By browsing our site you agree to our use of cookies. You will only see this message once. Find out more

NDA requires the services of one or more framework providers to support NDA, Site Licensed Companies (SLCs) and subsidiaries (the estate) to implement the Cyber Security and Resilience Programme (CSRP). Identification of specific work packages will ...

Contract notice

Services

Directive 2014/24/EU

Section I: Contracting authority

I.1)Name and addresses
Cyber Security and Resilience Capability Enhancement Framework
Herdus House
Moor Row
CA24 3HU
United Kingdom
Contact person: Matt McClure
Telephone: +44 1925802061
E-mail:
NUTS code: UKD11

Internet address(es):

Main address: https://www.gov.uk/government/organisations/nuclear-decommissioning-authority

I.2)Joint procurement
I.3)Communication
The procurement documents are available for unrestricted and full direct access, free of charge, at: http://
Additional information can be obtained from the abovementioned address
Tenders or requests to participate must be submitted to the abovementioned address
I.4)Type of the contracting authority
National or federal agency/office
I.5)Main activity
Other activity: nuclear decommissioning

Section II: Object

II.1)Scope of the procurement
II.1.1)Title:

Cyber Security and Resilience Capability Enhancement Framework.

Reference number: MM000219
II.1.2)Main CPV code
72000000
II.1.3)Type of contract
Services
II.1.4)Short description:

NDA requires the services of one or more framework providers to support NDA, Site Licensed Companies (SLCs) and subsidiaries (the estate) to implement the Cyber Security and Resilience Programme (CSRP). Identification of specific work packages will follow on from the estate-wide Profiling and Risk Assessment activities is currently in progress. These will identify areas where additional investment or support is required. Provision of these support services is intended to facilitate effective and consistent remediation activity and provide demonstrable benefit for stakeholders.

II.1.5)Estimated total value
Value excluding VAT: 5 500 000.00 GBP
II.1.6)Information about lots
This contract is divided into lots: yes
Tenders may be submitted for all lots
Maximum number of lots that may be awarded to one tenderer: 2
The contracting authority reserves the right to award contracts combining the following lots or groups of lots:

Lot 1 - Incident Response and Exercises;

Lot 2 - Assurance and Governance.

II.2)Description
II.2.1)Title:

Incident Response and Exercises

Lot No: 1
II.2.2)Additional CPV code(s)
72000000
II.2.3)Place of performance
NUTS code: UK
II.2.4)Description of the procurement:

This will be a framework of 1 supplier. The estimated value per annum is 1 100 000 GBP, however, NDA provides no guarantee of committed expenditure.

This support is provided following the escalation of an event to the point where external support and forensics are required, either because of duration (the on-site / NDA estate team is expected to be exhausted after 24 hours) or because of complexity (more analysts required, specialist skills, etc.) - essentially the ‘cavalry’. Based upon experience of the resource needed during a simulated event, a support team of 10 people is estimated. It is assumed that there may be 1 event per year that might require intervention (this is an assumption only - not based on historic information), with a duration of 2 weeks.

It is further assumed that 1 of the 2 training exercises that will be run during the year, 1 of them will be at such a level that the incident response team will be required. Therefore a second 2-week duration event is expected.

Where required, the provider shall:

- Provide rapid, round-the-clock (24/7) engagement following an identified cyber incident;

- Carry out incident analysis, for example:

- Digital Forensic Analysis,

- Traffic Monitoring,

- Malware Analysis (including reverse engineering);

- Assist in minimizing and mitigating any damage caused - e.g. isolate systems, contain any infection;

- Support the client in incident recovery;

- Support the client in post incident review;

- Determine and present ‘lessons learned’.

II.2.5)Award criteria
Price is not the only award criterion and all criteria are stated only in the procurement documents
II.2.6)Estimated value
Value excluding VAT: 4 400 000.00 GBP
II.2.7)Duration of the contract, framework agreement or dynamic purchasing system
Duration in months: 12
This contract is subject to renewal: yes
Description of renewals:

The contract will be placed for a period of 12 months with NDA option to extend the contract by increments of 12 months, up to a maximum contract extension of 36 months.

II.2.10)Information about variants
Variants will be accepted: no
II.2.11)Information about options
Options: no
II.2.12)Information about electronic catalogues
II.2.13)Information about European Union funds
The procurement is related to a project and/or programme financed by European Union funds: no
II.2.14)Additional information
II.2)Description
II.2.1)Title:

Assurance and Governance

Lot No: 2
II.2.2)Additional CPV code(s)
72000000
II.2.3)Place of performance
NUTS code: UK
II.2.4)Description of the procurement:

This will be a framework of 1 supplier. The estimated value is 4 400 000 GBP however; this expenditure may be committed in the first year or spread over the framework term. NDA provides no guarantee of committed expenditure.

Assurance

This is based upon the need for the NDA to independently assure the outcome of work carried out around the estate (including NDA HQ); to evaluate the work and ensure that it provides the level of performance expected and for which funding was provided.

It is assumed that there will be 1 system / product requiring testing per month over a 12-month period. And that a team of 3-4 people will be required to fully test a system / product over a 2-week period.

Where required, the provider shall supply:

- Independent assurance of security within information systems, such as:

o Technical vulnerability assessment,

o Penetration testing, including social engineering and red teaming;

- Assistance with the co-ordination of assurance activities;

- Development of test scenarios and metrics required to gain adequate assurance;

- Workshops to ensure assurance activities are uniform across the estate;

- Auditing of technical, personnel and physical security;

- Assurance of third party activities;

- Independent assurance of project proposals (see also benchmarking).

Governance

The aim of this work stream is for the Organisation to identify critical business assets and thereafter assess, develop, improve and embed the Organisation's risk management and security policies for these assets.

Expected activity:

Where required, the provider shall:

- Help the organisation create or develop policy;

- Improve the organisation's risk assessment framework;

- Hold governance workshops;

- Train personnel in governance-related practices and policies.

Resources to be provided:

Where required, the contractor shall provide:

- Technical authors;

- Trainers;

- Subject Matter Experts.

II.2.5)Award criteria
Price is not the only award criterion and all criteria are stated only in the procurement documents
II.2.6)Estimated value
Value excluding VAT: 4 400 000.00 GBP
II.2.7)Duration of the contract, framework agreement or dynamic purchasing system
Duration in days: 12
This contract is subject to renewal: yes
Description of renewals:

The contract will be placed for a period of 12 months with NDA option to extend the contract by increments of 12 months, up to a maximum contract extension of 36 months.

II.2.10)Information about variants
Variants will be accepted: no
II.2.11)Information about options
Options: no
II.2.12)Information about electronic catalogues
II.2.13)Information about European Union funds
The procurement is related to a project and/or programme financed by European Union funds: no
II.2.14)Additional information

Section III: Legal, economic, financial and technical information

III.1)Conditions for participation
III.1.1)Suitability to pursue the professional activity, including requirements relating to enrolment on professional or trade registers
List and brief description of conditions:

Relevant insurances to be in place, including professional indemnity. Evidence and details must be supplied as part of your tender submission.

III.1.2)Economic and financial standing
List and brief description of selection criteria:

Information and formalities necessary for evaluating if the requirements are met: Information and formalities necessary for evaluating if the requirements are met: 2 year's audited accounts (most recent) to be provided separately to the tender document in electronic format.

III.1.3)Technical and professional ability
Selection criteria as stated in the procurement documents
III.1.5)Information about reserved contracts
III.2)Conditions related to the contract
III.2.1)Information about a particular profession
III.2.2)Contract performance conditions:
III.2.3)Information about staff responsible for the performance of the contract

Section IV: Procedure

IV.1)Description
IV.1.1)Type of procedure
Open procedure
IV.1.3)Information about a framework agreement or a dynamic purchasing system
The procurement involves the establishment of a framework agreement
Framework agreement with several operators
Envisaged maximum number of participants to the framework agreement: 2
IV.1.4)Information about reduction of the number of solutions or tenders during negotiation or dialogue
IV.1.6)Information about electronic auction
IV.1.8)Information about the Government Procurement Agreement (GPA)
The procurement is covered by the Government Procurement Agreement: no
IV.2)Administrative information
IV.2.1)Previous publication concerning this procedure
IV.2.2)Time limit for receipt of tenders or requests to participate
Date: 02/08/2017
Local time: 12:00
IV.2.3)Estimated date of dispatch of invitations to tender or to participate to selected candidates
IV.2.4)Languages in which tenders or requests to participate may be submitted:
English
IV.2.6)Minimum time frame during which the tenderer must maintain the tender
Duration in months: 6 (from the date stated for receipt of tender)
IV.2.7)Conditions for opening of tenders
Date: 03/08/2017
Local time: 09:00

Section VI: Complementary information

VI.1)Information about recurrence
This is a recurrent procurement: no
VI.2)Information about electronic workflows
VI.3)Additional information:
VI.4)Procedures for review
VI.4.1)Review body
Cabinet Office
London
United Kingdom
VI.4.2)Body responsible for mediation procedures
VI.4.3)Review procedure
VI.4.4)Service from which information about the review procedure may be obtained
VI.5)Date of dispatch of this notice:
28/06/2017