Scope
Description
1. Summary of Requirements
L&Q intends to procure a hybrid Out‑of‑Hours Security Operations Centre service to operate as an extension of the internal L&Q SOC. The service will provide protective monitoring, triage, and incident response outside of core operating hours.
The OOH SOC partner will be responsible for:
Continuous monitoring, triage, and incident escalation during defined out‑of‑hours periods.
Supporting L&Q's internal SOC with investigations, analysis, and agreed incident response actions.
Operating in alignment with L&Q playbooks, processes, and security tooling (including Microsoft Sentinel, Microsoft Defender XDR, and others).
Providing structured shift handovers, monthly reporting, and ongoing collaboration with L&Q SOC staff.
This work is critical for maintaining security oversight during nights, weekends, and bank holidays, reducing the risk of compromise during periods where internal analysts are unavailable.
2. High‑Level Scope of Services
The procurement will cover the following high‑level areas extracted from the previous specification:
Service Operating Hours
Mon-Fri: 17:00-09:00
Weekends & Bank Holidays: 24/7 coverage
Service Performance Expectations
Availability: 99.5% across operating hours
Incident Acknowledgement & Escalation Times:
High: 15 minutes to start incident triage, 75 minutes or end of shift to escalate
Medium: 2 hours to start incident triage, 4 hours or end of shift to escalate
Low: 5 hours to start incident triage, 8 hours or end of shift to escalate
Key Functions
Triage of all alarms generated within Microsoft Sentinel/Microsoft Defender XDR.
Use of L&Q-provided tooling (Sentinel, Defender family, Azure, email analysis tools).
Remote host investigations as required.
Triage of reported suspicious/malicious emails.
Blocking of malicious IPs on host and/or network (as per playbook direction).
Ad‑hoc investigatory support to defined timescales.
Incident Response support for security incidents that are detected or reported through channels outside of the SIEM.
Detection engineering support in collaboration with the L&Q Group SOC, enhancing existing detections and developing new analytics and rule logic as needed
Reporting & Governance
Monthly service performance reporting.
Written handovers at shift boundaries.
Quarterly account management meetings.
Documented change‑control processes aligned with L&Q practice.
Security & Compliance Requirements
Supplier must be headquartered in the UK or EU, or otherwise demonstrate GDPR‑compliant operating arrangements.
Analysts must be proficient in Microsoft Sentinel, KQL, Defender product suite.
Proven experience delivering SOC services for organisations of similar scale (4,000-5,000 staff).
Contract dates (estimated)
- 4 July 2026 to 4 July 2029
- 3 years, 1 day
Main procurement category
Services
CPV classifications
- 72222300 - Information technology services
Contract locations
- UK - United Kingdom
Submission
Publication date of tender notice (estimated)
1 April 2026
Tender submission deadline
26 April 2026, 11:59pm
Languages that may be used for submission
English
Award decision date (estimated)
22 May 2026
Procedure
Procedure type
Open procedure
Contracting authority
LONDON & QUADRANT HOUSING TRUST
- Companies House: IP030441
- Public Procurement Organisation Number: PJQV-6311-TQXL
29-35 West Ham Lane
London
E15 4PN
United Kingdom
Email: jaketurner@lqgroup.org.uk
Region: UKI41 - Hackney and Newham
Organisation type: Public authority - sub-central government