Section one: Contracting authority
one.1) Name and addresses
Crown Prosecution Service
102 Petty France
LONDON
SW1H 9EA
Contact
Patience Arinaitwe
Country
United Kingdom
NUTS code
UKI3 - Inner London – West
Justification for not providing organisation identifier
Not on any register
Internet address(es)
Main address
one.3) Communication
Additional information can be obtained from the above-mentioned address
one.4) Type of the contracting authority
Ministry or any other national or federal authority
one.5) Main activity
Other activity
Security Operations Centre Managed Service
Section two: Object
two.1) Scope of the procurement
two.1.1) Title
Provision of Security Operations Centre Managed Service: Prior Information Notice
two.1.2) Main CPV code
- 72250000 - System and support services
two.1.3) Type of contract
Services
two.1.4) Short description
Provision of Security Operations Centre Managed Service Requirement: Prior Information Notice.
The Crown Prosecution Service (CPS) has a security function within the Digital and Information Directorate (DID), delivering a professional approach and striving for Security Excellence in the provision of all IT services.
Whilst the Security team is internal, the CPS is seeking to procure a Security Operations Centre (SOC) service.
The Security Operations Centre is a key service for the CPS, and it is critical that any supplier delivering this service understands the nature of the business, the key role that the CPS plays within the Criminal Justice System and the need for a full 24 x 7 x 365 security service, as there are services available outside office hours.
two.1.6) Information about lots
This contract is divided into lots: No
two.2) Description
two.2.2) Additional CPV code(s)
- 72250000 - System and support services
two.2.3) Place of performance
NUTS codes
- UKI - London
two.2.4) Description of the procurement
Prior Information Notice for Provision of a Security Operations Centre (SOC) Service:
The Crown Prosecution Service (CPS) has a security function within the Digital and Information Directorate (DID), delivering a professional approach and striving for Security Excellence in the provision of all IT services.
Whilst the Security team is internal, the CPS is seeking to procure a Security Operations Centre (SOC) service.
The Security Operations Centre is a key service for the CPS, and it is critical that any supplier delivering this service understands the nature of the business, the key role that the CPS plays within the Criminal Justice System and the need for a full 24 x 7 x 365 security service, as there are services available outside office hours.
The CPS plans to (separately) procure a SIEM tool and is looking for a SOC provider to complement its cyber defensive capabilities in providing:
· Managing the CPS SIEM solution, including:
o Onboarding / removal of SIEM feeds and/or configuration of SIEM tool
o Creating customised alerts
o 24x7x365 monitoring of alerts, including analysing alerts to detect threats and configuration of security orchestration, automation and response.
· Provide cyber threat Intelligence, including:
o Threat Intel - Identify, Investigate and hunt for cyber threats to gain insight into attacker behaviour, infrastructure, motives and IOCs'.
o Vulnerability Intelligence - identify vulnerabilities that pose the most risk to their organisation, reducing downtime, and preventing attacks.
o Supply chain intelligence - monitor the CPS's supply chain
o Brand intelligence - provide analytical insights to proactively defend against new and emerging threats to your brand, products, employees, executives, and suppliers.
· Capability integration - continually improve the detection capabilities of the SIEM by learning from cyber threat intelligence and incidents.
· Incident response, including:
o Work according to agreed incident response processes, playbooks with the customer.
o Identify, analyse, contain and eradicate, recover (see below) and review incidents.
o Provide Forensic analysis / forensic evidence gathering as required (preferably NCSC certified)
· Compliance Management - help ensure that applications, security tools and processes comply with privacy regulations, namely Data Protection Act.
The SOC provider will be expected to record incidents in the CPS ITSM tool to automate the production of incident management information. The SOC provider will also be required to assist with the trending of incidents and attend operational level meetings with the CPS and other suppliers as required.
At this stage, the CPS is seeking to engage with the supply market as part of an information-gathering exercise to understand how suppliers might approach the provision of the services outline above, particularly with regard to any developments in SIEM / SOC delivery and innovation.
Suppliers who wish to express their interest in this potential opportunity should do so via the contact details contained within the notice and present their observations on how the requirements within this Prior Information Notice could be fulfilled.
This may take any format and should cover the following areas per as minimum:
• Observations / Comments on the customer requirements, particularly the feasibility of adding forensic analysis and NCSC certified Cyber Incident Responder retainer capability to the requirements.
• how the provision of the SOC service has been modernised in recent years
• approach to ensure Service Excellence
· Recommendation for SIEM tool(s) and reasons.
two.3) Estimated date of publication of contract notice
31 January 2024
Section four. Procedure
four.1) Description
four.1.8) Information about the Government Procurement Agreement (GPA)
The procurement is covered by the Government Procurement Agreement: No