Lambeth Council

Cyber Security Consultancy

Incomplete applications

13
Incomplete applications
12 SME, 1 large

Completed applications

3
Completed applications
2 SME, 1 large
Important dates
Opportunity attribute name Opportunity attribute value
Published Thursday 14 December 2017
Deadline for asking questions Thursday 21 December 2017 at 11:59pm GMT
Closing date for applications Thursday 28 December 2017 at 11:59pm GMT

Overview

Overview
Opportunity attribute name Opportunity attribute value
Specialist role Cyber security consultant
Summary of the work Lambeth ICT Services requires additional specialist security resources to develop and implement a new security strategy, support ongoing security initiatives, manage security work-streams, and to provide expertise to successfully undertake a number of security tasks.
Latest start date Monday 15 January 2018
Expected contract length 1 year contract, initially covering 20 days consultancy
Location London
Organisation the work is for Lambeth Council
Maximum day rate

About the work

About the work
Opportunity attribute name Opportunity attribute value
Early market engagement
Who the specialist will work with Head of Operations
Senior Security Officer
Service Desk Manager
Server Manager
Application & DBA Manager
Network Team Leader
What the specialist will work on Security Consultancy (operational & technical) for the following: -
- Policy & Procedure reviews
- Creation of policy framework based on current requirements
- Senior Advisor support
- Represent an unbiased third party as part of the IS Board
- Provide technical expertise and advice
- Assistance with compliance standards such as PCI DSS & PSN
- Assumed grade for the role is that of an Information Security Manager.
- Develop an security incident response plan
- Provide first responder training for security incidents
- Create a framework for Lambeth Council's ICT security architecture
- Tailored evaluation if required

Work setup

Work setup
Opportunity attribute name Opportunity attribute value
Address where the work will take place Olive Morris House
2nd Floor
18 Brixton Hill
London
SW2 1RD
Working arrangements Minimum of 2-3 days on site working face to face with teams
Travel/hotel expenses will not be covered
Security clearance BPSS DBS

Additional information

Additional information
Opportunity attribute name Opportunity attribute value
Additional terms and conditions to be discussed after engagement

Skills and experience

Buyers will use the essential and nice-to-have skills and experience to help them evaluate suppliers’ technical competence.

Skills and experience
Opportunity attribute name Opportunity attribute value
Essential skills and experience
  • ISO 27001 accredited
  • ISO 9001 accredited
  • CBEST Approved Penetration Testing Provider
  • CBEST Threat Intelligence supplier
  • Certified NCSC CHECK
  • NCSC accredited for Cyber Security Consultancy
  • NCSC approved to provide Cyber Incident Response
  • Provides an 'on demand' security consultancy service
  • Proven experience of providing information security consultancy to a local authority
  • Proven experience of developing an Information Security Strategy
Nice-to-have skills and experience Member of the Cyber Security Supplier to Government Scheme

How suppliers will be evaluated

How suppliers will be evaluated
Opportunity attribute name Opportunity attribute value
How many specialists to evaluate 3
Cultural fit criteria
  • Work as a team with our organisation and other suppliers
  • Be transparent and collaborative when making decisions
  • Have a no-blame culture and encourage people to learn from their mistakes
  • Be comfortable standing up for their discipline
  • Can work with clients with low technical expertise
  • Share knowledge and experience with other team members
Assessment methods
  • Work history
  • Reference
  • Presentation
Evaluation weighting

Technical competence

50%

Cultural fit

10%

Price

40%

Questions asked by suppliers

Questions asked by suppliers
Supplier question Buyer answer
1. Can you confirm this is for 4 days a week/30 hours a week over a 12 month period – if not please clarify the extent and requirement for a consultancy service. Is this position inside or outside of IR35 This is for a 1 year contract, initially covering 20 days consultancy

Suppliers are expected to be IR35 compliant.

The consultancy requirement is a 1 year contract, initially covering 20 days consultancy. This includes a minimum of 2-3 days on site working face to face with teams i.e. a morning or afternoon on site for up to 3 days a week
2. Please can you clarify is this role in or out IR35? We are seeking consultancy services from a cyber security company. We therefore expect the company to be adhering to HMRC rules in respect of IR35.

To clarify, this tender is not for a role but a service, for which there is account management provided.
3. Are the essential requirements, required of the cyber security consultant specialist or of the specialists employer?

The various certifications listed are company certifications. I.e: do you require the company to be ISO27001 certified or the cyber security consultant to be ISO27001 Lead Auditor qualified?
The essential requirements are requirements we want the company providing the consultancy to hold.
4. Is it essential for the supplier to be a CBEST Approved Penetration Testing Provider & CBEST Threat Intelligence supplier? If so, can you please detail why Lambeth Council require this UK financial services accreditation? The accreditations are used in this tender to identify genuine enterprise -level cyber security specialist.

We require consultancy to assist with achieving PCI DSS compliance and improving our security for financial transactions
5. Please could you confirm the daily rate for this role. The requirement is for a security consultancy service and not a role.
Therefore there is no daily rate associated with this requirement.
6. 1.Regarding the BPSS clearance status, if the candidate does not hold active BPSS clearance and is willing to go through the process, can this be considered, if yes will you sponsor the security clearance

2.Can any other higher security clearance be considered?

3.What is the lead time for feedback once the application is submitted?

4.Will this role be within IR35? 5.Any chances of change in start date as the latest date mentioned is Monday 15 January 2018
1. BPSS clearance will not be sponsored and suppliers must have this clearance to be considered
2. Consideration may be given to a higher security clearance above BPSS
3. The lead time for feedback once the requirement has been closed on 28th Dec will be 7 days
4. it will be expected that the suppliers themselves satisfy any IR35 requirements with their employees. The start date is negotiable
7. 6.What are the other expenses which will be paid

7.What are the exact work locations

8.Any specific format(pdf,doc) in which CVs to be sent later

9.Is occasional remote working allowed?

10.Is there any travel involved in this role and will the travel expenses be paid ?

11. Is the rate inclusive or exclusive of VAT?

12.Would you consider work permit holders (e.g. Tier 2 General Visa) and EU passport holders for this role ?
6. Expenses will not be paid

7. Olive Morris House, 18 Brixton Hill, London, SW2 1RD

8. CV submissions will not be considered for this requirement

9. Occasional remote working is permitted for this requirement
8. 10.Is there any travel involved in this role and will the travel expenses be paid ?

11. Is the rate inclusive or exclusive of VAT?

12.Would you consider work permit holders (e.g. Tier 2 General Visa) and EU passport holders for this role ?
10. No travel is involved in this requirement

11. There is no 'rate' associated with this requirement

12. Consideration of work permits and EU passport holders will be at the desecration of the supplier