Section one: Contracting entity
one.1) Name and addresses
Scottish Water
6 Buchanan Gate
Glasgow
G33 6FB
paul.mcdonald@scottishwater.co.uk
Telephone
+44 1414830344
Country
United Kingdom
NUTS code
UKM - Scotland
Internet address(es)
Main address
https://www.scottishwater.co.uk/
one.3) Communication
The procurement documents are available for unrestricted and full direct access, free of charge, at
https://scottishwater.delta-esourcing.com/respond/3A8DXP5U8V
Additional information can be obtained from the above-mentioned address
Tenders or requests to participate must be submitted electronically via
https://scottishwater.delta-esourcing.com/respond/3A8DXP5U8V
Tenders or requests to participate must be submitted to the above-mentioned address
one.6) Main activity
Water
Section two: Object
two.1) Scope of the procurement
two.1.1) Title
Digital Directorate Cyber Security Partner
Reference number
SW22/TI&T/1423
two.1.2) Main CPV code
- 72000000 - IT services: consulting, software development, Internet and support
two.1.3) Type of contract
Services
two.1.4) Short description
Scottish Water is seeking the procurement of a cybersecurity partner with strong heritage in security and cyber services to provide a comprehensive cyber-security managed service and delivery of cybersecurity projects.
two.1.5) Estimated total value
Value excluding VAT: £50,000,000
two.1.6) Information about lots
This contract is divided into lots: No
two.2) Description
two.2.3) Place of performance
NUTS codes
- UKM - Scotland
Main site or place of performance
SCOTLAND
two.2.4) Description of the procurement
Scottish Water is seeking the procurement of a cybersecurity partner with strong heritage in security and cyber services to provide a comprehensive cyber-security managed service and delivery of cybersecurity projects. The chosen partner will lead the proactive assessment and prevention of cybersecurity risk, lead the response and management of cyber-security emergencies, and deliver complex transformative cybersecurity projects. Any prospective tenderer should hold an extensive record of successful project delivery of security improvement projects in addition to long term proven experience of delivering end to end cyber services within the UK utilities market, particularly in the water industry. You must provide Advanced Threat Centre (ATC) services from a Security Operations Centre (SOC) located onshore within the UK. The prospective partner should have proven expert competency in technology and subject areas such as: •Managed Detection Response (MDR) services •Software defined networking (SD-WAN) •Network Segregation and intrusion detection •SOAR •Identity and access management solutions including: oPrivileged Access Management (PAM) oZero Trust Model oUser End Behaviour Analytics (UEBA) •IT and OT Convergence •Security of IoT Devices and Programmable Logic Controllers •Next-gen firewall appliances •Microsoft E5 security products and wider Microsoft security product portfolio •Advanced Threat Protection tools •Threat-intelligence services •Secure network access to remote sites •Secure remote access services •NIS – working knowledge and consultancy Such a partner will be providing assurance and operating to our ISO27001 and Cyber Security Plus certified scope, whilst offering risk reduction knowledge and experience, training, and awareness, delivering a positive impact to our end-users and working hand in hand with the accountable Scottish Water security management function. Working collaboratively with Scottish Water they will be delivering security improvement projects to enhance security capabilities, optimise costs and add value in addition to bringing or developing new innovative technologies to address the convergence of IT and OT security. Further services detail: Scottish Water seeks an industry leading service delivery model associated with our security services, a blend of both traditional managed detection and response services (MDR) and managed security services (MSS). A model that improves threat detection, incident response, continuous-monitoring capabilities, and management of our security posture. The Services will be aligned to Scottish Water’s requirements to protect, detect, and respond: Protect - Services designed to protect Scottish Water from cyber threats and/or attacks including the following managed services: •Firewall Managed Service •E-mail Security Managed Service •Web Security Managed Service •Endpoint Protection Managed Service •Secure segregated network services (IT and OT) Detect - Services designed to detect cyber threats and/or attacks before they impact Scottish Water’s business including the following managed services: •Firewall Assurance Service •Security Information and Event Management (“SIEM”) as a Service •Threat Intelligence Managed Service •Vulnerability scanning Respond - Services designed to respond effectively and efficiently to cyber threats and/or attacks including: •Cyber threat incident response •Governance (security service management) Cybersecurity project delivery services – services designed to be called off using Work Orders for specified activities. Project delivery services include portfolio management, programme and project management, and delivery activities. Procurement services – of hardware and software related to Cybersecurity and management of third party providers of tools (as applicable) Cybersecurity awareness and training – The partner should demonstrate a holistic understanding of cybersecurity including human-factors; part of their proposition should be to continuously inform Scottish Waters internal awareness and coaching strategy and to provide materials to support this Other Strategy and Design governance boards: the Cybersecurity partner shall attend Scottish Water strategy and design governance boards and be the key source of cybersecurity advice Any other capability required from time to time to maintain, enhance and manage a complete cybersecurity posture for Scottish Water. Operating model The cybersecurity partner will be required to work alongside our existing framework suppliers, IT partners and key strategic software suppliers, promoting cooperation to ensure good end to end service outcomes for Scottish Water. These suppliers include: • IT service providers: ATOS, Capgemini and CompanyNet • Supply chain specialist providers: Ground Control, Magdalene and Siemens • Existing telemetry technology providers: ICONICS, Emerson and Schneider Commercial model The framework has an estimated value of £50,000,000 and shall be for an initial term of 3 years with 3 extension options for 1 year. This reflects a split between service, the project portfolio, and contingency for additional requirements and extensions, with projects making up the bigger part of the framework spend. If industry best practice or regulation changes or additional cybersecurity or IT products or services are required, and are deemed necessary by Scottish Water to ensure the target outcome of the framework (a comprehensive, effective, cybersecurity proposition to protect a critical national infrastructure organisation) Scottish Water may award such further purchases to the successful tenderer via negotiated procedure without prior publication.
two.2.5) Award criteria
Price is not the only award criterion and all criteria are stated only in the procurement documents
two.2.6) Estimated value
Value excluding VAT: £50,000,000
two.2.7) Duration of the contract, framework agreement or dynamic purchasing system
Duration in months
72
This contract is subject to renewal
Yes
Description of renewals
3 year initial term with 3x1 year extension options at the sole discretion of Scottish Water.
two.2.9) Information about the limits on the number of candidates to be invited
Envisaged minimum number: 3
two.2.10) Information about variants
Variants will be accepted: No
two.2.11) Information about options
Options: No
two.2.13) Information about European Union Funds
The procurement is related to a project and/or programme financed by European Union funds: No
two.2.14) Additional information
The PQQ documents can also be accessed by logging in through the Scottish Water Delta e-sourcing webpage https://scottishwater.delta-esourcing.com/ and through the Response Manager section using the following Access Code: 3A8DXP5U8V
Section three. Legal, economic, financial and technical information
three.1) Conditions for participation
three.1.2) Economic and financial standing
Minimum level(s) of standards possibly required
Applicants will be expected to be of sufficient financial and economic standing to support the anticipated contract value. All applicants must complete the financial questions within the pre-qualification questionnaire and tender documents. Financial standing relevant to the anticipated contract value will be determined by Scottish Water based on the response to the pre-qualification questionnaire and any further financial checks deemed necessary
three.1.3) Technical and professional ability
Selection criteria as stated in the procurement documents
three.1.6) Deposits and guarantees required
Scottish Water reserves the right to require deposits, guarantees, bonds or other forms of appropriate security
three.1.7) Main financing conditions and payment arrangements and/or reference to the relevant provisions governing them
All prices quoted shall be in Sterling (UK) and all payments shall be made in Sterling (UK). Payment shall be made on the basis of completed services in accordance with the agreed contract rates, schedules and conditions of contract
three.1.8) Legal form to be taken by the group of economic operators to whom the contract is to be awarded
In the event of a group of companies submitting an accepted offer it will be necessary for each member of the group to sign an undertaking that each company in the group will be jointly and severally liable for the satisfactory performance of the contract
three.2) Conditions related to the contract
three.2.2) Contract performance conditions
Bidders must comply with modern slavery act and operate an ethical supply chain
Section four. Procedure
four.1) Description
four.1.1) Type of procedure
Negotiated procedure with prior call for competition
four.1.3) Information about a framework agreement or a dynamic purchasing system
The procurement involves the establishment of a framework agreement
Framework agreement with a single operator
four.1.8) Information about the Government Procurement Agreement (GPA)
The procurement is covered by the Government Procurement Agreement: Yes
four.2) Administrative information
four.2.2) Time limit for receipt of tenders or requests to participate
Date
10 February 2023
Local time
12:00pm
four.2.4) Languages in which tenders or requests to participate may be submitted
English
Section six. Complementary information
six.1) Information about recurrence
This is a recurrent procurement: No
six.2) Information about electronic workflows
Electronic ordering will be used
Electronic invoicing will be accepted
Electronic payment will be used
six.3) Additional information
Scottish Water will not accept the SPD. We will only accept a completed Scottish Water PQQ document. This Notice does not preclude Scottish Water from issuing other notices for specific requirements. Responses to the FTS Notice will be evaluated and only successful applicants following PQQ evaluation will be invited to submit a tender. Applicants who fail to supply all of the information requested in response to this Notice or any resulting tender exercise may risk elimination
For more information about this opportunity, please visit the Delta eSourcing portal at:
https://scottishwater.delta-esourcing.com/tenders/UK-UK-Glasgow:-IT-services:-consulting%2C-software-development%2C-Internet-and-support./3A8DXP5U8V" target="_blank">https://scottishwater.delta-esourcing.com/tenders/UK-UK-Glasgow:-IT-services:-consulting%2C-software-development%2C-Internet-and-support./3A8DXP5U8V
To respond to this opportunity, please click here:
https://scottishwater.delta-esourcing.com/respond/3A8DXP5U8V" target="_blank">https://scottishwater.delta-esourcing.com/respond/3A8DXP5U8V
GO Reference: GO-2023112-PRO-21901642
six.4) Procedures for review
six.4.1) Review body
Glasgow Sheriff Court
1 Carlton Place
Glasgow
G59DA
Country
United Kingdom
six.4.2) Body responsible for mediation procedures
Scottish Water
6 Buchanan Gate
Glasgow
G33 6FB
Telephone
+44 8000778778
Country
United Kingdom