Section one: Contracting entity
one.1) Name and addresses
NATIONAL GRID UK LIMITED
National Grid House, Warwick Technology Park
Warwick
CV34 6DA
Contact
Clive Redington
Clive.Redington@nationalgrid.com
Country
United Kingdom
NUTS code
UK - United Kingdom
Internet address(es)
Main address
one.3) Communication
Additional information can be obtained from the above-mentioned address
one.6) Main activity
Electricity
Section two: Object
two.1) Scope of the procurement
two.1.1) Title
Threat Intelligence and Digital Risk
two.1.2) Main CPV code
- 72000000 - IT services: consulting, software development, Internet and support
two.1.3) Type of contract
Services
two.1.4) Short description
National Grid is looking to continue to deliver and enhance their Threat & Risk Management capabilities and ensure the external services utilised are still relevant, providing the most value and strategic partners.
Operationally, it's key that National Grid achieve improved service delivery across the areas of security; including Security Operations, Threat Intelligence, Vulnerability Management, and Risk Management teams. It is critical that all services can flex to meet our future needs whilst insuring stability in the current operating environment.
The required services, ranging from Threat Intelligence, Vulnerability Management, Digital Risk Management and Third Party Risk will be used to detect and respond to cyber threats and vulnerabilities outside the network perimeter and will enable protection, monitoring, and give early indication of security risks. This must be done according to regulated policies to maintain security of National Grid, its reputation, data, assets and to manage impact of security events affecting our third parties.
two.1.5) Estimated total value
Value excluding VAT: £1,950,000
two.1.6) Information about lots
This contract is divided into lots: Yes
The contracting authority reserves the right to award contracts combining the following lots or groups of lots:
1. Threat Intelligence
2. Vulnerability Management
3. Digital Risk Management
4. Third Party Risk
two.2) Description
two.2.1) Title
Threat Intelligence
Lot No
1
two.2.2) Additional CPV code(s)
- 72000000 - IT services: consulting, software development, Internet and support
two.2.3) Place of performance
NUTS codes
- UK - United Kingdom
- US - United States
two.2.4) Description of the procurement
A cyber threat intelligence feed including strategic and technical intelligence on threat actors and attack patterns. Intelligence should provide regular reporting to inform the Security team of changes to the threat landscape and new threats. The service must also enable integration with a Threat Intelligence Platform to enable automated actions.
two.2) Description
two.2.1) Title
Vulnerability Management
Lot No
2
two.2.2) Additional CPV code(s)
- 72000000 - IT services: consulting, software development, Internet and support
two.2.3) Place of performance
NUTS codes
- UK - United Kingdom
- US - United States
two.2.4) Description of the procurement
An external vulnerability management service that detects vulnerabilities to National Grids externally facing assets through continuous assessment of the digital footprint. Such a service will detect exposed services, open ports, and vulnerabilities. Tactical reporting will enable timely resolution, and the service will enable integration with centralised logging to allow for automated response.
two.2) Description
two.2.1) Title
Digital Risk Management
Lot No
3
two.2.2) Additional CPV code(s)
- 72000000 - IT services: consulting, software development, Internet and support
two.2.3) Place of performance
NUTS codes
- UK - United Kingdom
- US - United States
two.2.4) Description of the procurement
A digital risk management service will scan open, deep, and dark web resources to identify risks to National Grid. Examples include potential phishing domains, data loss, or credentials. Tactical reporting will enable timely resolution, and the service will enable integration with centralised logging to allow for automated response.
two.2) Description
two.2.1) Title
Third Party Risk
Lot No
4
two.2.2) Additional CPV code(s)
- 72000000 - IT services: consulting, software development, Internet and support
two.2.3) Place of performance
NUTS codes
- UK - United Kingdom
- US - United States
two.2.4) Description of the procurement
A focus on third party risk management; this service should provide insight into risks associated with third parties; such as security incidents or data breaches that may have an impact to the security of National Grid.
two.3) Estimated date of publication of contract notice
31 March 2023
Section four. Procedure
four.1) Description
four.1.8) Information about the Government Procurement Agreement (GPA)
The procurement is covered by the Government Procurement Agreement: No
four.2) Administrative information
four.2.2) Time limit for receipt of expressions of interest
Date
28 February 2022
four.2.4) Languages in which tenders or requests to participate may be submitted
English
Section six. Complementary information
six.3) Additional information
We use the Achilles Utilities Vendor Database (UVDB) when compiling lists of potential suppliers for our goods and services requirements. For the majority of our purchases, it is a condition of supplying to National Grid that suppliers are registered on the UVDB. For more information please visit: https://www.nationalgrid.com/suppliers/new-suppliers