Planning

Security Operation Centre

WEST YORKSHIRE COMBINED AUTHORITY

This public procurement record has 1 release in its history.

Planning

28 Apr 2023 at 15:39

Planning Notice
Summary of the contracting process

The West Yorkshire Combined Authority is planning a tender titled "Security Operation Centre" in the services industry category. The Authority aims to implement Microsoft's Sentinel System Incident Event Monitoring tool and seeks an external party to provide a Security Operations Centre for 24/7 monitoring. The procurement is planned with a value of £250,000. The tender, initiated under the legal basis CELEX, is set to create opportunities for businesses to offer IT services such as consulting, software development, and Internet support. The communication of future notice is scheduled for May 22, 2023, with the delivery location being Leeds, UK.

This tender by the West Yorkshire Combined Authority presents business growth opportunities for IT service providers specialising in cybersecurity solutions. Companies offering services related to SIEM implementation, security event monitoring, and incident response are well-suited to compete. The procurement stage is in the planning phase, allowing businesses to prepare comprehensive proposals aligning with the Authority's requirement to enhance cybersecurity posture and resilience. The Tender presents a chance for businesses to contribute to ensuring information security and identifying potential threats to the Combined Authority's assets and operations.

Find more tenders on our Open Data Platform.
How relevant is this notice?

D3 Tenders Premium

Win More Public Sector Contracts

AI-powered tender discovery, pipeline management, and market intelligence — everything you need to grow your public sector business.

Start Free Trial Book a Demo
All Features Pricing

Notice Information

Notice Title

Security Operation Centre

Notice Description

West Yorkshire Combined Authority would like to procure an external party to implement Microsoft's Sentinel System Incident Event Monitoring (SIEM) tool into its Azure environment. The Combined Authority require security events, that are captured and correlated by the SIEM solution, to be monitored 24/7 using an externally hosted Security Operations Centre (SOC). The Combined Authority will leverage the security alerts provided by the SOC: * To understand where the Combined Authority needs to focus its resources to maximise its cybersecurity posture. * To detect and respond to threats, keeping the information held on systems and networks secure. * To increase resilience by learning about the changing threat landscape (both malicious and non-malicious, internal and external) * To identify and address negligent or criminal behaviours. To derive business intelligence about user behaviours to shape and prioritise the development of technologies.

Lot Information

Lot 1

In January 2022, the Combined Authority received several recommendations from the Department Levelling Up, Housing and Communities (DLUHC). A number of these recommendations centred round a central logging solution and the ability to monitor events and act on alerts. Specifically, the following recommendations were stated: * Identify a suitable solution which is the best fit for the Combined Authority by carrying out an assessment of key log sources, required alerts and cost. * Upon implementation of a centralised logging solution ensure that log retention is documented and agreed. * Upon implementation of a centralised logging solution, automated log analysis and correlation functionality and a formal log incident triaging process should then be developed and documented. The SIEM solution must be able to provide a centralised logging solution which receives logs from all the Combined Authority's endpoints, network devices and applications. The SIEM will primarily be for security event capture and alerting, not necessarily capturing non security technical events. The SOC must be able to monitor and respond to the SIEM alerts on a 24/7/365 basis. Alerts which are of sufficient interest must be reported to ICT Services as per the Combined Authority's ICT incident response process and within agreed Service Level Agreement (SLA) time frames. The Combined Authority's Target Operating Model has considered both threats and assets. Threat analysis has taken into account the higher level of public awareness the Combined Authority has gained since it has become a Mayoral Authority. The Threat Actor Sophistication has been assessed using the Stix v2.1 framework. The Combined Authority's threat actor sophistication is expected to range from none to intermediate and potentially advanced, as per the framework. The Combined Authority faces several threats, typical of many government organisations. These threats range from data loss of sensitive Combined Authority data, ransomware, fraud via social engineering using attack vectors like phishing and smishing, to specific threats to a person of interest, such as politically or criminally motivated hacking attacks against the mayor and / or the Police & Crime Commissioner.

Notice Details

Publication & Lifecycle

Open Contracting ID
ocds-h6vhtk-03c554
Publication Source
Find A Tender Service
Latest Notice
https://www.find-tender.service.gov.uk/Notice/012388-2023
Current Stage
Planning
All Stages
Planning

Procurement Classification

Notice Type
Planning Notice
Procurement Type
Standard
Procurement Category
Services
Procurement Method
Not Specified
Procurement Method Details
Not specified
Tender Suitability
Not specified
Awardee Scale
Not specified

Common Procurement Vocabulary (CPV)

CPV Divisions

72 - IT services: consulting, software development, Internet and support

CPV Codes

72000000 - IT services: consulting, software development, Internet and support

Notice Value(s)

Tender Value
£250,000 £100K-£500K
Lots Value
Not specified
Awards Value
Not specified
Contracts Value
Not specified

Notice Dates

Publication Date
28 Apr 20232 years ago
Submission Deadline
Not specified
Future Notice Date
21 May 2023Expired
Award Date
Not specified
Contract Period
Not specified - Not specified
Recurrence
Not specified

Notice Status

Tender Status
Planned
Lots Status
Planned
Awards Status
Not Specified
Contracts Status
Not Specified

Buyer & Supplier

Contracting Authority (Buyer)

Main Buyer
WEST YORKSHIRE COMBINED AUTHORITY
Contact Name
James Firth
Contact Email
james.firth@westyorks-ca.gov.uk
Contact Phone
Not specified

Buyer Location

Locality
LEEDS
Postcode
LS1 2DE
Post Town
Leeds
Country
England
Major Region (ITL 1)
TLE Yorkshire and The Humber
Basic Region (ITL 2)
TLE4 West Yorkshire
Small Region (ITL 3)
TLE42 Leeds
Delivery Location
TLE Yorkshire and The Humber
Local Authority
Leeds
Electoral Ward
Little London & Woodhouse
Westminster Constituency
Leeds Central and Headingley

Further Information

Open Contracting Data Standard (OCDS)

View full OCDS Record for this contracting process

Download

The Open Contracting Data Standard (OCDS) is a framework designed to increase transparency and access to public procurement data in the public sector. It is widely used by governments and organisations worldwide to report on procurement processes and contracts. 

{
    "tag": [
        "compiled"
    ],
    "id": "ocds-h6vhtk-03c554-2023-04-28T16:39:58+01:00",
    "date": "2023-04-28T16:39:58+01:00",
    "ocid": "ocds-h6vhtk-03c554",
    "initiationType": "tender",
    "tender": {
        "id": "62580",
        "legalBasis": {
            "id": "32014L0024",
            "scheme": "CELEX"
        },
        "title": "Security Operation Centre",
        "status": "planned",
        "classification": {
            "scheme": "CPV",
            "id": "72000000",
            "description": "IT services: consulting, software development, Internet and support"
        },
        "mainProcurementCategory": "services",
        "description": "West Yorkshire Combined Authority would like to procure an external party to implement Microsoft's Sentinel System Incident Event Monitoring (SIEM) tool into its Azure environment. The Combined Authority require security events, that are captured and correlated by the SIEM solution, to be monitored 24/7 using an externally hosted Security Operations Centre (SOC). The Combined Authority will leverage the security alerts provided by the SOC: * To understand where the Combined Authority needs to focus its resources to maximise its cybersecurity posture. * To detect and respond to threats, keeping the information held on systems and networks secure. * To increase resilience by learning about the changing threat landscape (both malicious and non-malicious, internal and external) * To identify and address negligent or criminal behaviours. To derive business intelligence about user behaviours to shape and prioritise the development of technologies.",
        "value": {
            "amount": 250000,
            "currency": "GBP"
        },
        "lots": [
            {
                "id": "1",
                "description": "In January 2022, the Combined Authority received several recommendations from the Department Levelling Up, Housing and Communities (DLUHC). A number of these recommendations centred round a central logging solution and the ability to monitor events and act on alerts. Specifically, the following recommendations were stated: * Identify a suitable solution which is the best fit for the Combined Authority by carrying out an assessment of key log sources, required alerts and cost. * Upon implementation of a centralised logging solution ensure that log retention is documented and agreed. * Upon implementation of a centralised logging solution, automated log analysis and correlation functionality and a formal log incident triaging process should then be developed and documented. The SIEM solution must be able to provide a centralised logging solution which receives logs from all the Combined Authority's endpoints, network devices and applications. The SIEM will primarily be for security event capture and alerting, not necessarily capturing non security technical events. The SOC must be able to monitor and respond to the SIEM alerts on a 24/7/365 basis. Alerts which are of sufficient interest must be reported to ICT Services as per the Combined Authority's ICT incident response process and within agreed Service Level Agreement (SLA) time frames. The Combined Authority's Target Operating Model has considered both threats and assets. Threat analysis has taken into account the higher level of public awareness the Combined Authority has gained since it has become a Mayoral Authority. The Threat Actor Sophistication has been assessed using the Stix v2.1 framework. The Combined Authority's threat actor sophistication is expected to range from none to intermediate and potentially advanced, as per the framework. The Combined Authority faces several threats, typical of many government organisations. These threats range from data loss of sensitive Combined Authority data, ransomware, fraud via social engineering using attack vectors like phishing and smishing, to specific threats to a person of interest, such as politically or criminally motivated hacking attacks against the mayor and / or the Police & Crime Commissioner.",
                "status": "planned"
            }
        ],
        "items": [
            {
                "id": "1",
                "deliveryAddresses": [
                    {
                        "region": "UKE"
                    }
                ],
                "deliveryLocation": {
                    "description": "Leeds"
                },
                "relatedLot": "1"
            }
        ],
        "communication": {
            "futureNoticeDate": "2023-05-22T00:00:00+01:00"
        },
        "coveredBy": [
            "GPA"
        ]
    },
    "parties": [
        {
            "id": "GB-FTS-31903",
            "name": "West Yorkshire Combined Authority",
            "identifier": {
                "legalName": "West Yorkshire Combined Authority",
                "id": "8876556"
            },
            "address": {
                "streetAddress": "Wellington House, 40-50 Wellington Street",
                "locality": "Leeds",
                "region": "UKE",
                "postalCode": "LS1 2DE",
                "countryName": "United Kingdom"
            },
            "contactPoint": {
                "name": "James Firth",
                "email": "james.firth@westyorks-ca.gov.uk",
                "url": "https://uk.eu-supply.com/ctm/Supplier/Documents/Folder/66481"
            },
            "roles": [
                "buyer"
            ],
            "details": {
                "url": "https://www.westyorks-ca.gov.uk",
                "buyerProfile": "https://uk.eu-supply.com/ctm/Company/CompanyInformation/Index/103257",
                "classifications": [
                    {
                        "scheme": "TED_CA_TYPE",
                        "id": "REGIONAL_AUTHORITY",
                        "description": "Regional or local authority"
                    },
                    {
                        "scheme": "COFOG",
                        "id": "01",
                        "description": "General public services"
                    }
                ]
            }
        }
    ],
    "buyer": {
        "id": "GB-FTS-31903",
        "name": "West Yorkshire Combined Authority"
    },
    "language": "en"
}