Section one: Contracting authority
one.1) Name and addresses
London Borough of Ealing
London Borough of Ealing, Perceval House, 14-16 Uxbridge Road
Ealing
W5 2HL
Contact
Ms Christine Baker
Telephone
+44 2088255122
Country
United Kingdom
Region code
UK - United Kingdom
Internet address(es)
Main address
Buyer's address
one.4) Type of the contracting authority
Regional or local authority
one.5) Main activity
General public services
Section two: Object
two.1) Scope of the procurement
two.1.1) Title
Ealing ICT Cyber Security Contract 2023
Reference number
DN634936
two.1.2) Main CPV code
- 48220000 - Internet and intranet software package
two.1.3) Type of contract
Supplies
two.1.4) Short description
Ealing Council required a range of managed security services provided by a trusted single source supplier who could provide flexible and integrated support over a 3 year contract term. This was to replace the existing contract for these services that expired on 28th February 2023. The contracting authority was seeking to procure services for:
1) Managed Security Operations Centre (SOC)
a) Security monitoring, threat protection, threat hunting and incident response covering a digital estate of over 4000 endpoints and 300 servers, across Windows, Linux, and Cloud-based (Azure) operating systems and environments;
b) Incident investigations, triage, and response;
c) Vulnerability scanning of many IP ranges / hosts with remediation tracking.
2) Incident Response
a) Implementation of joint incident response processes for major incidents, out-of-band communication mechanisms, and management plans Incident investigations, triage, and response;
b) Forensic analysis of indicators of compromise and analysis of malware samples to understand the extent of a compromise should it occur;
c) Rapid remote interception of, containment of, and response to live cyber threats;
d) Triage and first response without requiring intervention from Ealing personnel;
e) This should be read and answered in conjunction with the SOC requirement as complimentary services/capabilities.
3) Penetration Testing
a) Security audits and assessment including penetration testing of web applications and infrastructure, configuration and build reviews, etc...
b) IT Health Check Testing delivered by suitably qualified and experienced personnel, in accordance with NCSC Protocols;
c) 'Red Team' attack simulation services;
d) The supplier should be able to provide resourcing for approximately 100 days of penetration testing per annum.
The Council awarded a call off contract to Jumpsec Limited from the Crown Commercial Services Dynamic Purchasing System (DPS) "Cyber Security Services 3 - RM3764.3", in accordance with the rules of the DPS for the provision of ICT Cyber Security Services for a duration of three years commencing on the 1 March 2023, with a budget of £0.360m per annum.
two.1.6) Information about lots
This contract is divided into lots: No
two.1.7) Total value of the procurement (excluding VAT)
Value excluding VAT: £1,080,000
two.2) Description
two.2.3) Place of performance
NUTS codes
- UK - United Kingdom
two.2.4) Description of the procurement
Ealing Council required a range of managed security services provided by a trusted single source supplier who could provide flexible and integrated support over a 3 year contract term. This was to replace the existing contract for these services that expired on 28th February 2023. The contracting authority was seeking to procure services for:
1) Managed Security Operations Centre (SOC)
a) Security monitoring, threat protection, threat hunting and incident response covering a digital estate of over 4000 endpoints and 300 servers, across Windows, Linux, and Cloud-based (Azure) operating systems and environments;
b) Incident investigations, triage, and response;
c) Vulnerability scanning of many IP ranges / hosts with remediation tracking.
2) Incident Response
a) Implementation of joint incident response processes for major incidents, out-of-band communication mechanisms, and management plans Incident investigations, triage, and response;
b) Forensic analysis of indicators of compromise and analysis of malware samples to understand the extent of a compromise should it occur;
c) Rapid remote interception of, containment of, and response to live cyber threats;
d) Triage and first response without requiring intervention from Ealing personnel;
e) This should be read and answered in conjunction with the SOC requirement as complimentary services/capabilities.
3) Penetration Testing
a) Security audits and assessment including penetration testing of web applications and infrastructure, configuration and build reviews, etc...
b) IT Health Check Testing delivered by suitably qualified and experienced personnel, in accordance with NCSC Protocols;
c) 'Red Team' attack simulation services;
d) The supplier should be able to provide resourcing for approximately 100 days of penetration testing per annum.
The Council awarded a call off contract to Jumpsec Limited from the Crown Commercial Services Dynamic Purchasing System (DPS) "Cyber Security Services 3 - RM3764.3", in accordance with the rules of the DPS for the provision of ICT Cyber Security Services for a duration of three years commencing on the 1 March 2023, with a budget of £0.360m per annum.
two.2.5) Award criteria
Cost criterion - Name: Commercial / Weighting: 60
Cost criterion - Name: Technical / Weighting: 40
two.2.11) Information about options
Options: No
two.2.13) Information about European Union Funds
The procurement is related to a project and/or programme financed by European Union funds: No
Section four. Procedure
four.1) Description
four.1.1) Type of procedure
Award of a contract without prior publication of a call for competition in the cases listed below
- The procurement falls outside the scope of application of the regulations
Explanation:
The contract was a call off from the Crown Commercial Services Dynamic Purchasing System (DPS) "Cyber Security Services 3 - RM3764.3"
four.1.8) Information about the Government Procurement Agreement (GPA)
The procurement is covered by the Government Procurement Agreement: No
Section five. Award of contract
Contract No
DN634936
A contract/lot is awarded: Yes
five.2) Award of contract
five.2.1) Date of conclusion of the contract
20 December 2022
five.2.2) Information about tenders
Number of tenders received: 5
Number of tenders received from SMEs: 0
Number of tenders received from tenderers from other EU Member States: 0
Number of tenders received from tenderers from non-EU Member States: 0
Number of tenders received by electronic means: 5
The contract has been awarded to a group of economic operators: No
five.2.3) Name and address of the contractor
Jumpsec Limited
1 Golden Court
Richmond, Surrey
TW9 1EU
Telephone
+44 3339398080
Country
United Kingdom
NUTS code
- UK - United Kingdom
The contractor is an SME
No
five.2.4) Information on value of contract/lot (excluding VAT)
Total value of the contract/lot: £1,080,000
Section six. Complementary information
six.4) Procedures for review
six.4.1) Review body
www.ealing.gov.uk
London Borough of Ealing, Perceval House, 14-16 Uxbridge Road
Ealing, London
W5 2HL
Telephone
+44 2088259655
Country
United Kingdom