Cyber Resilience - Training for Public Sector Boards

Concepts

• staff training
• glasgow
• ncsc
• cyber resilience - training
• training services
• effective cyber security
• cyber attack
• group of public sector board members
• public sector boards
• scottish government’s cyber resilience unit

Location

Scotland:

Description

Globally organisations and individuals have become reliant on digital technology. Effective cyber security and resilience protect the processes and services we depend on, ensuring we can take advantage of the benefits that technology can bring. An organisation’s ability to prevent, respond to and recover from a cyber attack is central to resilience. Cyber resilience is therefore a key risk and consideration for any Board. The Scottish Government’s Strategic Framework for a Cyber Resilient Scotland (‘the Strategic Framework’), published in February 2021, sets out what we all need to do to make Scotland a digitally secure and resilient nation. Four outcomes underpin this vision, and four action plans set out the detail of how we will achieve these. Responsibility for the implementation of the Strategic Framework lies with the Scottish Government’s Cyber Resilience Unit (CRU). The Public Sector Action Plan annexed to the Framework is a priority for the CRU and overarching aim 5 seeks to embed cyber resilience into the governance, policies and processes of public sector bodies. The CRU works in partnership with a wide range of organisations including the UK Government’s National Cyber Security Centre (NCSC). The NCSC supports all areas of society to understand cyber risk from our critical national infrastructure organisations to the general public. More specifically, the NCSC distils its deep knowledge and expertise into practical guidance including a Board Toolkit designed to encourage cyber security discussions between an organisation’s Board and its technical experts. In spring 2023, the Scottish Government contracted a short pilot project to adapt the NCSC’s Board Toolkit and pilot its delivery with a group of public sector board members drawn from organisations across Scotland. The pilot was successful and feedback was positive. It is on the foundation of this pilot that we are now contracting a scaled-up roll-out of the training programme. We will work with the successful Service Provider to make any further tweaks to the training pack that are recommended in the evaluation report of the training pilot.

Total Quantity or Scope

The programme aims to grow the capacity of Scotland’s public boards to take a leadership role in ensuring the cyber resilience of their organisations. Strategically, it supports Outcome 2 of the Strategic Framework, which is that: Businesses and organisations recognise the cyber risks and are well prepared to manage them. The programme aims to develop the knowledge and skills of board members from across Scotland’s c. 190 public boards, with the outcome that boards will have at least one member who has a good understanding of cyber risk, can take on a cyber risk assurance role on the board, and can motivate their board colleagues to take cyber risk seriously at a senior leadership level. It also aims to provide broad awareness raising for any and all board members who wish to gain a basic understanding of the cyber threat landscape and the importance of taking action. These aims will be achieved through two strands of activity, by March 2024: A. Delivery of up to 20 x half-day online training sessions for up to 12 public sector board members at a time (drawn from different boards), that will deliver learning around cyber risk, cyber assurance and pragmatic steps boards can take to further ensure the resilience of their organisations. This delivery to be evaluated at the end of the each delivery session (to implement improvement into the next session) as well as at the end of the programme period. This will include promotion, recruitment of participants, delivery, provision of electronic resources/slides, and evaluation of the session on the day. B. Delivery of 6 x one-hour webinars for any and all board members who are interested to gain broad awareness of cyber resilience. These webinars to be evaluated. This should include promotion, recruitment, delivery and immediate evaluation.

Renewal Options

An option extension of up to 12 months. The 7 month contract term will have a budget of up to 75000 GBP. The option extension period will have a budget of up to 50000 GBP.

Award Criteria

CPV Codes

• 80511000 - Staff training services
• 80500000 - Training services
• 80522000 - Training seminars
• 80531000 - Industrial and technical training services
• 80531200 - Technical training services
• 80521000 - Training programme services
• 80533100 - Computer training services
• 80600000 - Training services in defence and security materials

Indicators

• This is a one-off contract (no recurrence)
• Renewals are available.
• Financial restrictions apply.
• Staff qualifications are relevant.
• Technical restrictions apply.

Other Information

** PREVIEW NOTICE, please check Find a Tender for full details. ** The buyer is using PCS-Tender to conduct this ITT exercise. The Project code is 24542. For more information see: http://www.publiccontractsscotland.gov.uk/info/InfoCentre.aspx?ID=2343 Question Scoring Methodology for Award Criteria outlined in invitation to tender: 0 — Unacceptable. Nil or inadequate response. Fails to demonstrate an ability to meet the requirement. 1 — Poor. Response is partially relevant but generally poor. The response addresses some elements of the requirement but contains insufficient/limited detail or explanation to demonstrate how the requirement will be fulfilled. 2 — Acceptable. Response is relevant and acceptable. The response addresses a broad understanding of the requirement but may lack details on how the requirement will be fulfilled in certain areas. 3 — Good. Response is relevant and good. The response is sufficiently detailed to demonstrate a good understanding and provides details on how the requirements will be fulfilled. 4 — Excellent. Response is completely relevant and excellent overall. Bidders must complete the SPD (Scotland) to demonstrate adherence to the Exclusion and Selection Criteria for this procurement. If there are named subcontractors/technicians upon which the bidder will rely to meet the selection criteria, these named parties must complete and reattach the SPD Supplier Response Form attached to SPD questions 2C.1.1 (Technicians) and 2D.1.2 (Subcontractors) on PCS-T. These parties must complete the first three sections of the SPD form, as well as any part of the section 4 selection criteria that the main bidder will rely upon the parties to fulfil. If parties have not yet been identified, this information may be required at a later date. Scottish Government reserves the right to request this information from relevant parties upon whom the main bidder will not rely to fulfil selection criteria. 4C.10 Bidders will be required to confirm whether they intend to sub-contract and if so, for what proportion of the contract. The buyer is using PCS-Tender to conduct this ITT exercise. The Project code is 24542. For more information see: http://www.publiccontractsscotland.gov.uk/info/InfoCentre.aspx?ID=2343 (SC Ref:736113)