Digital Directorate Cyber Security Partner

  • Scottish Water

F05: Contract notice – utilities

Notice reference: 2023/S 000-001030

Published 12 January 2023, 7:05pm

Section one: Contracting entity

one.1) Name and addresses

Scottish Water

6 Buchanan Gate


G33 6FB




+44 1414830344


United Kingdom

NUTS code

UKM - Scotland

Internet address(es)

Main address


one.3) Communication

The procurement documents are available for unrestricted and full direct access, free of charge, at


Additional information can be obtained from the above-mentioned address

Tenders or requests to participate must be submitted electronically via


Tenders or requests to participate must be submitted to the above-mentioned address

one.6) Main activity


Section two: Object

two.1) Scope of the procurement

two.1.1) Title

Digital Directorate Cyber Security Partner

Reference number


two.1.2) Main CPV code

  • 72000000 - IT services: consulting, software development, Internet and support

two.1.3) Type of contract


two.1.4) Short description

Scottish Water is seeking the procurement of a cybersecurity partner with strong heritage in security and cyber services to provide a comprehensive cyber-security managed service and delivery of cybersecurity projects.

two.1.5) Estimated total value

Value excluding VAT: £50,000,000

two.1.6) Information about lots

This contract is divided into lots: No

two.2) Description

two.2.3) Place of performance

NUTS codes
  • UKM - Scotland
Main site or place of performance


two.2.4) Description of the procurement

Scottish Water is seeking the procurement of a cybersecurity partner with strong heritage in security and cyber services to provide a comprehensive cyber-security managed service and delivery of cybersecurity projects. The chosen partner will lead the proactive assessment and prevention of cybersecurity risk, lead the response and management of cyber-security emergencies, and deliver complex transformative cybersecurity projects. Any prospective tenderer should hold an extensive record of successful project delivery of security improvement projects in addition to long term proven experience of delivering end to end cyber services within the UK utilities market, particularly in the water industry. You must provide Advanced Threat Centre (ATC) services from a Security Operations Centre (SOC) located onshore within the UK. The prospective partner should have proven expert competency in technology and subject areas such as: •Managed Detection Response (MDR) services •Software defined networking (SD-WAN) •Network Segregation and intrusion detection •SOAR •Identity and access management solutions including: oPrivileged Access Management (PAM) oZero Trust Model oUser End Behaviour Analytics (UEBA) •IT and OT Convergence •Security of IoT Devices and Programmable Logic Controllers •Next-gen firewall appliances •Microsoft E5 security products and wider Microsoft security product portfolio •Advanced Threat Protection tools •Threat-intelligence services •Secure network access to remote sites •Secure remote access services •NIS – working knowledge and consultancy Such a partner will be providing assurance and operating to our ISO27001 and Cyber Security Plus certified scope, whilst offering risk reduction knowledge and experience, training, and awareness, delivering a positive impact to our end-users and working hand in hand with the accountable Scottish Water security management function. Working collaboratively with Scottish Water they will be delivering security improvement projects to enhance security capabilities, optimise costs and add value in addition to bringing or developing new innovative technologies to address the convergence of IT and OT security. Further services detail: Scottish Water seeks an industry leading service delivery model associated with our security services, a blend of both traditional managed detection and response services (MDR) and managed security services (MSS). A model that improves threat detection, incident response, continuous-monitoring capabilities, and management of our security posture. The Services will be aligned to Scottish Water’s requirements to protect, detect, and respond: Protect - Services designed to protect Scottish Water from cyber threats and/or attacks including the following managed services: •Firewall Managed Service •E-mail Security Managed Service •Web Security Managed Service •Endpoint Protection Managed Service •Secure segregated network services (IT and OT) Detect - Services designed to detect cyber threats and/or attacks before they impact Scottish Water’s business including the following managed services: •Firewall Assurance Service •Security Information and Event Management (“SIEM”) as a Service •Threat Intelligence Managed Service •Vulnerability scanning Respond - Services designed to respond effectively and efficiently to cyber threats and/or attacks including: •Cyber threat incident response •Governance (security service management) Cybersecurity project delivery services – services designed to be called off using Work Orders for specified activities. Project delivery services include portfolio management, programme and project management, and delivery activities. Procurement services – of hardware and software related to Cybersecurity and management of third party providers of tools (as applicable) Cybersecurity awareness and training – The partner should demonstrate a holistic understanding of cybersecurity including human-factors; part of their proposition should be to continuously inform Scottish Waters internal awareness and coaching strategy and to provide materials to support this Other Strategy and Design governance boards: the Cybersecurity partner shall attend Scottish Water strategy and design governance boards and be the key source of cybersecurity advice Any other capability required from time to time to maintain, enhance and manage a complete cybersecurity posture for Scottish Water. Operating model The cybersecurity partner will be required to work alongside our existing framework suppliers, IT partners and key strategic software suppliers, promoting cooperation to ensure good end to end service outcomes for Scottish Water. These suppliers include: • IT service providers: ATOS, Capgemini and CompanyNet • Supply chain specialist providers: Ground Control, Magdalene and Siemens • Existing telemetry technology providers: ICONICS, Emerson and Schneider Commercial model The framework has an estimated value of £50,000,000 and shall be for an initial term of 3 years with 3 extension options for 1 year. This reflects a split between service, the project portfolio, and contingency for additional requirements and extensions, with projects making up the bigger part of the framework spend. If industry best practice or regulation changes or additional cybersecurity or IT products or services are required, and are deemed necessary by Scottish Water to ensure the target outcome of the framework (a comprehensive, effective, cybersecurity proposition to protect a critical national infrastructure organisation) Scottish Water may award such further purchases to the successful tenderer via negotiated procedure without prior publication.

two.2.5) Award criteria

Price is not the only award criterion and all criteria are stated only in the procurement documents

two.2.6) Estimated value

Value excluding VAT: £50,000,000

two.2.7) Duration of the contract, framework agreement or dynamic purchasing system

Duration in months


This contract is subject to renewal


Description of renewals

3 year initial term with 3x1 year extension options at the sole discretion of Scottish Water.

two.2.9) Information about the limits on the number of candidates to be invited

Envisaged minimum number: 3

two.2.10) Information about variants

Variants will be accepted: No

two.2.11) Information about options

Options: No

two.2.13) Information about European Union Funds

The procurement is related to a project and/or programme financed by European Union funds: No

two.2.14) Additional information

The PQQ documents can also be accessed by logging in through the Scottish Water Delta e-sourcing webpage https://scottishwater.delta-esourcing.com/ and through the Response Manager section using the following Access Code: 3A8DXP5U8V

Section three. Legal, economic, financial and technical information

three.1) Conditions for participation

three.1.2) Economic and financial standing

Minimum level(s) of standards possibly required

Applicants will be expected to be of sufficient financial and economic standing to support the anticipated contract value. All applicants must complete the financial questions within the pre-qualification questionnaire and tender documents. Financial standing relevant to the anticipated contract value will be determined by Scottish Water based on the response to the pre-qualification questionnaire and any further financial checks deemed necessary

three.1.3) Technical and professional ability

Selection criteria as stated in the procurement documents

three.1.6) Deposits and guarantees required

Scottish Water reserves the right to require deposits, guarantees, bonds or other forms of appropriate security

three.1.7) Main financing conditions and payment arrangements and/or reference to the relevant provisions governing them

All prices quoted shall be in Sterling (UK) and all payments shall be made in Sterling (UK). Payment shall be made on the basis of completed services in accordance with the agreed contract rates, schedules and conditions of contract

three.1.8) Legal form to be taken by the group of economic operators to whom the contract is to be awarded

In the event of a group of companies submitting an accepted offer it will be necessary for each member of the group to sign an undertaking that each company in the group will be jointly and severally liable for the satisfactory performance of the contract

three.2) Conditions related to the contract

three.2.2) Contract performance conditions

Bidders must comply with modern slavery act and operate an ethical supply chain

Section four. Procedure

four.1) Description

four.1.1) Type of procedure

Negotiated procedure with prior call for competition

four.1.3) Information about a framework agreement or a dynamic purchasing system

The procurement involves the establishment of a framework agreement

Framework agreement with a single operator

four.1.8) Information about the Government Procurement Agreement (GPA)

The procurement is covered by the Government Procurement Agreement: Yes

four.2) Administrative information

four.2.2) Time limit for receipt of tenders or requests to participate


10 February 2023

Local time


four.2.4) Languages in which tenders or requests to participate may be submitted


Section six. Complementary information

six.1) Information about recurrence

This is a recurrent procurement: No

six.2) Information about electronic workflows

Electronic ordering will be used

Electronic invoicing will be accepted

Electronic payment will be used

six.3) Additional information

Scottish Water will not accept the SPD. We will only accept a completed Scottish Water PQQ document. This Notice does not preclude Scottish Water from issuing other notices for specific requirements. Responses to the FTS Notice will be evaluated and only successful applicants following PQQ evaluation will be invited to submit a tender. Applicants who fail to supply all of the information requested in response to this Notice or any resulting tender exercise may risk elimination

For more information about this opportunity, please visit the Delta eSourcing portal at:

https://scottishwater.delta-esourcing.com/tenders/UK-UK-Glasgow:-IT-services:-consulting%2C-software-development%2C-Internet-and-support./3A8DXP5U8V" target="_blank">https://scottishwater.delta-esourcing.com/tenders/UK-UK-Glasgow:-IT-services:-consulting%2C-software-development%2C-Internet-and-support./3A8DXP5U8V

To respond to this opportunity, please click here:

https://scottishwater.delta-esourcing.com/respond/3A8DXP5U8V" target="_blank">https://scottishwater.delta-esourcing.com/respond/3A8DXP5U8V

GO Reference: GO-2023112-PRO-21901642

six.4) Procedures for review

six.4.1) Review body

Glasgow Sheriff Court

1 Carlton Place




United Kingdom

six.4.2) Body responsible for mediation procedures

Scottish Water

6 Buchanan Gate


G33 6FB


+44 8000778778


United Kingdom