II.2.2) Additional CPV code(s)
72250000
II.2.3) Place of performance
NUTS code:
UKI
II.2.4) Description of the procurement
Prior Information Notice for Provision of a Security Operations Centre (SOC) Service:
The Crown Prosecution Service (CPS) has a security function within the Digital and Information Directorate (DID), delivering a professional approach and striving for Security Excellence in the provision of all IT services.
Whilst the Security team is internal, the CPS is seeking to procure a Security Operations Centre (SOC) service.
The Security Operations Centre is a key service for the CPS, and it is critical that any supplier delivering this service understands the nature of the business, the key role that the CPS plays within the Criminal Justice System and the need for a full 24 x 7 x 365 security service, as there are services available outside office hours.
The CPS plans to (separately) procure a SIEM tool and is looking for a SOC provider to complement its cyber defensive capabilities in providing:
· Managing the CPS SIEM solution, including:
o Onboarding / removal of SIEM feeds and/or configuration of SIEM tool
o Creating customised alerts
o 24x7x365 monitoring of alerts, including analysing alerts to detect threats and configuration of security orchestration, automation and response.
· Provide cyber threat Intelligence, including:
o Threat Intel - Identify, Investigate and hunt for cyber threats to gain insight into attacker behaviour, infrastructure, motives and IOCs'.
o Vulnerability Intelligence - identify vulnerabilities that pose the most risk to their organisation, reducing downtime, and preventing attacks.
o Supply chain intelligence - monitor the CPS's supply chain
o Brand intelligence - provide analytical insights to proactively defend against new and emerging threats to your brand, products, employees, executives, and suppliers.
· Capability integration - continually improve the detection capabilities of the SIEM by learning from cyber threat intelligence and incidents.
· Incident response, including:
o Work according to agreed incident response processes, playbooks with the customer.
o Identify, analyse, contain and eradicate, recover (see below) and review incidents.
o Provide Forensic analysis / forensic evidence gathering as required (preferably NCSC certified)
· Compliance Management - help ensure that applications, security tools and processes comply with privacy regulations, namely Data Protection Act.
The SOC provider will be expected to record incidents in the CPS ITSM tool to automate the production of incident management information. The SOC provider will also be required to assist with the trending of incidents and attend operational level meetings with the CPS and other suppliers as required.
At this stage, the CPS is seeking to engage with the supply market as part of an information-gathering exercise to understand how suppliers might approach the provision of the services outline above, particularly with regard to any developments in SIEM / SOC delivery and innovation.
Suppliers who wish to express their interest in this potential opportunity should do so via the contact details contained within the notice and present their observations on how the requirements within this Prior Information Notice could be fulfilled.
This may take any format and should cover the following areas per as minimum:
• Observations / Comments on the customer requirements, particularly the feasibility of adding forensic analysis and NCSC certified Cyber Incident Responder retainer capability to the requirements.
• how the provision of the SOC service has been modernised in recent years
• approach to ensure Service Excellence
· Recommendation for SIEM tool(s) and reasons.