Tender

Managed Service Provider (MSP) & Security Operations Centre (SOC) / SEIM Provider

  • Waste & Resources Action Programme

UK4: Tender notice - Procurement Act 2023 - view information about notice types

Notice identifier: 2025/S 000-016706

Procurement identifier (OCID): ocds-h6vhtk-0506cc

Published 24 April 2025, 10:52am



Scope

Description

WRAP is seeking to procure support across two (2) distinct service packages:

•Service Package 1: Managed Service Provider (MSP)

•Service Package 2: Security Operations Centre (SOC) / SIEM Provider

Bidders may submit a proposal for one or both packages. WRAP may award a single contract covering both service areas or award separate contracts for each service package, depending on the quality and value for money of the responses.

Service Package 1: Managed Service Provider (MSP)

The primary objective of this package is to supplement WRAP's internal IT function with a scalable, flexible and proactive Managed IT Services Partner. The MSP will enhance WRAP's operational resilience, ensure efficient ticket management, maintain high system performance and align IT service delivery with WRAP's evolving organisational needs and cybersecurity posture.

Service Package 1: Security Operations Centre (SOC) / SIEM Provider

The objective of this package is to secure WRAP's IT environment by delivering robust, around-the-clock cybersecurity monitoring, rapid incident response, and advanced threat intelligence services. The selected provider will strengthen WRAP's security posture and support regulatory compliance.

To submit a Bid, register for free on: https://www.delta-esourcing.com/

Access Code (to find the opportunity): XU66K63TY7

For more information about this opportunity, please visit the Delta eSourcing portal at:

https://www.delta-esourcing.com/tenders/UK-UK-Banbury:-IT-services:-consulting,-software-development,-Internet-and-support./XU66K63TY7

To respond to this opportunity, please click here:

https://www.delta-esourcing.com/respond/XU66K63TY7

Total value (estimated)

  • £180,000 excluding VAT
  • £180,000 including VAT

Below the relevant threshold

Main procurement category

Services

CPV classifications

  • 72000000 - IT services: consulting, software development, Internet and support

Contract locations

  • UK - United Kingdom

Not the same for all lots

Contract dates are shown in Lot sections, because they are not the same for all lots.


Lot Package 1. Managed Service Provider (MSP)

Description

The primary objective of this package is to supplement WRAP's internal IT function with a scalable, flexible and proactive Managed IT Services Partner. The MSP will enhance WRAP's operational resilience, ensure efficient ticket management, maintain high system performance and align IT service delivery with WRAP's evolving organisational needs and cybersecurity posture.

Services required are as follows:

Server Monitoring & Reporting

Provide 24/7 real-time monitoring of WRAP's Azure-based virtual servers.

Detect and report on performance degradation, downtime, system anomalies, and security issues.

Deliver automated and manual alerts for potential threats or service failures.

Generate monthly reports covering server health, uptime, patching status, capacity utilisation, and threat logs.

IT Support Escalation, Overflow and Flexible Support

Provide Tier 2 and Tier 3 support, acting as an escalation point for complex IT incidents.

Respond to overflow tickets exceeding internal team capacity (i.e., 20+ tickets/month).

Ensure tight integration with WRAP's ITSM system (Freshservice) for ticket visibility and lifecycle updates.

Be able to scale up support provision within 24 hours, as needed for peak periods or critical events.

Ability to attend WRAP Offices for to supplement on-site IT presence.

Full Helpdesk Coverage

Provide full-service first line and second-line helpdesk support when WRAP's internal team is unavailable (e.g., holidays, absences).

Deliver end-user support (remote or on-site if necessary), including troubleshooting, password resets, software/hardware issues, and user onboarding/offboarding.

Liaise with third-party vendors and escalate incidents to manufacturers or cloud providers as required.

Project Support

Contribute a minimum of 2 hours per month to support WRAP's digital projects (e.g., migrations, software rollouts, endpoint configuration).

Allow unused support hours to roll over for future use to enable flexibility in project delivery.

Knowledge Management

Maintain and update WRAP's internal knowledge base to reflect new system configurations, known issues, and support resolutions.

Ensure regular documentation updates within Freshservice, enabling WRAP's internal team to access up-to-date self-help and procedural guides.

Compliance & Cybersecurity

Ensure all services comply with relevant data protection laws and certifications, including GDPR, Cyber Essentials, and ISO 27001.

Implement and maintain baseline cybersecurity hygiene (e.g., patching, MFA enforcement, basic security hardening).

Review & Collaboration

Attend monthly service review meetings to report performance against SLAs, review incidents, and discuss ongoing improvements.

Participate in quarterly strategic reviews to align services with WRAP's IT roadmap and business goals.

Identifying industry trends and insights to help WRAP stay current.

Working Hours

Provide core services during UK business hours (08:00 - 17:00 GMT/BST, Monday to Friday), with capacity for out-of-hours escalation in urgent situations if needed.

Lot value (estimated)

  • £120,000 including VAT

Contract dates (estimated)

  • 9 June 2025 to 9 June 2027
  • Possible extension to 9 June 2028
  • 3 years, 1 day

Description of possible extension:

Optional 1 year extension, if deemed necessary.

Same for all lots

CPV classifications and contract locations are shown in the Scope section, because they are the same for all lots.


Lot Package 2. Security Operations Centre (SOC) / SIEM Provider

Description

The objective of this package is to secure WRAP's IT environment by delivering robust, around-the-clock cybersecurity monitoring, rapid incident response, and advanced threat intelligence services. The selected provider will strengthen WRAP's security posture and support regulatory compliance.

Services required are as follows:

24/7 Security Monitoring

Provide continuous monitoring through a mature SIEM solution, capturing logs from cloud and on-prem environments.

Detect known and unknown threats using automated correlation engines and behaviour analytics.

Alert WRAP to critical incidents, providing actionable context and remediation suggestions.

Incident Response & Remediation

Provide hands-on containment, investigation, and remediation support for security incidents.

Respond in accordance with defined SLAs (e.g., critical threat response within 15 minutes).

Hold NCSC-assured service provider status or equivalent (e.g., CREST, CIR Level 2+ certification).

Threat Intelligence & Hunting

Conduct proactive threat hunting activities based on emerging indicators of compromise (IOCs) and known tactics, techniques, and procedures (TTPs).

Ingest and apply global threat intelligence feeds, adapting detection rules accordingly.

Compliance & Regulatory Support

Ensure ongoing compliance with ISO 27001, Cyber Essentials Plus, and other UK regulatory standards.

Enable auditable log retention, forensic readiness, and transparent record-keeping.

Integration with WRAP's Security Stack

Seamlessly integrate with Microsoft 365 Defender, Azure Security Centre, EDR/XDR tools, and WRAP's firewalls and network infrastructure.

Provide visibility across multi-cloud and hybrid environments, including integration with third-party security tools.

Custom Detection Rules

Build and maintain custom detection rules and workflows tailored to WRAP's use cases and risk profile.

Collaborate with WRAP's internal teams to ensure detections reflect evolving business and technical contexts.

Global Incident Coordination

Provide "follow-the-sun" support, ensuring continuous coverage and coordination with WRAP's global operations (if applicable).

Leverage regional SOC teams to respond to threats in real-time regardless of time zone.

Real-Time Reporting

Offer live dashboards and periodic reporting (e.g., weekly/monthly) on incidents, threat trends, vulnerabilities, and system health.

Include executive-level summaries and technical deep-dives where appropriate.

Collaboration

Work closely with WRAP's internal cybersecurity and IT teams.

Participate in incident response tabletop exercises, scenario planning, and quarterly joint reviews.

Required Capabilities (applicable to both packages) are as follows:

Demonstrated experience supporting public or non-profit organisations, preferably within the UK or global NGO sector.

Evidence of supporting hybrid environments, particularly Azure and Microsoft 365 (or equivalent).

Flexible, transparent pricing models that suit WRAP's operating needs and enable scaling of services.

Data handling practices compliant with UK GDPR, Data Protection Act 2018, and relevant international data laws (or equivalent).

Lot value (estimated)

  • £60,000 including VAT

Contract dates (estimated)

  • 9 June 2025 to 9 June 2027
  • Possible extension to 9 June 2028
  • 3 years, 1 day

Description of possible extension:

Optional 1 year extension, if necessary.

Same for all lots

CPV classifications and contract locations are shown in the Scope section, because they are the same for all lots.


Participation

Particular suitability

Lot Package 1. Managed Service Provider (MSP)

Lot Package 2. Security Operations Centre (SOC) / SIEM Provider

  • Small and medium-sized enterprises (SME)
  • Voluntary, community and social enterprises (VCSE)

Submission

Enquiry deadline

21 May 2025, 12:45am

Tender submission deadline

21 May 2025, 12:45am

Submission address and any special instructions

Tenders may be submitted electronically

Yes


Award criteria

This table contains award criteria for this lot
Name Description Type Weighting
Quality

Long criteria description

Quality 65%
Price

Long criteria description

Price 35%

Procedure

Procedure type

Below threshold - open competition


Documents

Associated tender documents

https://www.find-tender.service.gov.uk/Notice/Attachment/A-943641447

Invitation to Tender (ITT)

https://www.find-tender.service.gov.uk/Notice/Attachment/A-943641467

Conditions of Contract

https://www.find-tender.service.gov.uk/Notice/Attachment/A-943641765

Quotation & Rates Schedule (Excel Format)


Contracting authority

Waste & Resources Action Programme

  • Public Procurement Organisation Number: PCTJ-5948-ZJZV

Second Floor, Blenheim Court, 19 George Street

Banbury

OX16 5BH

United Kingdom

Contact name: Procurement Lead

Telephone: 01295 584100

Email: procurement@wrap.org.uk

Region: UKJ14 - Oxfordshire

Organisation type: Public authority - sub-central government