Security Operations Centre (SOC)

Concepts

• information technology
• security incidents
• information security resources
• core security incident response
• cyber security resources
• standard security operations functions
• security orchestration
• security operations centre
• cyber security
• soc

Location

London

Description

The Financial Ombudsman Service intends to place a contract for the provision of a managed Security Operations Centre (SOC) service to provide the following: 1. Provision of a modern and fit-for-purpose SOC capability operating 24 hours a day, 7 days a week, 365 days a year (working in concert with the Financial Ombudsman Service’s cyber security team); 2. Undertake standard security operations functions including: a) Performing triage of security incidents, core security incident response, and escalation activities (we refer to these as level 1 and 2 activities); b) Tuning/configuration of the Security Information & Event Management (SIEM) solution and associated Security Orchestration, Automation & Response (SOAR) capabilities; c) Responding to threat intelligence and performing proactive threat hunting; d) Management, investigation, and resolution of critical/major security incidents including digital forensics as required; and e) Conducting process improvement activities to improve the effectiveness of the SOC. 3. Provision of cyber security resources on demand to augment the Financial Ombudsman Service's team on an ad-hoc basis. These resources maybe involved in project or business as usual activities.

Total Quantity or Scope

Support of the existing SOC team to enable a modern and fit-for-purpose SOC capability operating 24 hours a day, 7 days a week, 365 days a year. We are looking for a supplier that can provide a SOC capability that functions over a 24-hour period, 7 days a week, 365 days a year. 2. Undertake standard security operations functions including: … b) Tuning/configuration of the Security Information & Event Management (SIEM) solution and associated Security Orchestration, Automation & Response (SOAR) capabilities; and c) Responding to threat intelligence and performing proactive threat hunting. The SOC service will tune and configure our SIEM tool on an ongoing basis. We expect the supplier to maintain an up to date knowledge of industry best practices and threat intelligence sources to inform the tuning and configuration process. In addition to this, we require the SOC capability to monitor and respond to alerts from the SIEM solution and manage any related incidents, liaising with the Financial Ombudsman Service team where required. 3. Management, investigation, and resolution of critical/major security incidents, including digital forensics as required. If we suffer a major security incident, we may ask the supplier to assist with the management, investigation, and resolution of it. This may involve attending the Financial Ombudsman Service’s offices. 4. Conducting agreed ongoing process improvement activities that will strengthen and improve the SOC’s ability to effectively detect and respond to the changing landscape of threats faced by the Financial Ombudsman Service and the financial services industry. 5. Provision of cyber security resources on demand to augment the Financial Ombudsman Service's team on an ad-hoc basis. … Provision of information security resources to augment our existing information security team, as called-off by us on an ad-hoc basis. These resources may be involved in project or business as usual activities in the Cyber Security area.

Renewal Options

A 3 year contract with the option to extend for a further 3 years in annual increments.

CPV Codes

• 72000000 - IT services: consulting, software development, Internet and support
• 72400000 - Internet services
• 72500000 - Computer-related services
• 72600000 - Computer support and consultancy services

Indicators

• Bids should cover the whole contract.
• Renewals are available.
• Performance considerations apply.
• Award on basis of price and quality.