Scope
Reference
Cybersec2026
Description
The Authority is procuring cyber security services to support the organisation's security posture, operational resilience, and ability to prevent, detect, respond to, and recover from cyber threats.
The required services may include, but are not limited to:
Security assessment services, including IT health checks and vulnerability assessments;
Incident response and threat management services, including cyber incident handling, threat intelligence and business continuity support;
Managed security services, such as managed detection and response (MDR), Security Operations Centre (SOC) services, and continuous monitoring;
Specialist cyber consultancy, including risk assessment, security architecture, cyber maturity analysis, security strategy, policy development and transformation activities.
These services must be delivered by suppliers admitted to the Crown Commercial Service Dynamic Purchasing System Cyber Security Services 3 (RM3764.3) and selected through the appropriate DPS filtering options. The volume, mix, and scope of services will depend on the Authority's ongoing operational and security requirements over the life of the contract.
Suppliers must ensure all services are delivered in accordance with relevant industry standards, applicable legislation, and any required cyber security certifications (including those required by the DPS filters).
Total value (estimated)
- £625,000 excluding VAT
- £750,000 including VAT
Above the relevant threshold
Contract dates (estimated)
- 1 May 2026 to 30 April 2029
- Possible extension to 30 April 2031
- 5 years
Description of possible extension:
The contract will be awarded for an initial term of three (3) years, with the option to extend by up to two (2) additional periods of twelve (12) months each, up to a maximum total contract duration of five (5) years.
Extensions may be used where:
The Supplier's performance remains satisfactory, as demonstrated through contract management reviews, KPIs, and service delivery standards;
Continuing with the incumbent Supplier represents value for money, taking into account cost, quality, market conditions, and the Authority's ongoing operational requirements;
There is a continued business need for the services and extending the contract supports continuity and avoids unnecessary disruption to service delivery;
Any changes in scope remain within the limits permitted by the Procurement Act 2023 and do not materially alter the nature of the original procurement.
Where both optional extensions are exercised, they may be applied individually or consecutively, depending on the needs of the Authority at the relevant time.
Main procurement category
Services
CPV classifications
- 72590000 - Computer-related professional services
Contract locations
- UKI - London
Participation
Particular suitability
Small and medium-sized enterprises (SME)
Submission
Enquiry deadline
23 February 2026, 11:59pm
Submission type
Tenders
Tender submission deadline
6 March 2026, 4:00pm
Submission address and any special instructions
All tender submissions will be made through the Crown Commercial Service DPS Marketplace (https://supplierregistration.cabinetoffice.gov.uk) as part of the Cyber Security Services 3 DPS (RM3764.3) competition process.
Tenders may be submitted electronically
Yes
Languages that may be used for submission
English
Award decision date (estimated)
13 March 2026
Award criteria
| Name | Description | Type | Weighting |
|---|---|---|---|
| Quality | Quality will be evaluated through a series of scored assessment questions covering: Technical merit and methodology - the supplier's proposed approach to delivering the required cyber security... |
Quality | 70% |
| Price | Price will be evaluated based on the total evaluated cost of the proposed solution as specified in the pricing schedule. The lowest‑priced compliant bid will receive full marks, with other bids... |
Price | 30% |
Other information
Conflicts assessment prepared/revised
Yes
Procedure
Procedure type
Competitive flexible procedure
Competitive flexible procedure description
This procurement is being conducted under the Crown Commercial Service Dynamic Purchasing System Cyber Security Services 3 (RM3764.3). Only suppliers admitted to the DPS in the relevant service categories may participate in the competition.
Contracting authority
ISLINGTON & SHOREDITCH HOUSING ASSOCIATION LIMITED
- Companies House: IP11614R
- Public Procurement Organisation Number: PCRP-6975-RRZP
102 Blackstock Road
London
N4 2DR
United Kingdom
Email: ICT.Procurement@isha.co.uk
Website: https://www.isha.co.uk
Region: UKI43 - Haringey and Islington
Organisation type: Public authority - sub-central government