Section one: Contracting authority
one.1) Name and addresses
Scottish Government
4 Atlantic Quay, 70 York St
Glasgow
G2 8EA
Contact
Jonathan Nicolson
Telephone
+44 1412420133
Country
United Kingdom
NUTS code
UKM - Scotland
Internet address(es)
Main address
Buyer's address
https://www.publiccontractsscotland.gov.uk/search/Search_AuthProfile.aspx?ID=AA10482
one.2) Information about joint procurement
The contract is awarded by a central purchasing body
one.4) Type of the contracting authority
Ministry or any other national or federal authority
one.5) Main activity
General public services
Section two: Object
two.1) Scope of the procurement
two.1.1) Title
Cyber Resilience - Training for Public Sector Boards
Reference number
614465
two.1.2) Main CPV code
- 80511000 - Staff training services
two.1.3) Type of contract
Services
two.1.4) Short description
Globally organisations and individuals have become reliant on digital technology. Effective cyber security and resilience protect the processes and services we depend on, ensuring we can take advantage of the benefits that technology can bring. An organisation’s ability to prevent, respond to and recover from a cyber attack is central to resilience. Cyber resilience is therefore a key risk and consideration for any Board.
The Scottish Government’s Strategic Framework for a Cyber Resilient Scotland (‘the Strategic Framework’), published in February 2021, sets out what we all need to do to make Scotland a digitally secure and resilient nation. Four outcomes underpin this vision, and four action plans set out the detail of how we will achieve these.
Responsibility for the implementation of the Strategic Framework lies with the Scottish Government’s Cyber Resilience Unit (CRU). The Public Sector Action Plan annexed to the Framework is a priority for the CRU and overarching aim 5 seeks to embed cyber resilience into the governance, policies and processes of public sector bodies.
The CRU works in partnership with a wide range of organisations including the UK Government’s National Cyber Security Centre (NCSC). The NCSC supports all areas of society to understand cyber risk from our critical national infrastructure organisations to the general public. More specifically, the NCSC distils its deep knowledge and expertise into practical guidance including a Board Toolkit designed to encourage cyber security discussions between an organisation’s Board and its technical experts.
In spring 2023, the Scottish Government contracted a short pilot project to adapt the NCSC’s Board Toolkit and pilot its delivery with a group of public sector board members drawn from organisations across Scotland. The pilot was successful and feedback was positive. It is on the foundation of this pilot that we are now contracting a scaled-up roll-out of the training programme. We will work with the successful Service Provider to make any further tweaks to the training pack that are recommended in the evaluation report of the training pilot.
two.1.6) Information about lots
This contract is divided into lots: No
two.1.7) Total value of the procurement (excluding VAT)
Value excluding VAT: £86,200
two.2) Description
two.2.2) Additional CPV code(s)
- 80500000 - Training services
- 80522000 - Training seminars
- 80531000 - Industrial and technical training services
- 80531200 - Technical training services
- 80521000 - Training programme services
- 80533100 - Computer training services
- 80600000 - Training services in defence and security materials
two.2.3) Place of performance
NUTS codes
- UKM - Scotland
two.2.4) Description of the procurement
The programme aims to grow the capacity of Scotland’s public boards to take a leadership role in ensuring the cyber resilience of their organisations. Strategically, it supports Outcome 2 of the Strategic Framework, which is that:
Businesses and organisations recognise the cyber risks
and are well prepared to manage them.
The programme aims to develop the knowledge and skills of board members from across Scotland’s c. 190 public boards, with the outcome that boards will have at least one member who has a good understanding of cyber risk, can take on a cyber risk assurance role on the board, and can motivate their board colleagues to take cyber risk seriously at a senior leadership level. It also aims to provide broad awareness raising for any and all board members who wish to gain a basic understanding of the cyber threat landscape and the importance of taking action.
These aims will be achieved through two strands of activity, by March 2024:
A. Delivery of up to 20 x half-day online training sessions for up to 12 public sector board members at a time (drawn from different boards), that will deliver learning around cyber risk, cyber assurance and pragmatic steps boards can take to further ensure the resilience of their organisations. This delivery to be evaluated at the end of the each delivery session (to implement improvement into the next session) as well as at the end of the programme period. This will include promotion, recruitment of participants, delivery, provision of electronic resources/slides, and evaluation of the session on the day.
B. Delivery of 6 x one-hour webinars for any and all board members who are interested to gain broad awareness of cyber resilience. These webinars to be evaluated. This should include promotion, recruitment, delivery and immediate evaluation.
two.2.5) Award criteria
Quality criterion - Name: Technical Quality / Weighting: 70
Price - Weighting: 30
two.2.11) Information about options
Options: No
two.2.13) Information about European Union Funds
The procurement is related to a project and/or programme financed by European Union funds: No
Section four. Procedure
four.1) Description
four.1.1) Type of procedure
Open procedure
four.1.8) Information about the Government Procurement Agreement (GPA)
The procurement is covered by the Government Procurement Agreement: Yes
four.2) Administrative information
four.2.1) Previous publication concerning this procedure
Notice number: 2023/S 000-017822
Section five. Award of contract
Contract No
614465
A contract/lot is awarded: Yes
five.2) Award of contract
five.2.1) Date of conclusion of the contract
29 September 2023
five.2.2) Information about tenders
Number of tenders received: 18
Number of tenders received from SMEs: 13
Number of tenders received from tenderers from other EU Member States: 0
Number of tenders received from tenderers from non-EU Member States: 18
Number of tenders received by electronic means: 18
The contract has been awarded to a group of economic operators: No
five.2.3) Name and address of the contractor
Frank Rankin
11 Viaduct Road, Clarkston
Clarkston
G76 8BN
Telephone
+44 7958482882
Country
United Kingdom
NUTS code
- UKM83 - Inverclyde, East Renfrewshire and Renfrewshire
The contractor is an SME
Yes
five.2.4) Information on value of contract/lot (excluding VAT)
Total value of the contract/lot: £86,200
Section six. Complementary information
six.3) Additional information
The buyer is using PCS-Tender to conduct this ITT exercise. The Project code is 24542. For more information see: http://www.publiccontractsscotland.gov.uk/info/InfoCentre.aspx?ID=2343
Question Scoring Methodology for Award Criteria outlined in invitation to tender:
0 — Unacceptable. Nil or inadequate response. Fails to demonstrate an ability to meet the requirement.
1 — Poor. Response is partially relevant but generally poor. The response addresses some elements of the requirement but contains insufficient/limited detail or explanation to demonstrate how the requirement will be fulfilled.
2 — Acceptable. Response is relevant and acceptable. The response addresses a broad understanding of the requirement but may lack details on how the requirement will be fulfilled in certain areas.
3 — Good. Response is relevant and good. The response is sufficiently detailed to demonstrate a good understanding and provides details on how the requirements will be fulfilled.
4 — Excellent. Response is completely relevant and excellent overall.
Bidders must complete the SPD (Scotland) to demonstrate adherence to the Exclusion and Selection Criteria for this procurement.
If there are named subcontractors/technicians upon which the bidder will rely to meet the selection criteria, these named parties must complete and reattach the SPD Supplier Response Form attached to SPD questions 2C.1.1 (Technicians) and 2D.1.2 (Subcontractors) on PCS-T. These parties must complete the first three sections of the SPD form, as well as any part of the section 4 selection criteria that the main bidder will rely upon the parties to fulfil. If parties have not yet been identified, this information may be required at a later date.
Scottish Government reserves the right to request this information from relevant parties upon whom the main bidder will not rely to fulfil selection criteria.
4C.10 Bidders will be required to confirm whether they intend to sub-contract and if so, for what proportion of the contract.
(SC Ref:746621)
six.4) Procedures for review
six.4.1) Review body
Edinburgh Sheriff Court and Justice of the Peace Court
27 Chambers Street
Edinburgh
EH1 1LB
Country
United Kingdom