Scope
Description
Network Rail is seeking to engage the market regarding the future procurement of a Certificate Lifecycle Management (CLM) solution. This project is driven by significant industry changes, including the CA/Browser Forum's decision to reduce the maximum lifespan of public SSL/TLS certificates over the coming years. By 2029, certificates will require renewal as frequently as every 47 days, and domain validation reuse will be limited to just 10 days. These changes are intended to enhance security but will introduce substantial operational overhead, making manual certificate management impractical and automation essential.
Network Rail operates across a complex landscape of on-premises, cloud, and supplier-managed environments. A key challenge is the fragmented ownership and lack of central visibility over certificates, particularly those issued and managed by third-party suppliers. This fragmentation increases the risk of outages due to expired or misconfigured certificates and limits Network Rail's ability to monitor, renew, or enforce compliance directly.
The CLM project aims to address these challenges by implementing a solution that enables the centralised, automated management of certificates throughout their lifecycle, regardless of where they are issued or managed. The solution must provide comprehensive visibility across all environments, support robust automation for renewal and validation, and enable clear supplier accountability through contractual mechanisms. This includes the ability to track certificates managed by third parties, enforce renewal responsibilities, and ensure that incidents caused by supplier failures can be managed contractually.
Network Rail is inviting suppliers to demonstrate how their solutions can meet these requirements, including the ability to:
Centrally track and manage certificates across all environments and suppliers.
Automate certificate renewal, validation, and compliance processes.
Provide visibility and control over third-party issued certificates.
Support supplier accountability and contractual enforcement.
Align with upcoming industry standards and security requirements.
Deliver proven solutions at scale, with references from similar large infrastructure organisations.
This market engagement will inform Network Rail's approach to the procurement of a CLM solution that ensures security, operational resilience, and compliance in a rapidly evolving digital landscape.
Total value (estimated)
- £800,000 excluding VAT
- £960,000 including VAT
Above the relevant threshold
Contract dates (estimated)
- 30 November 2025 to 30 November 2028
- 3 years, 1 day
Main procurement category
Services
CPV classifications
- 72260000 - Software-related services
- 72267000 - Software maintenance and repair services
- 72261000 - Software support services
- 72590000 - Computer-related professional services
- 72222300 - Information technology services
- 72212200 - Networking, Internet and intranet software development services
- 72000000 - IT services: consulting, software development, Internet and support
Engagement
Engagement deadline
31 October 2025
Engagement process description
Network Rail is inviting suppliers to participate in this preliminary market engagement for the Certificate Lifecycle Management System. The engagement process is as follows:
Accessing the Documents:
Suppliers should access the draft requirements and supporting documents via the Network Rail Bravo platform. Visit https://networkrail.bravosolution.co.uk/web/login.html, select "View Current Opportunities," and choose "Certificate Lifecycle Management Programme Core Services." The documents will be available in the attachments section; no login is required.
Reviewing Requirements:
Suppliers are requested to carefully review the draft requirements document and all supporting materials provided.
Supplier Response - Structured Presentation:
After reviewing the requirements, suppliers must prepare a structured PowerPoint presentation that addresses all elements outlined under the "Supplier Presentation Requirements for PME" section of the briefing pack. Presentations should comprehensively cover each specified area, demonstrating how your solution meets Network Rail's needs and responding to all requested points.
Submission Instructions:
Completed presentations must be submitted by email to Humza Tayyab at humza.tayyab@networkrail.co.uk no later than 17:00 on 31st October 2025. Please ensure your submission clearly references your organisation name and the CLM Programme. Submissions received after the deadline may not be considered.
Clarifications:
Any questions or requests for clarification regarding this notice should be directed to humza.tayyab@networkrail.co.uk.
Review and Further Engagement:
Upon receiving your completed presentation, Network Rail will review all responses and may contact suppliers for further information or discussion if necessary.
Participation
Particular suitability
- Small and medium-sized enterprises (SME)
- Voluntary, community and social enterprises (VCSE)
Procedure
Special regime
Utilities
Contracting authority
NETWORK RAIL INFRASTRUCTURE LIMITED
- Public Procurement Organisation Number: PNZN-9524-VCQJ
Waterloo General Office
London
SE1 8SW
United Kingdom
Contact name: Humza Tayyab
Email: humza.tayyab@networkrail.co.uk
Website: https://www.networkrail.co.uk/
Region: UKI45 - Lambeth
Organisation type: Public authority - central government