Scope
Reference
DBW00105
Description
The Development Bank of Wales currently operate a security operation model that is split across multiple providers and technologies. To help reduce the complexity of this approach and improve our ability to effectively monitor, respond to, and mitigate security threats, the Banc are investigating the feasibility of implementing a unified Microsoft security operations platform, the day-to-day management of which would be supported by a single provider. his transition will not only streamline our processes and technology, but also increase the efficiency of our incident response efforts and reduce the potential for gaps in our security posture caused by the fragmentation of tools and services.
Currently, our Azure services are handled by Service Provider A, which focuses on optimising our cloud infrastructure. Service Provider B is responsible for managing our Microsoft 365 environment and on-premises infrastructure, ensuring that both are configured and maintained to meet our operational needs. Additionally, our managed detection and response (MDR) services are provided by Service Provider C, which utilises their own proprietary platform to deliver continuous monitoring, threat detection, and incident response across our IT estate.
The Banc is investigating replacing Service Provider C with a new Service Provider that will take over the managed detection and response function, utilising the Microsoft unified security platform. They will be responsible for the implementation, configuration and on-going management of the platform, and providing proactive advice and recommendations to improve the security of our Microsoft estate, drawing on Microsoft's insights, but will not be responsible for any configuration outside of the security platform. The new provider will collaborate closely with Service Providers A and B to align security practices ensuring that our entire IT environment remains protected against emerging threats.
Please refer to the scope of requirements
Please note the contract value is an estimate
Total value (estimated)
- £1,500,000 excluding VAT
- £1,800,000 including VAT
Above the relevant threshold
Contract dates (estimated)
- 1 July 2025 to 30 June 2030
- Possible extension to 30 June 2033
- 8 years
Description of possible extension:
3 years in 12 month increments
Options
The right to additional purchases while the contract is valid.
There may be a requirement that the supplier will undertake project work during the contract term. Additional modules and or security of other systems may also be required.
Main procurement category
Services
CPV classifications
- 72000000 - IT services: consulting, software development, Internet and support
Contract locations
- UK - United Kingdom
Participation
Legal and financial capacity conditions of participation
Professional Indemnity (PI) - £1,000,000
Cyber Essential insurance £1,000,000
Employers Liability (EL) - £10,000,000
Public Liability (PL) - £5,000,000
Technical ability conditions of participation
Please refer to the tender documentation
Particular suitability
Small and medium-sized enterprises (SME)
Submission
Enquiry deadline
17 April 2025, 12:00pm
Submission type
Tenders
Tender submission deadline
9 June 2025, 12:00pm
Submission address and any special instructions
Tenders may be submitted electronically
Yes
Languages that may be used for submission
English
Award decision date (estimated)
30 June 2025
Recurring procurement
Publication date of next tender notice (estimated): 13 March 2033
Award criteria
| Name | Description | Type | Weighting |
|---|---|---|---|
| Stage 2 | Technical evaluation Questions have a total weighting of 70% |
Quality | 69.00% |
| Commercial | Annual costs including the implementation for the first year Rate cards |
Price | 30.00% |
| Stage 1 | PSQ - Pass/Fail Technical evaluation - Pass/Fail and weighted questions 3PQ Please note that this stage has a technical weighting of 100% |
Quality | 1.00% |
Other information
Payment terms
30 days
Description of risks to contract performance
NA
Conflicts assessment prepared/revised
Yes
Procedure
Procedure type
Competitive flexible procedure
Competitive flexible procedure description
Stage 1 will consist of completion of
Procurement Supplier Questionnaire - Pass/Fail
Technical questionnaire with a variety of Pass/Fail questions and weighted questions
3PQ - Pass/Fail
Stage 2 only the top 3 suppliers will be selected to go into stage 2 the evaluation will consist of
Technical evaluation at 70%
Commercial at 30%
Further information can be found within the tender documentation
Justification for not publishing a preliminary market engagement notice
A speculative notice was issued under the PCR2015
Documents
Documents to be provided after the tender notice
Contracting authority
Development Bank of Wales
- Public Procurement Organisation Number: PCWM-6438-QYVP
Unit J, Yale Business Village, Ellice Way,
Wrexham
LL13 7YL
United Kingdom
Contact name: Leanne Millard
Telephone: +442920801715
Email: procurement@developmentbank.wales
Website: http://www.developmentbank.wales
Region: UKL23 - Flintshire and Wrexham
Organisation type: Public authority - sub-central government
Devolved regulations that apply: Wales