Digital Directorate Cyber Security Partner

Concepts

• glasgow
• information technology
• scottish water
• procurement of a cybersecurity partner
• cyber services
• digital directorate cyber security partner
• management of cyber-security emergencies
• comprehensive cyber-security
• chosen partner
• end cyber services

Location

Scotland: SCOTLAND

Description

Scottish Water is seeking the procurement of a cybersecurity partner with strong heritage in security and cyber services to provide a comprehensive cyber-security managed service and delivery of cybersecurity projects.

Total Quantity or Scope

The chosen partner will lead the proactive assessment and prevention of cybersecurity risk, lead the response and management of cyber-security emergencies, and deliver complex transformative cybersecurity projects. Any prospective tenderer should hold an extensive record of successful project delivery of security improvement projects in addition to long term proven experience of delivering end to end cyber services within the UK utilities market, particularly in the water industry. You must provide Advanced Threat Centre (ATC) services from a Security Operations Centre (SOC) located onshore within the UK. The prospective partner should have proven expert competency in technology and subject areas such as: • Managed Detection Response (MDR) services • Software defined networking (SD-WAN) • Network Segregation and intrusion detection • SOAR • Identity and access management solutions including: oPrivileged Access Management (PAM) oZero Trust Model oUser End Behaviour Analytics (UEBA) • IT and OT Convergence • Security of IoT Devices and Programmable Logic Controllers • Next-gen firewall appliances • Microsoft E5 security products and wider Microsoft security product portfolio • Advanced Threat Protection tools • Threat-intelligence services • Secure network access to remote sites • Secure remote access services • NIS – working knowledge and consultancy Such a partner will be providing assurance and operating to our ISO27001 and Cyber Security Plus certified scope, whilst offering risk reduction knowledge and experience, training, and awareness, delivering a positive impact to our end-users and working hand in hand with the accountable Scottish Water security management function. Working collaboratively with Scottish Water they will be delivering security improvement projects to enhance security capabilities, optimise costs and add value in addition to bringing or developing new innovative technologies to address the convergence of IT and OT security. Further services detail: Scottish Water seeks an industry leading service delivery model associated with our security services, a blend of both traditional managed detection and response services (MDR) and managed security services (MSS). A model that improves threat detection, incident response, continuous-monitoring capabilities, and management of our security posture. The Services will be aligned to Scottish Water’s requirements to protect, detect, and respond: Protect - Services designed to protect Scottish Water from cyber threats and/or attacks including the following managed services: • Firewall Managed Service • E-mail Security Managed Service • Web Security Managed Service • Endpoint Protection Managed Service • Secure segregated network services (IT and OT) Detect - Services designed to detect cyber threats and/or attacks before they impact Scottish Water’s business including the following managed services: • Firewall Assurance Service • Security Information and Event Management (“SIEM”) as a Service • Threat Intelligence Managed Service • Vulnerability scanning Respond - Services designed to respond effectively and efficiently to cyber threats and/or attacks including: •Cyber threat incident response •Governance (security service management) Cybersecurity project delivery services – services designed to be called off using Work Orders for specified activities. Project delivery services include portfolio management, programme and project management, and delivery activities. Procurement services – of hardware and software related to Cybersecurity and management of third party providers of tools (as applicable) Cybersecurity awareness and training – The partner should demonstrate a holistic understanding of cybersecurity including human-factors; part of their proposition should be to continuously inform Scottish Waters internal awareness and coaching strategy and to provide materials to support this Other Strategy and Design governance boards: the Cybersecurity partner shall attend Scottish Water strategy and design governance boards and be the key source of cybersecurity advice Any other capability required from time to time to maintain, enhance and manage a complete cybersecurity posture for Scottish Water. Operating model The cybersecurity partner will be required to work alongside our existing framework suppliers, IT partners and key strategic software suppliers, promoting cooperation to ensure good end to end service outcomes for Scottish Water. These suppliers include: • IT service providers: ATOS, Capgemini and CompanyNet • Supply chain specialist providers: Ground Control, Magdalene and Siemens • Existing telemetry technology providers: ICONICS, Emerson and Schneider Commercial model The framework has an estimated value of £50,000,000 and shall be for an initial term of 3 years with 3 extension options for 1 year. This reflects a split between service, the project portfolio, and contingency for additional requirements and extensions, with projects making up the bigger part of the framework spend. If industry best practice or regulation changes or additional cybersecurity or IT products or services are required, and are deemed necessary by Scottish Water to ensure the target outcome of the framework (a comprehensive, effective, cybersecurity proposition to protect a critical national infrastructure organisation) Scottish Water may award such further purchases to the successful tenderer via negotiated procedure without prior publication. Additional information: The PQQ documents can also be accessed by logging in through the Scottish Water Delta e-sourcing webpage https://scottishwater.delta-esourcing.com/ and through the Response Manager section using the following Access Code: 3A8DXP5U8V

Renewal Options

3 year initial term with 3x1 year extension options at the sole discretion of Scottish Water.

CPV Codes

• 72000000 - IT services: consulting, software development, Internet and support

Indicators

• This is a one-off contract (no recurrence)
• Renewals are available.

Other Information

** PREVIEW NOTICE, please check Find a Tender for full details. ** Scottish Water will not accept the SPD. We will only accept a completed Scottish Water PQQ document. This Notice does not preclude Scottish Water from issuing other notices for specific requirements. Responses to the FTS Notice will be evaluated and only successful applicants following PQQ evaluation will be invited to submit a tender. Applicants who fail to supply all of the information requested in response to this Notice or any resulting tender exercise may risk elimination For more information about this opportunity, please visit the Delta eSourcing portal at: <a href="https://scottishwater.delta-esourcing.com/tenders/UK-UK-Glasgow:-IT-services:-consulting%2C-software-development%2C-Internet-and-support./3A8DXP5U8V" target="_blank">https://scottishwater.delta-esourcing.com/tenders/UK-UK-Glasgow:-IT-services:-consulting%2C-software-development%2C-Internet-and-support./3A8DXP5U8V To respond to this opportunity, please click here: <a href="https://scottishwater.delta-esourcing.com/respond/3A8DXP5U8V" target="_blank">https://scottishwater.delta-esourcing.com/respond/3A8DXP5U8V GO Reference: GO-2023112-PRO-21901642