Scope
Reference
DBW00105
Description
The Development Bank of Wales undertook a competitive flexible procedure, this notice is to notify that we have entered into a contract with the successful supplier.
The Scope:
The Development Bank of Wales currently operate a security operation model that is split across multiple providers and technologies. To help reduce the complexity of this approach and improve our ability to effectively monitor, respond to, and mitigate security threats, the
Banc are investigating the feasibility of implementing a unified Microsoft security operations platform, the day-to-day management of which would be supported by a single provider. This transition will not only streamline our processes and technology, but also increase the efficiency of our incident response efforts and reduce the potential for gaps in our security
posture caused by the fragmentation of tools and services.
Currently, our Azure services are handled by Service Provider A, which focuses on optimising our cloud infrastructure. Service Provider B is responsible for managing our Microsoft 365 environment and on-premises infrastructure, ensuring that both are configured and maintained to meet our operational needs. Additionally, our managed detection and response (MDR) services are provided by Service Provider C, which utilises their own proprietary platform to deliver continuous monitoring, threat detection, and incident response across our IT estate.
The Banc is investigating replacing Service Provider C with a new Service Provider that will take over the managed detection and response function, utilising the Microsoft unified security platform. They will be responsible for the implementation, configuration and on going management of the platform, and providing proactive advice and recommendations to
improve the security of our Microsoft estate, drawing on Microsoft's insights, but will not be responsible for any configuration outside of the security platform. The new provider will collaborate closely with Service Providers A and B to align security practices ensuring that our entire IT environment remains protected against emerging threats.
Contract 1. IT Security Services
Supplier
Contract value
- £1,500,000 excluding VAT
- £1,800,000 including VAT
Above the relevant threshold
Date signed
30 July 2025
Contract dates
- 31 July 2025 to 30 July 2030
- Possible extension to 30 July 2033
- 8 years
Description of possible extension:
3 years in 12 month increments
Main procurement category
Services
Options
The right to additional purchases while the contract is valid.
Additional services and consultancy may be required
CPV classifications
- 72000000 - IT services: consulting, software development, Internet and support
Contract locations
- UK - United Kingdom
Key performance indicators
| Name | Reporting frequency |
|---|---|
| Resolving threats | 1 months |
Submission
Submission type
Tenders
Other information
Conflicts assessment prepared/revised
Yes
Procedure
Procedure type
Competitive flexible procedure
Supplier
Wavenet Limited
- Public Procurement Organisation Number: PGGC-2348-BVLG
At One Central Boulevard
Solihull
B90 8BG
United Kingdom
Telephone: 0121 18120215
Email: shekul.islam@wavenet.co.uk
Region: UKG32 - Solihull
Small or medium-sized enterprise (SME): No
Voluntary, community or social enterprise (VCSE): No
Supported employment provider: No
Public service mutual: No
Contract 1. IT Security Services
Contracting authority
Development Bank of Wales
- Public Procurement Organisation Number: PCWM-6438-QYVP
Development Bank of Wales plc
Cardiff
CF10 4BZ
United Kingdom
Contact name: Leanne Millard
Telephone: 029 20801715
Email: leanne.millard@developmentbank.wales
Website: http://www.developmentbank.wales
Region: UKL22 - Cardiff and Vale of Glamorgan
Organisation type: Public authority - central government
Devolved regulations that apply: Wales