Skip to main content

We've saved some files called cookies on your device. These cookies are:

  • essential for the site to work
  • to help improve our website by collecting and reporting information on how you use it

We would also like to save some cookies to help tailor communications.

BETA
You're viewing an updated version of this service - your feedback will help us to improve it.
Give Feedback
Cymraeg

UK4

IT Security Services

  • First published: 20 March 2025
  • Last modified: 20 March 2025
  • Record interest

     

    This file may not be fully accessible.

  •  

Contents

Summary

OCID:
ocds-h6vhtk-04efe9
Published by:
Development Bank of Wales
Authority ID:
AA0555
Publication date:
20 March 2025
Deadline date:
09 June 2025
Notice type:
UK4
Has documents:
No
Has SPD:
No
Has Carbon Reduction Plan:
N/A

Abstract

The Development Bank of Wales currently operate a security operation model that is split across multiple providers and technologies. To help reduce the complexity of this approach and improve our ability to effectively monitor, respond to, and mitigate security threats, the Banc are investigating the feasibility of implementing a unified Microsoft security operations platform, the day-to-day management of which would be supported by a single provider. his transition will not only streamline our processes and technology, but also increase the efficiency of our incident response efforts and reduce the potential for gaps in our security posture caused by the fragmentation of tools and services. Currently, our Azure services are handled by Service Provider A, which focuses on optimising our cloud infrastructure. Service Provider B is responsible for managing our Microsoft 365 environment and on-premises infrastructure, ensuring that both are configured and maintained to meet our operational needs. Additionally, our managed detection and response (MDR) services are provided by Service Provider C, which utilises their own proprietary platform to deliver continuous monitoring, threat detection, and incident response across our IT estate. The Banc is investigating replacing Service Provider C with a new Service Provider that will take over the managed detection and response function, utilising the Microsoft unified security platform. They will be responsible for the implementation, configuration and on-going management of the platform, and providing proactive advice and recommendations to improve the security of our Microsoft estate, drawing on Microsoft’s insights, but will not be responsible for any configuration outside of the security platform. The new provider will collaborate closely with Service Providers A and B to align security practices ensuring that our entire IT environment remains protected against emerging threats. Please refer to the scope of requirements Please note the contract value is an estimate

Full notice text

Scope

Procurement reference

DBW00105

Procurement description

The Development Bank of Wales currently operate a security operation model that is split across multiple providers and technologies. To help reduce the complexity of this approach and improve our ability to effectively monitor, respond to, and mitigate security threats, the Banc are investigating the feasibility of implementing a unified Microsoft security operations platform, the day-to-day management of which would be supported by a single provider. his transition will not only streamline our processes and technology, but also increase the efficiency of our incident response efforts and reduce the potential for gaps in our security posture caused by the fragmentation of tools and services.

Currently, our Azure services are handled by Service Provider A, which focuses on optimising our cloud infrastructure. Service Provider B is responsible for managing our Microsoft 365 environment and on-premises infrastructure, ensuring that both are configured and maintained to meet our operational needs. Additionally, our managed detection and response (MDR) services are provided by Service Provider C, which utilises their own proprietary platform to deliver continuous monitoring, threat detection, and incident response across our IT estate.

The Banc is investigating replacing Service Provider C with a new Service Provider that will take over the managed detection and response function, utilising the Microsoft unified security platform. They will be responsible for the implementation, configuration and on-going management of the platform, and providing proactive advice and recommendations to improve the security of our Microsoft estate, drawing on Microsoft’s insights, but will not be responsible for any configuration outside of the security platform. The new provider will collaborate closely with Service Providers A and B to align security practices ensuring that our entire IT environment remains protected against emerging threats.

Please refer to the scope of requirements

Please note the contract value is an estimate

Main category

Services

Delivery regions

  • UK - United Kingdom

Total value (estimated, excluding VAT)

1500000 GBP to 1500000GBP

Contract dates (estimated)

01 July 2025, 00:00AM to 30 June 2030, 23:59PM

Extension end date (if all the extensions are used): 30 June 2033

Contracting authority

Development Bank of Wales

Identification register:

  • GB-PPON

Address 1: Unit J, Yale Business Village, Ellice Way,

Town/City: Wrexham

Postcode: LL13 7YL

Country: United Kingdom

Website: www.developmentbank.wales

Public Procurement Organisation Number: PCWM-6438-QYVP

Contact name: Leanne Millard

Email: procurement@developmentbank.wales

Telephone: +442920801715

Organisation type: Public authority - sub-central government

Devolved regulations that apply: Wales

Procedure

Procedure type

Competitive flexible procedure

Is the total value above threshold?

Above threshold

Lots

Divided into 1 lots

Lot number: 1

CPV classifications

  • 72000000 - IT services: consulting, software development, Internet and support

Delivery regions

  • UK - United Kingdom

Lot value (estimated)

1500000 GBP Excluding VAT

1800000 GBP Including VAT

Sustainability

Small and medium-sized enterprises (SME)

Contract start date (estimated)

01 July 2025, 00:00AM

Contract end date (estimated)

30 June 2030, 23:59PM

Extension end date (estimated)

30 June 2033, 23:59PM

Can the contract be extended?

Yes

Description of extensions

3 years in 12 month increments

Does the lot include options?

Yes

Description of options

There may be a requirement that the supplier will undertake project work during the contract term. Additional modules and or security of other systems may also be required.

Participation

Conditions

Economic

Conditions of participation

Professional Indemnity (PI) - £1,000,000

Cyber Essential insurance £1,000,000

Employers Liability (EL) - £10,000,000

Public Liability (PL) - £5,000,000

Conditions

Economic

Conditions of participation

Please refer to the tender documentation

Award criteria

Type: quality

Name

Stage 1

Description

PSQ - Pass/Fail

Technical evaluation - Pass/Fail and weighted questions

3PQ

Please note that this stage has a technical weighting of 100%

Weighting: 1.00

Weighting type: percentageExact

Type: quality

Name

Stage 2

Description

Technical evaluation

Questions have a total weighting of 70%

Weighting: 69.00

Weighting type: percentageExact

Type: price

Name

Commercial

Description

Annual costs including the implementation for the first year

Rate cards

Weighting: 30.00

Weighting type: percentageExact

Contract terms and risks

Payment terms

30 days

Description of risks to contract performance

NA

Submission

Tender submission deadline

09 June 2025, 12:00PM

Enquiry deadline

17 April 2025, 12:00PM

Date of award of contract

30 June 2025, 23:59PM

Submission address and any special instructions

https://etenderwales.bravosolution.co.uk/web/login.shtml

May tenders be submitted electronically?

Yes

Is this a recurring procurement?

No

Publication date of next tender notice (estimated)

13 March 2033, 23:59PM

Languages that may be used for submission

  • English

Tender submission deadline

09 June 2025, 12:00PM

Enquiry deadline

17 April 2025, 12:00PM

Date of award of contract

30 June 2025, 23:59PM

Submission address and any special instructions

https://etenderwales.bravosolution.co.uk/web/login.shtml

May tenders be submitted electronically?

Yes

Is this a recurring procurement?

No

Publication date of next tender notice (estimated)

13 March 2033, 23:59PM

Languages that may be used for submission

  • English

Coding

Commodity categories

ID Title Parent category
72000000 IT services: consulting, software development, Internet and support Computer and Related Services

Delivery locations

ID Description
100 UK - All

About the buyer

Main contact:
n/a
Admin contact:
n/a
Technical contact:
n/a
Other contact:
n/a

Further information

Date Details
Follow Sell2Wales
Email icon
Sell2Wales Helpline
0800 222 9004

Lines are open 8:30am to 5pm Monday to Friday.

Rydym yn croesawu galwadau'n Gymraeg.

We welcome calls in Welsh.

Give feedback about this page
All content is available under the Open Government License, except where otherwise stated.