Section one: Contracting entity
one.1) Name and addresses
ScotRail Trains Ltd
Atrium Court, , 50 Waterloo Street
Glasgow
Contact
Kathleen Gay
Telephone
+44 3448110141
Country
United Kingdom
NUTS code
UKM - Scotland
Internet address(es)
Main address
Buyer's address
https://www.publiccontractsscotland.gov.uk/search/Search_AuthProfile.aspx?ID=AA30589
one.2) Information about joint procurement
The contract is awarded by a central purchasing body
one.3) Communication
The procurement documents are available for unrestricted and full direct access, free of charge, at
Additional information can be obtained from the above-mentioned address
Tenders or requests to participate must be submitted electronically via
one.6) Main activity
Railway services
Section two: Object
two.1) Scope of the procurement
two.1.1) Title
ScotRail Cyber Security Architecture
Reference number
SR032
two.1.2) Main CPV code
- 48000000 - Software package and information systems
two.1.3) Type of contract
Supplies
two.1.4) Short description
ScotRail Trains Limited (SRT) invites prospective suppliers to participate in this procurement process to become a key partner in supporting the modernisation of the existing IT cyber security architecture. With the following key objectives:
Implement 24-7 managed detection and response capability; Provide a seamless protection and management for privileged accounts; Rationalise and/or integrate and mesh cyber security systems together to ensure events are correlated and a view can be taken across multiple systems; Improve ScotRail's ability to prevent cyber security events and breaches; Improve ScotRail's ability to detect cyber security events and breaches; Improve ScotRail's ability to contain cyber security events and breaches; Improve ScotRail's ability to recover from security events and breaches
two.1.6) Information about lots
This contract is divided into lots: Yes
Tenders may be submitted for all lots
two.2) Description
two.2.1) Title
Privileged Access Management (PAM)
Lot No
1
two.2.2) Additional CPV code(s)
- 48000000 - Software package and information systems
two.2.3) Place of performance
NUTS codes
- UKM - Scotland
two.2.4) Description of the procurement
ScotRail Trains Limited (SRT) invites prospective suppliers to participate in this procurement process to become a key partner in supporting the modernisation of the existing IT cyber security architecture. With the following key objectives: Implement 24-7 managed detection and response capability; Provide a seamless protection and management for privileged accounts; Rationalise and/or integrate and mesh cyber security systems together to ensure events are correlated and a view can be taken across multiple systems; Improve ScotRail's ability to prevent cyber security events and breaches; Improve ScotRail's ability to detect cyber security events and breaches; Improve ScotRail's ability to contain cyber security events and breaches; Improve ScotRail's ability to recover from security events and breaches.
The opportunity is split into the following Lots and suppliers are invited to apply for 1 or multiple lots:
- Lot 1 - Privileged Access Management (PAM)
- Lot 2 - Lot 2 - Security Information and Event Management (SIEM)
- Lot 3 - Extended Detection and Response (XDR)
- Lot 4 - Endpoint Detection and Response (EDR)
- Lot 5 - Managed Detection and Response (MDR)
The full business requirements for each Lot are contained in the ‘ScotRail Requirements Document – Cyber Security Architecture’ which can be accessed through the link to the E-Sourcing portal and clicking on the event for Cyber Security Architecture (https://scotrail.wax-live.com/S2C/DisplayModules/TradeModules/Negotiations/Opportunities/ListEvents.aspx)
two.2.5) Award criteria
Price is not the only award criterion and all criteria are stated only in the procurement documents
two.2.7) Duration of the contract, framework agreement or dynamic purchasing system
Duration in months
36
This contract is subject to renewal
Yes
Description of renewals
The proposed contract term is a 3 year initial term, with the option to extend this for a potential further 2 or 4 years, this will be explored and confirmed at the ITN stage.
two.2.9) Information about the limits on the number of candidates to be invited
Envisaged minimum number: 1
two.2.10) Information about variants
Variants will be accepted: No
two.2.11) Information about options
Options: No
two.2.13) Information about European Union Funds
The procurement is related to a project and/or programme financed by European Union funds: No
two.2.14) Additional information
two.2) Description
two.2.1) Title
Security Information and Event Management (SIEM)
Lot No
2
two.2.2) Additional CPV code(s)
- 48000000 - Software package and information systems
two.2.3) Place of performance
NUTS codes
- UKM - Scotland
two.2.4) Description of the procurement
ScotRail Trains Limited (SRT) invites prospective suppliers to participate in this procurement process to become a key partner in supporting the modernisation of the existing IT cyber security architecture. With the following key objectives: Implement 24-7 managed detection and response capability; Provide a seamless protection and management for privileged accounts; Rationalise and/or integrate and mesh cyber security systems together to ensure events are correlated and a view can be taken across multiple systems; Improve ScotRail's ability to prevent cyber security events and breaches; Improve ScotRail's ability to detect cyber security events and breaches; Improve ScotRail's ability to contain cyber security events and breaches; Improve ScotRail's ability to recover from security events and breaches
The opportunity is split into the following Lots and suppliers are invited to apply for 1 or multiple lots:
- Lot 1 - Privileged Access Management (PAM)
- Lot 2 - Lot 2 - Security Information and Event Management (SIEM)
- Lot 3 - Extended Detection and Response (XDR)
- Lot 4 - Endpoint Detection and Response (EDR)
- Lot 5 - Managed Detection and Response (MDR)
The full business requirements for each Lot are contained in the‘ScotRail Requirements Document – Cyber Security Architecture’ which can be accessed via the link to the E-Sourcing portal and clicking on the event for Cyber Security Architecture (https://scotrail.wax-live.com/S2C/DisplayModules/TradeModules/Negotiations/Opportunities/ListEvents.aspx)
two.2.5) Award criteria
Price is not the only award criterion and all criteria are stated only in the procurement documents
two.2.7) Duration of the contract, framework agreement or dynamic purchasing system
Duration in months
36
This contract is subject to renewal
Yes
Description of renewals
The proposed contract term is a 3 year initial terms, with the option to extend this for a potential further 3 or 4 years, this will be explored and confirmed at the ITN stage.
two.2.9) Information about the limits on the number of candidates to be invited
Envisaged minimum number: 1
two.2.10) Information about variants
Variants will be accepted: No
two.2.11) Information about options
Options: No
two.2.13) Information about European Union Funds
The procurement is related to a project and/or programme financed by European Union funds: No
two.2.14) Additional information
two.2) Description
two.2.1) Title
Extended Detection and Response (XDR)
Lot No
3
two.2.2) Additional CPV code(s)
- 48000000 - Software package and information systems
two.2.3) Place of performance
NUTS codes
- UKM - Scotland
two.2.4) Description of the procurement
ScotRail Trains Limited (SRT) invites prospective suppliers to participate in this procurement process to become a key partner in supporting the modernisation of the existing IT cyber security architecture. With the following key objectives: Implement 24-7 managed detection and response capability; Provide a seamless protection and management for privileged accounts; Rationalise and/or integrate and mesh cyber security systems together to ensure events are correlated and a view can be taken across multiple systems; Improve ScotRail's ability to prevent cyber security events and breaches; Improve ScotRail's ability to detect cyber security events and breaches; Improve ScotRail's ability to contain cyber security events and breaches; Improve ScotRail's ability to recover from security events and breaches
The opportunity is split into the following Lots and suppliers are invited to apply for 1 or multiple lots:
- Lot 1 - Privileged Access Management (PAM)
- Lot 2 - Lot 2 - Security Information and Event Management (SIEM)
- Lot 3 - Extended Detection and Response (XDR)
- Lot 4 - Endpoint Detection and Response (EDR)
- Lot 5 - Managed Detection and Response (MDR)
The full business requirements for each Lot are contained in the ‘ScotRail Requirements Document – Cyber Security Architecture’ which can be accessed via the link to the E-Sourcing portal and clicking on the event for Cyber Security Architecture (https://scotrail.wax-live.com/S2C/DisplayModules/TradeModules/Negotiations/Opportunities/ListEvents.aspx)
two.2.5) Award criteria
Price is not the only award criterion and all criteria are stated only in the procurement documents
two.2.7) Duration of the contract, framework agreement or dynamic purchasing system
Duration in months
36
This contract is subject to renewal
Yes
Description of renewals
The proposed contract term is a 3 year initial terms, with the option to extend this for a potential further 3 or 4 years, this will be explored and confirmed at the ITN stage.
two.2.9) Information about the limits on the number of candidates to be invited
Envisaged minimum number: 1
two.2.10) Information about variants
Variants will be accepted: No
two.2.11) Information about options
Options: No
two.2.13) Information about European Union Funds
The procurement is related to a project and/or programme financed by European Union funds: No
two.2.14) Additional information
two.2) Description
two.2.1) Title
Endpoint Detection and Response (EDR)
Lot No
4
two.2.2) Additional CPV code(s)
- 48000000 - Software package and information systems
two.2.3) Place of performance
NUTS codes
- UKM - Scotland
two.2.4) Description of the procurement
ScotRail Trains Limited (SRT) invites prospective suppliers to participate in this procurement process to become a key partner in supporting the modernisation of the existing IT cyber security architecture. With the following key objectives: Implement 24-7 managed detection and response capability; Provide a seamless protection and management for privileged accounts; Rationalise and/or integrate and mesh cyber security systems together to ensure events are correlated and a view can be taken across multiple systems; Improve ScotRail's ability to prevent cyber security events and breaches; Improve ScotRail's ability to detect cyber security events and breaches; Improve ScotRail's ability to contain cyber security events and breaches; Improve ScotRail's ability to recover from security events and breaches
The opportunity is split into the following Lots and suppliers are invited to apply for 1 or multiple lots:
- Lot 1 - Privileged Access Management (PAM)
- Lot 2 - Lot 2 - Security Information and Event Management (SIEM)
- Lot 3 - Extended Detection and Response (XDR)
- Lot 4 - Endpoint Detection and Response (EDR)
- Lot 5 - Managed Detection and Response (MDR)
The full business requirements for each Lot are contained in the ‘ScotRail Requirements Document – Cyber Security Architecture’ which can be accessed via the link to the E-Sourcing portal and clicking on the event for Cyber Security Architecture (https://scotrail.wax-live.com/S2C/DisplayModules/TradeModules/Negotiations/Opportunities/ListEvents.aspx)
two.2.5) Award criteria
Price is not the only award criterion and all criteria are stated only in the procurement documents
two.2.7) Duration of the contract, framework agreement or dynamic purchasing system
Duration in months
36
This contract is subject to renewal
Yes
Description of renewals
The proposed contract term is a 3 year initial terms, with the option to extend this for a potential further 3 or 4 years, this will be explored and confirmed at the ITN stage.
two.2.9) Information about the limits on the number of candidates to be invited
Envisaged minimum number: 1
two.2.10) Information about variants
Variants will be accepted: No
two.2.11) Information about options
Options: No
two.2.13) Information about European Union Funds
The procurement is related to a project and/or programme financed by European Union funds: No
two.2.14) Additional information
two.2) Description
two.2.1) Title
Managed Detection and Response (MDR)
Lot No
5
two.2.2) Additional CPV code(s)
- 48000000 - Software package and information systems
two.2.3) Place of performance
NUTS codes
- UKM - Scotland
two.2.4) Description of the procurement
ScotRail Trains Limited (SRT) invites prospective suppliers to participate in this procurement process to become a key partner in supporting the modernisation of the existing IT cyber security architecture. With the following key objectives: Implement 24-7 managed detection and response capability; Provide a seamless protection and management for privileged accounts; Rationalise and/or integrate and mesh cyber security systems together to ensure events are correlated and a view can be taken across multiple systems; Improve ScotRail's ability to prevent cyber security events and breaches; Improve ScotRail's ability to detect cyber security events and breaches; Improve ScotRail's ability to contain cyber security events and breaches; Improve ScotRail's ability to recover from security events and breaches
The opportunity is split into the following Lots and suppliers are invited to apply for 1 or multiple lots:
- Lot 1 - Privileged Access Management (PAM)
- Lot 2 - Lot 2 - Security Information and Event Management (SIEM)
- Lot 3 - Extended Detection and Response (XDR)
- Lot 4 - Endpoint Detection and Response (EDR)
- Lot 5 - Managed Detection and Response (MDR)
The full business requirements for each Lot are contained in the ‘ScotRail Requirements Document – Cyber Security Architecture’ which can be accessed via the link to the E-Sourcing portal and clicking on the event for Cyber Security Architecture (https://scotrail.wax-live.com/S2C/DisplayModules/TradeModules/Negotiations/Opportunities/ListEvents.aspx)
two.2.5) Award criteria
Price is not the only award criterion and all criteria are stated only in the procurement documents
two.2.7) Duration of the contract, framework agreement or dynamic purchasing system
Duration in months
36
This contract is subject to renewal
Yes
Description of renewals
The proposed contract term is a 3 year initial terms, with the option to extend this for a potential further 3 or 4 years, this will be explored and confirmed at the ITN stage.
two.2.9) Information about the limits on the number of candidates to be invited
Envisaged minimum number: 1
two.2.10) Information about variants
Variants will be accepted: No
two.2.11) Information about options
Options: No
two.2.13) Information about European Union Funds
The procurement is related to a project and/or programme financed by European Union funds: No
two.2.14) Additional information
Section three. Legal, economic, financial and technical information
three.1) Conditions for participation
three.1.2) Economic and financial standing
Selection criteria as stated in the procurement documents
three.1.3) Technical and professional ability
Selection criteria as stated in the procurement documents
Section four. Procedure
four.1) Description
four.1.1) Type of procedure
Negotiated procedure with prior call for competition
four.1.4) Information about reduction of the number of solutions or tenders during negotiation or dialogue
Recourse to staged procedure to gradually reduce the number of solutions to be discussed or tenders to be negotiated
four.1.8) Information about the Government Procurement Agreement (GPA)
The procurement is covered by the Government Procurement Agreement: Yes
four.2) Administrative information
four.2.2) Time limit for receipt of tenders or requests to participate
Date
24 May 2023
Local time
5:00pm
four.2.3) Estimated date of dispatch of invitations to tender or to participate to selected candidates
31 July 2023
four.2.4) Languages in which tenders or requests to participate may be submitted
English
Section six. Complementary information
six.1) Information about recurrence
This is a recurrent procurement: No
six.2) Information about electronic workflows
Electronic ordering will be used
Electronic invoicing will be accepted
Electronic payment will be used
six.3) Additional information
The full requirements document and PQQ can be accessed via the following link to the e-sourcing portal - https://scotrail.wax-live.com/S2C/DisplayModules/TradeModules/Negotiations/Opportunities/ListEvents.aspx
To participate a PQQ must be submitted via the portal by the stated deadline
(SC Ref:730055)
six.4) Procedures for review
six.4.1) Review body
Glasgow Sheriff Court
Glasgow
Country
United Kingdom