Section one: Contracting entity
one.1) Name and addresses
Scotland Gas Networks (SGN)
St Lawrence House, Station Approach
Horley
RH6 9HJ
Country
United Kingdom
Region code
UK - United Kingdom
Internet address(es)
Main address
one.6) Main activity
Production, transport and distribution of gas and heat
Section two: Object
two.1) Scope of the procurement
two.1.1) Title
The scope of work is to deliver the Cloud Detection & Response (CDR)/ Cloud Native Application Protection Platform (CNAPP) services using the Wiz CNAPP cloud native platform (Wiz CNAPP cloud).
two.1.2) Main CPV code
- 79710000 - Security services
two.1.3) Type of contract
Services
two.1.4) Short description
The scope of work is to deliver the Cloud Detection & Response (CDR)/ Cloud Native
Application Protection Platform (CNAPP) services using the Wiz CNAPP cloud native
platform (Wiz CNAPP cloud).
CNAPP is a convergence of 3 different capabilities, which provide the foundations for an
effective Cloud Detection and Response (CDR) capability which SGN does not currently
have. This brings together the following three areas:
Cloud Security Posture Management (CSPM)
CSPM continuously monitors, identifies, alerts on, and remediates compliance risks and
misconfigurations in cloud environments. Cloud misconfigurations are often exploited by
threat actors. CSPM systems monitor cloud assets, then continually and automatically
check for cloud misconfigurations that may result in data breaches. Cloud environments
can be extremely complicated, and mistakes can be very hard to detect and manually
Cloud Infrastructure Entitlements Management (CIEM)
Monitors human and service identities; effective permissions; and exposed secrets across
cloud environments. CIEM continuously analyses risk and generates least privilege access
policies to efficiently remove any unused, risky, or excessive privileges. This mitigates the
risk of escalation of privilege, lateral movement and ultimately data breaches in the cloud.
IT currently does not have this level of visibility onto cloud permissions and identities.
Cloud Workload Protection (CWP)
CWP’s monitor workloads in the cloud, scan for vulnerabilities and provide information
regarding those vulnerabilities.
The Pricing Model for the SGN CDR/CNAPP solution and service is based on a combination
of the service elements requested by SGN.
The basis of pricing is outlined below and tailored to meet SGN’s requirements.
two.1.6) Information about lots
This contract is divided into lots: No
two.2) Description
two.2.3) Place of performance
NUTS codes
- UK - United Kingdom
two.2.4) Description of the procurement
The scope of work is to deliver the Cloud Detection & Response (CDR)/ Cloud Native
Application Protection Platform (CNAPP) services using the Wiz CNAPP cloud native
platform (Wiz CNAPP cloud).
CNAPP is a convergence of 3 different capabilities, which provide the foundations for an
effective Cloud Detection and Response (CDR) capability which SGN does not currently
have. This brings together the following three areas:
Cloud Security Posture Management (CSPM)
CSPM continuously monitors, identifies, alerts on, and remediates compliance risks and
misconfigurations in cloud environments. Cloud misconfigurations are often exploited by
threat actors. CSPM systems monitor cloud assets, then continually and automatically
check for cloud misconfigurations that may result in data breaches. Cloud environments
can be extremely complicated, and mistakes can be very hard to detect and manually
Cloud Infrastructure Entitlements Management (CIEM)
Monitors human and service identities; effective permissions; and exposed secrets across
cloud environments. CIEM continuously analyses risk and generates least privilege access
policies to efficiently remove any unused, risky, or excessive privileges. This mitigates the
risk of escalation of privilege, lateral movement and ultimately data breaches in the cloud.
IT currently does not have this level of visibility onto cloud permissions and identities.
Cloud Workload Protection (CWP)
CWP’s monitor workloads in the cloud, scan for vulnerabilities and provide information
regarding those vulnerabilities.
The Pricing Model for the SGN CDR/CNAPP solution and service is based on a combination
of the service elements requested by SGN.
The basis of pricing is outlined below and tailored to meet SGN’s requirements.
1. Subscription and Product Support:
a. Based on CNAPP SaaS platform services and based the volumes of SGN
Cloud assets being monitored.
b. Premium Wiz Platform support.
2. Initial Deployment / Onboarding:
a. Phase 1 - Solution Design:
b. Phase 2 - Enablement and Prioritization:
c. Phase 3 – Integration, Testing and Go Live:
d. Phase 4 - Training and Knowledge Transfer:
3. Training: The Supplier will provide a range of Knowledge Transfer to SGN Security
and Admin/platform personnel as outlined in Initial Deployment/Implementation. As
part of the Wiz service, SGN can have access to a range of online training material at
Wiz Academy. Through the Premium Support, SGN can also receive enablement
sessions to empower specific SGN roles (i.e. GRC) such as on setting compliance
policies for reporting and alerting (as Ofgem requirements change).
A solution is needed within the business to meet current and future cyber threats across
its cloud infrastructure/environment. The CNAPP solution will allow SGN to overcome
potential threats and exposure within the business.
two.2.11) Information about options
Options: No
two.2.13) Information about European Union Funds
The procurement is related to a project and/or programme financed by European Union funds: No
Section four. Procedure
four.1) Description
four.1.1) Type of procedure
Negotiated procedure with prior call for competition
four.1.3) Information about a framework agreement or a dynamic purchasing system
The procurement involves the establishment of a framework agreement
four.1.8) Information about the Government Procurement Agreement (GPA)
The procurement is covered by the Government Procurement Agreement: No
four.2) Administrative information
four.2.1) Previous publication concerning this procedure
Notice number: 2021/S 000-000004
Section five. Award of contract
A contract/lot is awarded: Yes
five.2) Award of contract
five.2.1) Date of conclusion of the contract
20 February 2025
Section six. Complementary information
six.4) Procedures for review
six.4.1) Review body
SGN
St Lawrence House,
Horley
RH6 9HJ
Country
United Kingdom