Scope
Reference
P_19864
Description
The 2-month continuation (plus 1-month contingency) of the current protective monitoring service using IBM QRadar for on-premises and AWS-based Buyer-owned infrastructure and applications, to allow for transition to the in-house, long-term replacement solution. An operational support team monitor, support and patch the Protective Monitoring service and QRadar components including onboarding of new log sources. A Security Operations Centre (SOC) provides analysis of alerts, carries out triage and investigation of any potential security event, and alerts the Buyer.
The monitoring service will be delivered from January 1st 2026 until March 31st 2026. An operational support team shall monitor, support and patch the Protective Monitoring service and QRadar components including onboarding of new log sources. A Security Operations Centre (SOC) shall provide analysis of alerts, carries out triage and investigation of any potential security event, and alert the Buyer.
The replacement in-house, long-term replacement solution is in the final stages of development and governance with an anticipated go-live of Jan/Feb 2026 with the current IBM QRadar contract terminating on 31st Decmeber 2025 with no further extensions available, this short-term continuation contract is required to support transition.
Contract 1
Supplier
Contract value
- £261,000 excluding VAT
- £313,200 including VAT
Above the relevant threshold
Earliest date the contract will be signed
23 December 2025
Contract dates (estimated)
- 1 January 2026 to 30 May 2026
- 4 months, 30 days
Main procurement category
Services
CPV classifications
- 72212732 - Data security software development services
Other information
Conflicts assessment prepared/revised
Yes
Procedure
Procedure type
Direct award
Direct award justification
- Single supplier - technical reasons
- Additional or repeat goods, services or works - extension or partial replacement
IBM is the incumbent provider of the protective monitoring service. The current contract ends on 31 December 2025, and the replacement in-house CSOC solution will not complete early life support until mid-late February 2026. Continuity of service is essential to maintain security assurance.
The time and cost of moving to an alternative supplier for a 2-3 month period would pose significant technical and financial risk. Transitioning to a new supplier would require onboarding, data conversion, and configuration, which is not feasible within the timeframe.
The current log data is in IBM's proprietary format. Converting this large volume of data to another system within the timeframe is not considerd possible and in any case would require substantial resources and could compromise security monitoring during the transition.
Supplier
IBM UK LTD
- Companies House: 01503908
Building C IBM Hursley Office
Winchester
SO21 2JN
United Kingdom
Email: jzillessen@uk.ibm.com
Region: UKJ36 - Central Hampshire
Small or medium-sized enterprise (SME): No
Voluntary, community or social enterprise (VCSE): No
Contract 1
Contracting authority
Home Office
- Public Procurement Organisation Number: PWGC-6513-PQLZ
2 Marsham Street
London
SW1P 4DF
United Kingdom
Region: UKI32 - Westminster
Organisation type: Public authority - central government