Awarded to Bruntonspall Ltd

Start date: Wednesday 6 March 2019
Value: £123,100
Company size: SME

Ministry of Justice

MoJ Security Monitoring Future Strategy

16 Incomplete applications

10 SME, 6 large

16 Completed applications

6 SME, 10 large

• Published: Monday 14 January 2019
• Deadline for asking questions: Monday 21 January 2019 at 11:59pm GMT
• Closing date for applications: Monday 28 January 2019 at 11:59pm GMT

Overview

• Summary of the work: Provide strategy, options, transition plan and recommendation for this requirement. Involving:; - analysis of MoJ's TTP Security Monitoring Solution ; -market assessment of Network Intrusion Detection and SIEM Platforms; - assessment of future need of the requirement; - commercial analysis for the different options and combinations from implementation into live support.
• Latest start date: Monday 18 February 2019
• Expected contract length: Total length of contract should not exceed 3 months
• Location: London
• Organisation the work is for: Ministry of Justice
• Budget range: We have assumed the team will be made up of a Security Architect or Consultant, Solution Manager, Business Analyst. The MoJ are willing to consider an alternative team make-up to provide an accurate evidence based recommendation.

About the work

• Why the work is being done: In November 2019 the contract for the current service provider delivering SoC capability, monitoring and reporting services will expire. In August 2020 support agreements with McAfee, Gigamon, Cisco and LogRythm for hardware will also expire.; ; The Authority want to carry out an assessment and review of the MoJ Security Monitoring Solution, factoring the constraints mentioned above, to revisit our approach to security monitoring, with the goal of devising pragmatic and cost-effective monitoring and response solutions that protect our enterprise IT against common cyber-attacks, including decommissioning / transition analysis.
• Problem to be solved: The Ministry of Justice security monitoring contract for hardware and software support expires in August 2020 and the contract with the monitoring service supplier expires in November 2019.; - Ministry of Justice do not have a strategy for a future Security Monitoring Solution, other than to extend current contracts; - A plan is required to transition from the current solution to a future approved solution; - We do not know the cost benefits or total cost of ownership for renewing or moving to a different solution; - A plan to decommission or exit the current solution requires analysis
• Who the users are and what they need to do: As Product Owner I need to know;; -what the costs and options are to renew the solution and support contracts for two years so that I have a baseline cost; -if the security monitoring technology stack is fit for purpose in the future for the MoJ; -if I should take my SoC requirements in-house so that I know if we should start a competition for the monitoring service to continue from November 2019; -all my options for the existing and future Security Monitoring solutions, including cost breakdowns and transition plans to decide the best course of action for the business.
• Early market engagement: None conducted
• Any work that’s already been done: The Security Privacy Team has engaged cloud suppliers to determine what options the Ministry has to host and run management services on cloud platforms, connected to the on-premise Security Monitoring Solution.
• Existing team: Digital and Technology Security Privacy Team
• Current phase: Discovery

Work setup

• Address where the work will take place: 102 Petty France; London SW1H 9AJ
• Working arrangements: On site for approximately 3 days for face to face meetings and clarifying needs. ; Use Agile working methods; Weekly progress report to Senior Stakeholders; Use of on line collaboration tools such as Slack and Skype for remote working. ; The Security Privacy Team Project Manager to provide reviews, direction and clarification on progress on a daily basis.
• Security clearance: Baseline Personnel Security Check (BPSS) as a minimum. See https://www.gov.uk/government/publications/government-baseline-personnel-security-standard for further guidance.

Additional information

• Additional terms and conditions: Standard Digital Outcomes and Specialist contract and MoJ's Travel and Subsistence policy. ; ; Please see:; https://www.gov.uk/government/publications/digital-outcomes-and-specialists-2-call-off-contract

Skills and experience

Buyers will use the essential and nice-to-have skills and experience to help them evaluate suppliers’ technical competence.

• Essential skills and experience:
  • Provide recent and demonstrable experience in advising on security monitoring solutions for complex enterprise IT systems conducted within the last three years
  • Outline recent and demonstrable experience for providing an assessment of a supplier (e.g. hardware and hosting maintenance) to meet business needs, conducted within the last three years
  • Outline recent and demonstrable experience for providing commercial assessments from the implementation through to live support services that meet business needs,conducted within the last three years
  • Outline recent and demonstrable experience for providing platform hosting assessments to meet business needs, conducted within the last three years
  • Providing references, evidence your experience of providing an evidence based recommendation of a technology solution, conducted within the last three years
  • Outline recent and demonstrable experience in knowledge of relevant legislation and guidance relevant to securing information in modern enterprise IT systems, conducted within the last three years
• Nice-to-have skills and experience:
  • Provide recent and demonstrable experience of LogRythm SIEM Platforms conducted within the last three years.
  • Provide recent and demonstrable experience of McAfee NSM and IDS solutions, conducted within the last three years.
  • Provide recent and demonstrable experience of defining customer journeys, conducted within the last three years.
  • Provide recent and demonstrable experience of creating detailed user stories in-accordance with the standards set out in the Government Digital Services' service assessment framework, conducted within the last three years.
  • Provide recent and demonstrable experience of providing advise/support on technology procurement within central government, conducted within the last three years.

How suppliers will be evaluated

• How many suppliers to evaluate: 5
• Proposal criteria:
  • Describe the method you would propose to use, referencing your experience on how you would conduct research and assessment to meet our user needs
  • Describe the method you would propose to use, referencing your experience on how you would develop a strategy proposal to meet our used needs
  • Describe the method you would propose to use, referencing your experience on how you would assess strategic options and present these to meet the user needs
  • Describe the method you would propose to use, referencing your experience on how you would develop and present transition plans to meet the departments needs
  • Describe how you will ensure a high quality recommendation will be provided through your approach and methodology.
  • Describe how you will ensure that the recommendations meet applicable legislation and general good practice in cyber security.
• Cultural fit criteria:
  • Recent and demonstrable experience of working in public sector or highly regulated environment.
  • Explain how you’ll ensure collaboration at all levels of the project and programme delivery between users, team members and management. Give examples of where you have taken this approach.
  • Explain how you’ll ensure collaboration with vendors to understand how their technology aligns with our business needs.
• Payment approach: Time and materials
• Assessment methods: Written proposal
• Evaluation weighting:

  Technical competence

  60%

  Cultural fit

  10%

  Price

  30%

Questions asked by suppliers

• 1. Is there a stated budget for this work: The MOJ welcomes provides to leverage their professional expertise and experience to consider the time/materials required to provide the Outcome(s) described. The MOJ as a public body utilising public funds seeks efficiency and value for money at all opportunities.
• 2. The requirements point to terms and conditions at https://www.gov.uk/government/publications/digital-outcomes-and-specialists-2-call-off-contract. This page says it was withdrawn on the 18th October 2018. Can you confirm which terms and conditions are being used for this work?: The Digital Outcomes and Specialists 2 call-off contract has been superseded by the Digital Octcomes and Specialists 3 call-off contract. ; ; You can gain access to these documents by clicking on the words 'most recent contract'. Underneath the bold text informing you of the publication withdrawal.
• 3. Please clarify the scope of the estate. For example the entire MoJ/HMCTS/HMPPS etc: The entirety of the MOJ, including for examples (but not limited to) HMCTS, HMPPS, and Justice Services (CICA, LAA, OPG)
• 4. What do you consider to be the responsibilities in the roles of Solution Manager and Business Analyst, so that we can compare this with our team task definitions?: Solution Manager: overseeing all aspects of the project. Business Analyst: documenting oversight/management, task analysis, workshop organisation, stakeholder updates (etc)
• 5. Does this work preclude the winning supplier from follow-on stages?: No
• 6. Could you clarify, in the nice-to-have skills and experience section, if ‘experience with IDS solutions’ has to be McAfee’s IDS solution or any type of IDS solutions: Any type of Intrusion Detection System (IDS) including examples where reasonable to do so
• 7. Could you clarify if you require 3 days/week presence in London, for face to face meetings or if that is the overall estimated time to be spent in London?: The overall estimated time to be spent in London for face to face meetings
• 8. Could you provide more details about requirements and expectations with regards to working at your London Office vs. remote working?: The MOJ anticipate the supplier will spend significant time interacting with various MOJ teams in order to fulfil this piece of work and this is likely to be face-to-face in London. 'Offline' analysis work and reporting writing (for example) may take place from remote working / supplier locations
• 9. With regards to: “Outline recent and demonstrable experience for providing commercial assessments from the implementation through to live support services that meet business needs, conducted within the last three years”. Are the MOJ looking for evidence of evaluating an end-to-end service offering (implementation through to live support) prior to procurement or conducting on-going assessment throughout the project life?: Evidence of evaluating an end-to-end service offering/solution (implementation through to live support) prior to procurement
• 10. Would you like us to provide CV’s and the potential team composition?: Yes please
• 11. Do you require a fixed price or rate card?: The MOJ welcomes providers to leverage their professional expertise and experience to advise and respond on the best format
• 12. What is the preferred word length of the response: As reasonably required in order to accurately and succinctly convey a response to the published criteria
• 13. The Budget range section gives an indication of the team size expected but not the actual budget range. Are you able to supply an expected budget for this work?: The MOJ welcomes provides to leverage their professional expertise and experience to consider the time/materials required to provide the Outcome(s) described. The MOJ as a public body utilising public funds seeks efficiency and value for money at all opportunities.
• 14. The Security Privacy Team has engaged cloud suppliers. Is there a strategy for move more services to cloud suppliers as opposed to continued use of on-premise systems?: The MOJ adheres and aligns to the Government Cloud First policy (https://www.gov.uk/guidance/government-cloud-first-policy)
• 15. Is there an overall MoJ Strategy for systems during the two years to be covered by the contract?: No
• 16. The requirements point to terms and conditions at https://www.gov.uk/government/publications/digital-outcomes-and-specialists-2-call-off-contract. This page says it was withdrawn on the 18th October 2018. Can you confirm which terms and conditions are being used for this work?: "The Digital Outcomes and Specialists 2 call-off contract has been superseded by the Digital Octcomes and Specialists 3 call-off contract. ; ; You can gain access to these documents by clicking on the words 'most recent contract'. Underneath the bold text informing you of the publication withdrawal."
• 17. Can you confirm that the question relates to the assessment of a hosting environment for a security monitoring solution, such as within a Cloud based service or other hosted platform (like CHS) for management by a SOC/security operations team?: The Outcome sought is for considered, evidence-led professional advice to the MOJ on what it's strategy should be
• 18. Can you please confirm is this is experience of analysing a client’s requirements against the overall capabilities of the LogRhythm SIEM platform?: It is not the overall against the capability of analysing any particular SIEM platform but analysing the MOJ as a whole based on requirements and suitable capabilities, not any solutions that may or may not already exist
• 19. Can you clarify if you are referring to the NCSC Security operations centre guidance (https://www.ncsc.gov.uk/guidance/10-steps-monitoring) to support the building of a Best Practice monitoring service or similar guidance from NIST, etc?: The Outcome sought is for considered, evidence-led professional advice to the MOJ on what it's strategy should be which should include consideration of existing related standards or best practices such as (but not limited to) from NCSC or NIST