend for a further two (2) years, in one (1) year increments until 30th June 2030.
Main procurement category
Services
CPV classifications
- 72000000 - IT services: consulting, software development, Internet and support
Contract locations
- UK - United Kingdom
Participation
Particular suitability
Small and medium-sized enterprises (SME)
Other information
Description of risks to contract performance
No Risk.
Conflicts assessment prepared/revised
Yes
Procedure
Procedure type
Direct award
Direct award justification
Single supplier - technical reasons
Procuring OpenAthens is essential to ensuring continuous and secure access to NHS Wales re-resources which has been in place NHS Wales since 2003, the current OpenAthens contract is due to expire on 30th June 2025. OpenAthens, a trusted third-party authentication which has been fully integrated into NHS Wales infrastructure, now seamlessly working with the Entra directory system. This integration allows NHS Wales users to access resources without needing to log in repeatedly when on authorised devices, streamlining the user experience and reducing barriers to access.
The importance of maintaining this system is emphasised by the shift to remote working, which makes remote authentication capabilities more critical than ever. Without OpenAthens, NHS Wales risk losing the ability to support remote (off-site) access, severely impacting the e-Library users' ability to access resources off-site. Relying solely on IP-based authentication which is outdated and insecure, as it cannot reliably verify user identity and leaves NHS Wales vulnerable to security breaches.
OpenAthens ensures precise, department-specific access control, which IP authentication cannot provide.
Maintaining OpenAthens is justified by the need for secure, flexible, and remote access to NHS Wales resources, protecting both user security and operational continuity.
Supplier
JISC SERVICES LTD
- Public Procurement Organisation Number: PZZC-9926-PRNM
4 Portwall Lane,
Bristol
BS1 6NB
United Kingdom
Telephone: 0300 300 2212
Email: phil.leahy@openathens.net
Region: UKK11 - Bristol, City of
Small or medium-sized enterprise (SME): Yes
Voluntary, community or social enterprise (VCSE): No
Contract 1. OpenAthens Authentication
Contracting authority
Digital Health & Care Wales
- Public Procurement Organisation Number: PHXM-8593-WBPZ
Commercial Services, Tŷ Glan-yr-Afon, 21 Cowbridge Road East,
Cardiff
CF11 9AD
United Kingdom
Contact name: Stacey Louise Jones
Telephone: +442920502108
Email: stacey.jones10@wales.nhs.uk
Website: https://dhcw.nhs.wales/
Region: UKL22 - Cardiff and Vale of Glamorgan
Organisation type: Public undertaking (commercial organisation subject to public authority oversight)
Devolved regulations that apply: Wales