FCA Public Keys Infrastructure (PKI) as a Service

Concepts

• data security
• fca pam solution
• pki solution
• fca pam
• fca
• financial services firms
• fca public keys infrastructure
• pki
• cryptographic keys
• central key

Location

London

Description

The FCA regulates financial services firms and financial markets in the UK. The FCA is responsible for ensuring that financial markets work well, so that consumers get a fair deal. The FCA’s strategic objective is to ensure that relevant markets function well and has three operational objectives: to protect consumers to protect financial markets to promote competition The FCA Head Office is based in London, but we also work across the UK, from our offices in Leeds and Edinburgh and via colleagues in Belfast and Cardiff. The scope of the upcoming tender is to procure a Managed PKI solution and service to implement into the FCA to deliver a full end to end PKI solution.

Total Quantity or Scope

The existing FCA PKI service utilises multiple processes and manual intervention making the process slow and inefficient. A robust PKI service is crucial for maintaining trust, security, and privacy in digital communications by effectively managing cryptographic keys and certificates. The FCA is seeking to procure a Public Key Infrastructure as a service (PKIaaS) solution to provide central key and certificate management across the FCA estate as well as to support end user devices and TLS. There is a requirement to establish ownership for the PKI service to increase transparency and provide accountability. The introduction of a PKIaaS will enable the FCA to move away from a localised PKI. There will be a requirement to rollout a cloud-based PKIaaS with integrated lifecycle management with a dedicated offline root Certificate Authority (CA) with certificate issuing capability. The certificates for public-facing websites will be integrated with PKIaaS and processes for automated certificate management developed. The solution must support integration with Intune, AzureAD Single Sign On, and FCA PAM solution.

CPV Codes

• 72212732 - Data security software development services
• 72000000 - IT services: consulting, software development, Internet and support

Indicators

Other Information

Open procedure will be utilised. The resulting contract from the upcoming tender will be for a 3year term valued at circa £730k per annum The contracting authority considers that this upcoming opportunity may be suitable for economic operators that are small or medium enterprises (SMEs). However, any selection of tenderers will be based solely on the criteria set out for the procurement.