Local Pensions Partnership (LPP)

Information & Cyber Security Discovery - To inform business case

Incomplete applications

21
Incomplete applications
14 SME, 7 large

Completed applications

20
Completed applications
17 SME, 3 large
Important dates
Opportunity attribute name Opportunity attribute value
Published Tuesday 26 November 2019
Deadline for asking questions Tuesday 3 December 2019 at 11:59pm GMT
Closing date for applications Tuesday 10 December 2019 at 11:59pm GMT

Overview

Overview
Opportunity attribute name Opportunity attribute value
Summary of the work To further enhance and improve upon existing information and cyber security capabilities, a discovery phase analysis outcome is required to identify whether the Local Pensions Partnership (LPP) can utilise and benefit from the usage of third party partner 'Security Operations Centre' (SOC) services.
Latest start date Thursday 2 January 2020
Expected contract length We would expect this outcome to be completed in no more than 2 working months (40 days - maximum)
Location London
Organisation the work is for Local Pensions Partnership (LPP)
Budget range £15,000 (Fixed price)

About the work

About the work
Opportunity attribute name Opportunity attribute value
Why the work is being done To further enhance and improve upon existing information and cyber security capabilities, a discovery phase analysis outcome is required to identify whether the Local Pensions Partnership (LPP) can utilise and benefit from the usage of third party partner 'Security Operations Centre' (SOC) services. Such services would include the full range of SOC services as well as the usage of new and existing digital information and cyber security tools to extend monitoring, detection and response to threats, as well as to take proactive preventative action. The usage of such services would extend LPP's information and cyber security capabilities to a 24/7/365 basis. The content of the analysis would determine the feasibility and provide content to inform a business case.
Problem to be solved This outcome will provide a comprehensive documented view of the following:

- The information & cyber security SOC requirements within LPP. (which will need to be identified as part of this outcome, and should also cover the required coverage and resource skills that a SOC will provide LPP.)

- A traceable view of the requirements to what a SOC can provide LPP.

- A determination of high level costs (internal v's external).

- An understanding of the information & cyber security digital technologies in use within LPP, which would be within the scope of a SOC to monitor.

- The benefits of utilising a SOC, as opposed to the current approach in use.

- The high level costs of both approaches.

- A recommendation on which approach to proceed with.
Who the users are and what they need to do The following list is a subset or identified user-stories:

1) As a security manager, I need to ensure that LPP's IT technologies, data and domain are subject to continuous threat-monitoring.

2) As a security manager,. I need to ensure that pro-active preventative measures are undertaken to protect LPP, based on a changing environment / threat landscape.

3) As a security manager,, I need to ensure that pro-active and reactive threat detection is occurring on a continuous basis, thereby enabling action to be taken to protect LPP technologies, data and the domain.

4) As a security manager, I need to ensure that LPP's security monitoring is continuously reflective of industry standards, and is subject to continuous improvement.

5) As a security manager, I need to ensure technologies and awareness exists which can identify/resolve any new or existing threats, in order to protect LPP technologies, data and the domain.

6) As a security manager, I need to ensure all threat monitoring, detection, prevention or responses are subject full documentation, in an auditable manner.

7) As a security manager, I need to ensure a cost effective approach to 24/7/365 security threat-monitoring, detection and any response to protect LPP technologies, data and the domain.
Early market engagement
Any work that’s already been done
Existing team LPP's Security Working Group and its membership form the existing team with responsibility for information and cyber security.
Current phase Discovery

Work setup

Work setup
Opportunity attribute name Opportunity attribute value
Address where the work will take place LPP's Central London Office - Union Street, London, SE1
Working arrangements It is envisioned that a supplier would work on-site (to interact and interview key members of LPP's Security Working Group), as well as off-site to document and prepare the analysis.
Security clearance All supplier resources should be subject to BPSS clearance at a minimum, which should be undertaken by the supplier prior to commencement of the outcome engagement.
Additionally, suppliers must adhere to LPP IT policies, which includes the mandatory usage of encryption on devices, with up-to-date A/V & firewall software in-place.

Additional information

Additional information
Opportunity attribute name Opportunity attribute value
Additional terms and conditions The contract will utilise the Standard Framework terms and conditions, as well as LPP's standard terms and conditions (where necessary).

Skills and experience

Buyers will use the essential and nice-to-have skills and experience to help them evaluate suppliers’ technical competence.

Skills and experience
Opportunity attribute name Opportunity attribute value
Essential skills and experience
  • Demonstrable experience of delivering a discovery phase analysis within a public sector organisation
  • Demonstrable experience of deliver a discovery phase analysis within a highly regulated organisation.
  • Demonstrable experience of delivering a discovery phase analysis within a financial sector organisation
  • Demonstrable experience of analysing information and cyber security requirements within a financial sector organisation
  • Demonstrable experience of utilising the services of a security operations centre within a customers organisation.
  • Demonstrable understanding of the typical security components and capabilities found within public and private cloud services, as well as IdAM & network technologies
  • Demonstrable understanding of typical security needs within organisations and their technological ecosystems
Nice-to-have skills and experience
  • Ability to source all required skillsets to successfully deliver this outcome
  • Demonstrable experience of flexible working

How suppliers will be evaluated

All suppliers will be asked to provide a written proposal.

How suppliers will be evaluated
Opportunity attribute name Opportunity attribute value
How many suppliers to evaluate 3
Proposal criteria
  • A plan for delivery of the outcome in full, including (but not limited to) milestones & phases
  • An understanding of value for money
  • Approach and methodology to deliver this outcome in full
  • How risk will be minimised to ensure delivery of this outcome in full
Cultural fit criteria
  • Work as a team with our organisation and other suppliers
  • Take responsibility for their work
  • Challenge the status quo
  • Can work with clients with low technical expertise
Payment approach Fixed price
Additional assessment methods
  • Reference
  • Presentation
Evaluation weighting

Technical competence

75%

Cultural fit

5%

Price

20%

Questions asked by suppliers

Questions asked by suppliers
Supplier question Buyer answer
1. Will bidding on this discount us from bidding on the actual SOC service, should you consider going down this route? The decision to continue to Alpha and Beta stages will be dependent on the outcome of the Discovery project. We welcome all bids, at all stages, from suppliers who can meet our requirements.
2. Is the 15k inclusive of VAT? No it is not.
3. Can you confirm this is outside IR35? At this time it is understood that this discovery exercise is outside of IR35.
4. Our primary consultants are booked in Jan but we have an associate network that we can use which will have the right person, is this something you would be happy with? (we can provide additional support from Head office) As a buyer we are focused on the successful completion of the outcome. It is up to each supplier to determine how they can successfully delivery the outcome, including which resources they utilise.
5. What is the expected split between on site and offsite work? Please refer to the field 'Working arrangements' for an answer to this question.
6. Does bidding for the Discovery phase preclude you from being able to deliver the SOC capability, if that is a route chosen by LPP as a result of this exercise? The decision to continue to Alpha and Beta stages will be dependent on the outcome of the Discovery project. We welcome all bids, at all stages, from suppliers who can meet our requirements.
7. Please clarify if by doing this work would we still be able to compete to be the SOC provider. The decision to continue to Alpha and Beta stages will be dependent on the outcome of the Discovery project. We welcome all bids, at all stages, from suppliers who can meet our requirements.
8. What is meant by 'experience of utilising the services of a security operations centre' This relates to a supplier demonstrating to us that they are familiar with (in depth) in the utilisation of the services of a Security Operations Centre within a customers environment, as opposed to only within their own environment.
9. What products are within the environment? Vendor name, product name and versions?
Number of licenses
Number of Locations
Do you need to comply with anything ie PCI-DSS or any other?
Do you operate 24x7
Do you have your own data centre’s
In reference to your specific question: We are unable to provide a full list of products, including vendor name and versions, number of licenses, number of locations, in the 100 word response which we are limited to within the Digital Marketplace.
To provide relevant information:
- We are predominantly utilise Microsoft technologies, across four physical 'office; locations, We currently utilise two data-centres, as well as Microsoft's cloud.
We generally operation 8am-8pm, although please note that this outcome covers 24x7x365 security monitoring. We adhere to data compliance as well as being FCA regulated.