Planning

National Grid ESO - Cyber Incident Response and Digital Forensics

NATIONAL GRID ELECTRICITY SYSTEM OPERATOR LIMITED

This public procurement record has 1 release in its history.

Planning

02 Aug 2023 at 16:26

Planning Notice
Summary of the contracting process

The National Grid Electricity System Operator Limited has planned a procurement process for the provision of Cyber Incident Response and Digital Forensics services. The title of the procurement is "National Grid ESO - Cyber Incident Response and Digital Forensics". This procurement falls under the IT services category with a focus on consulting, software development, Internet, and support. The submission deadline for responses is at 12:00 BST on 31st August 2023. Interested parties need to submit their Expression of Interest by the 10th August 2023. The procurement stage is currently in the planning phase, and National Grid ESO aims to have the services operational by January 2024.

This tender by National Grid ESO offers an opportunity for businesses providing Incident Response and Digital Forensics services to partner with the organisation during its separation from National Grid Plc. Companies well-suited to compete in this tender are those with expertise in managed security services, integration of Incident Response services, and experience in Critical National Infrastructure environments. The selected partner must align with NGESO's current and future incident management procedures and work towards operational readiness by January 2024. Any supplier engaging with FSO must provide services that surpass the current incumbents in platforms, technology, people, and processes. This tender opens avenues for businesses to contribute to establishing independent cybersecurity management and operational teams for FSO.

Find more tenders on our Open Data Platform.
How relevant is this notice?

D3 Tenders Premium

Win More Public Sector Contracts

AI-powered tender discovery, pipeline management, and market intelligence — everything you need to grow your public sector business.

Start Free Trial Book a Demo
All Features Pricing

Notice Information

Notice Title

National Grid ESO - Cyber Incident Response and Digital Forensics

Notice Description

National Grid Electricity System Operator (NGESO) moves electricity around systems to keep homes and businesses supplied with the energy they need 24/7. NGESO is a separate legal entity to National Grid Plc. NGESO has a regulatory commitment to move all IT systems and shared services away from National Grid Plc and therefore NGESO requires a partner to provide on-demand Incident Response and Digital Forensics services aligned with NGESOs own incident management processes. Currently, National Grid Plc provide these group-level services in-house and will continue to run these services whilst NGESO and National Grid Plc's IT environments are being separated. However, once any assets are transitioned, or when new assets are productionised into the new NGESO environments, the responsibility for Incident Response and Digital Forensics will transfer to NGESO, hence requirement for a 3rd party service to protect the business and systems. This Non-Call for Completion Request for Information Only. RFI CONTENT This is not a formal tender process and is not being undertaken in accordance with the Utilities Contracts Regulations 2016. Please ensure responses to all questions and any supporting documentation is clearly referenced to the question they are answering. NGSO will not be shortlisting suppliers based on their submissions and any future sourcing activities will be subject to a new event. The RFI seeks for suppliers to provide answers to the points and questions detailed in the, II.2.14) Additional information, section of this document. Please provide your response to each question in a separate Word document clearly stating the question number that your response relates to. If providing any supporting information in separate documents as appropriate, state the question reference number in the file name using the following naming convention: ESO_CIR&DF_RFI_SUPPLIER NAME

Lot Information

Lot 1

NGESO is looking to select a partner to enable the successful separation of the cyber security Incident Response and Digital Forensics services of the NGESO away from National Grid Plc at pace, by providing services as follows:- * Planning for Incident Response o Help identifying the effectiveness of the service and the plugging in of missing factors * On-demand response support in the event of a cyber incident o 24/7 service availability * On-demand digital forensics services o 24/7 service availability To enable the separation to continue at-pace, it is required for a supplier to be onboarded and services operational by January 2024. Current State NGESOs separation from National Grid Plc is marked by two key dates known as Day 1 (mid-2024) and Day 2 (mid-2026). To support and enable the separation programme, NGESO require the selected partner to be onboarded and services noted operational by January 2024. Day 1 marks the date that the Future System Operator (FSO) is under new ownership and operation under transitional service agreements (TSA) for certain services. Day 2 marks the date the enduring desired operating model for an independent Future System Operator is operational, has new industry roles, and fully exited TSAs with National Grid Plc. Achieving the services within this RFI will ready NGESO for Day 2. Under the TSAs will be the current Incident Management processes and procedures that dovetail into the NGESO Incident Management processes. Any supplier selected will need to adhere to and work with these current and future procedures. Current Challenges FSO is a new entity and is at the beginning of the set-up of its Cyber Security management and operational teams. FSO and National Grid Plc, via their Transitional Service Agreements (TSAs), must work closely together to maintain security. FSO's Incident Response, Digital Forensic and procurement processes for their new systems and assets, within their own foundation environment are new, and any 3rd party supplier engagement must align to them. Time period; Managed Security Services Provider suppliers to be in place no later than January 2024. At a high level, the future suppliers services should provide tools and capabilities that exceed the incumbents, complementing the platforms noted, technology, people, and processes. Additional information: RFI Questions 1 Please provide details of your Incident Response and Digital Forensics services, focusing on integration and including planning and response services. In your response, please include: * The services offered as part of your Incident Response and Digital Forensics services, including any technical or administrative limitations of the services * How your service integrates with existing incident management procedures and practices * Any Service Level Agreements with regards to response times in the event of an incident 2 Please summarise your prior experience in implementing and operating a managed Incident Response and Digital Forensics service. In your response, please include: * How long you have been providing the services * The experience of key individuals involved in the provision and delivery of the services * How many clients you provide Incident Response and Digital Forensics services to, both in the UK and worldwide 3 Please summarise your experience in working with Critical National Infrastructure assets or other similar environments. In your response, please include: * Your approach to personnel security, including whether you employ staff subject to National Security Vetting. * Whether your delivery would be from the UK or other country * Your use of offshore resources, assets, or storage and how this affects your service delivery Please do not include any confidential information in your response 4 Please provide details of any added-value services offered either as part of, or which are complementary to your Incident Response & Digital Forensics services, for example: * On site investigations, including for non-cyber related incidents * Production and validation of playbooks, runbooks, Standard Operating Procedures etc. * Facilitation of incident response exercises, table-tops, walkthroughs etc. 5 Please provide at least one case-study where you have integrated with and implemented and operated a managed Incident Response and Digital Forensics service for a client. In your response, please include: * The nature and level of service provided, i.e. whether your service was in addition to internal incident response services or whether you provided the service in its entirety. * The integration approach and outcome. * The size and scale of the organisation * Any key successes from the service, for example incidents successfully managed limiting technical or reputational damage Please do not include any confidential information in your response. It is not required to identify any current or former clients 6 Please provide high-level details of your pricing structure. In your response, please include: * If applicable, the metrics on which your pricing structure is based, i.e: retainer fee, per incident charges, hourly charges, per device charges etc. * Any minimum contract terms

Notice Details

Publication & Lifecycle

Open Contracting ID
ocds-h6vhtk-03ec91
Publication Source
Find A Tender Service
Latest Notice
https://www.find-tender.service.gov.uk/Notice/022522-2023
Current Stage
Planning
All Stages
Planning

Procurement Classification

Notice Type
Planning Notice
Procurement Type
Standard
Procurement Category
Services
Procurement Method
Not Specified
Procurement Method Details
Not specified
Tender Suitability
Not specified
Awardee Scale
Not specified

Common Procurement Vocabulary (CPV)

CPV Divisions

72 - IT services: consulting, software development, Internet and support

CPV Codes

72000000 - IT services: consulting, software development, Internet and support

Notice Value(s)

Tender Value
Not specified
Lots Value
Not specified
Awards Value
Not specified
Contracts Value
Not specified

Notice Dates

Publication Date
2 Aug 20232 years ago
Submission Deadline
31 Aug 2023Expired
Future Notice Date
2 Aug 2023Expired
Award Date
Not specified
Contract Period
Not specified - Not specified
Recurrence
Not specified

Notice Status

Tender Status
Planned
Lots Status
Planned
Awards Status
Not Specified
Contracts Status
Not Specified

Buyer & Supplier

Contracting Authority (Buyer)

Main Buyer
NATIONAL GRID ELECTRICITY SYSTEM OPERATOR LIMITED
Contact Name
Trevor Ford
Contact Email
box.gp.ukbuyer@nationalgrid.com
Contact Phone
Not specified

Buyer Location

Locality
LONDON
Postcode
WC2N 5EH
Post Town
Central London
Country
England
Major Region (ITL 1)
TLI London
Basic Region (ITL 2)
TLI3 Inner London - West
Small Region (ITL 3)
TLI35 Westminster and City of London
Delivery Location
Not specified
Local Authority
Westminster
Electoral Ward
St James's
Westminster Constituency
Cities of London and Westminster

Further Information

Open Contracting Data Standard (OCDS)

View full OCDS Record for this contracting process

Download

The Open Contracting Data Standard (OCDS) is a framework designed to increase transparency and access to public procurement data in the public sector. It is widely used by governments and organisations worldwide to report on procurement processes and contracts. 

{
    "tag": [
        "compiled"
    ],
    "id": "ocds-h6vhtk-03ec91-2023-08-02T17:26:18+01:00",
    "date": "2023-08-02T17:26:18+01:00",
    "ocid": "ocds-h6vhtk-03ec91",
    "description": "The submission deadline for responses to this RFI is by 12:00 BST 31st August 2023. Submissions must be received by the submission deadline, submissions received after the deadline will not be considered. Interested parties are asked to submit their Expression of Interest to this RFI by COB on the 10th August 2023. Submissions should be sent to the Procurement representative for this RFI, as follows: Category Lead Contact Details: To: trevor.ford@nationalgrid.com cc: marie.glassborow@nationalgrid.com All communications and queries arising from this RFI should be conducted on email through the Procurement Representative detailed above. Please ensure all emails on this RFI include the following in the subject box: \"ESO_RFI_CIR&DF_SUPPLIER NAME\" Any queries must be submitted no later than 12:00 BST 15th August 2023 for this RFI. National Grid shall not be responsible for or pay for any costs or expenses that may be incurred by the supplier in the preparation and submission of a response to this RFI.",
    "initiationType": "tender",
    "tender": {
        "id": "ESO_RFI_CR_DF",
        "legalBasis": {
            "id": "32014L0025",
            "scheme": "CELEX"
        },
        "title": "National Grid ESO - Cyber Incident Response and Digital Forensics",
        "status": "planned",
        "classification": {
            "scheme": "CPV",
            "id": "72000000",
            "description": "IT services: consulting, software development, Internet and support"
        },
        "mainProcurementCategory": "services",
        "description": "National Grid Electricity System Operator (NGESO) moves electricity around systems to keep homes and businesses supplied with the energy they need 24/7. NGESO is a separate legal entity to National Grid Plc. NGESO has a regulatory commitment to move all IT systems and shared services away from National Grid Plc and therefore NGESO requires a partner to provide on-demand Incident Response and Digital Forensics services aligned with NGESOs own incident management processes. Currently, National Grid Plc provide these group-level services in-house and will continue to run these services whilst NGESO and National Grid Plc's IT environments are being separated. However, once any assets are transitioned, or when new assets are productionised into the new NGESO environments, the responsibility for Incident Response and Digital Forensics will transfer to NGESO, hence requirement for a 3rd party service to protect the business and systems. This Non-Call for Completion Request for Information Only. RFI CONTENT This is not a formal tender process and is not being undertaken in accordance with the Utilities Contracts Regulations 2016. Please ensure responses to all questions and any supporting documentation is clearly referenced to the question they are answering. NGSO will not be shortlisting suppliers based on their submissions and any future sourcing activities will be subject to a new event. The RFI seeks for suppliers to provide answers to the points and questions detailed in the, II.2.14) Additional information, section of this document. Please provide your response to each question in a separate Word document clearly stating the question number that your response relates to. If providing any supporting information in separate documents as appropriate, state the question reference number in the file name using the following naming convention: ESO_CIR&DF_RFI_SUPPLIER NAME",
        "lots": [
            {
                "id": "1",
                "description": "NGESO is looking to select a partner to enable the successful separation of the cyber security Incident Response and Digital Forensics services of the NGESO away from National Grid Plc at pace, by providing services as follows:- * Planning for Incident Response o Help identifying the effectiveness of the service and the plugging in of missing factors * On-demand response support in the event of a cyber incident o 24/7 service availability * On-demand digital forensics services o 24/7 service availability To enable the separation to continue at-pace, it is required for a supplier to be onboarded and services operational by January 2024. Current State NGESOs separation from National Grid Plc is marked by two key dates known as Day 1 (mid-2024) and Day 2 (mid-2026). To support and enable the separation programme, NGESO require the selected partner to be onboarded and services noted operational by January 2024. Day 1 marks the date that the Future System Operator (FSO) is under new ownership and operation under transitional service agreements (TSA) for certain services. Day 2 marks the date the enduring desired operating model for an independent Future System Operator is operational, has new industry roles, and fully exited TSAs with National Grid Plc. Achieving the services within this RFI will ready NGESO for Day 2. Under the TSAs will be the current Incident Management processes and procedures that dovetail into the NGESO Incident Management processes. Any supplier selected will need to adhere to and work with these current and future procedures. Current Challenges FSO is a new entity and is at the beginning of the set-up of its Cyber Security management and operational teams. FSO and National Grid Plc, via their Transitional Service Agreements (TSAs), must work closely together to maintain security. FSO's Incident Response, Digital Forensic and procurement processes for their new systems and assets, within their own foundation environment are new, and any 3rd party supplier engagement must align to them. Time period; Managed Security Services Provider suppliers to be in place no later than January 2024. At a high level, the future suppliers services should provide tools and capabilities that exceed the incumbents, complementing the platforms noted, technology, people, and processes. Additional information: RFI Questions 1 Please provide details of your Incident Response and Digital Forensics services, focusing on integration and including planning and response services. In your response, please include: * The services offered as part of your Incident Response and Digital Forensics services, including any technical or administrative limitations of the services * How your service integrates with existing incident management procedures and practices * Any Service Level Agreements with regards to response times in the event of an incident 2 Please summarise your prior experience in implementing and operating a managed Incident Response and Digital Forensics service. In your response, please include: * How long you have been providing the services * The experience of key individuals involved in the provision and delivery of the services * How many clients you provide Incident Response and Digital Forensics services to, both in the UK and worldwide 3 Please summarise your experience in working with Critical National Infrastructure assets or other similar environments. In your response, please include: * Your approach to personnel security, including whether you employ staff subject to National Security Vetting. * Whether your delivery would be from the UK or other country * Your use of offshore resources, assets, or storage and how this affects your service delivery Please do not include any confidential information in your response 4 Please provide details of any added-value services offered either as part of, or which are complementary to your Incident Response & Digital Forensics services, for example: * On site investigations, including for non-cyber related incidents * Production and validation of playbooks, runbooks, Standard Operating Procedures etc. * Facilitation of incident response exercises, table-tops, walkthroughs etc. 5 Please provide at least one case-study where you have integrated with and implemented and operated a managed Incident Response and Digital Forensics service for a client. In your response, please include: * The nature and level of service provided, i.e. whether your service was in addition to internal incident response services or whether you provided the service in its entirety. * The integration approach and outcome. * The size and scale of the organisation * Any key successes from the service, for example incidents successfully managed limiting technical or reputational damage Please do not include any confidential information in your response. It is not required to identify any current or former clients 6 Please provide high-level details of your pricing structure. In your response, please include: * If applicable, the metrics on which your pricing structure is based, i.e: retainer fee, per incident charges, hourly charges, per device charges etc. * Any minimum contract terms",
                "status": "planned"
            }
        ],
        "items": [
            {
                "id": "1",
                "additionalClassifications": [
                    {
                        "scheme": "CPV",
                        "id": "72000000",
                        "description": "IT services: consulting, software development, Internet and support"
                    }
                ],
                "deliveryAddresses": [
                    {
                        "region": "UK"
                    }
                ],
                "relatedLot": "1"
            }
        ],
        "communication": {
            "futureNoticeDate": "2023-08-03T00:00:00+01:00"
        },
        "coveredBy": [
            "GPA"
        ],
        "tenderPeriod": {
            "endDate": "2023-08-31T12:00:00+01:00"
        },
        "submissionTerms": {
            "languages": [
                "en"
            ]
        }
    },
    "parties": [
        {
            "id": "GB-COH-11014226",
            "name": "NATIONAL GRID ELECTRICITY SYSTEM OPERATOR LIMITED",
            "identifier": {
                "legalName": "NATIONAL GRID ELECTRICITY SYSTEM OPERATOR LIMITED",
                "id": "11014226",
                "scheme": "GB-COH"
            },
            "address": {
                "streetAddress": "1-3 Strand",
                "locality": "LONDON",
                "region": "UK",
                "postalCode": "WC2N 5EH",
                "countryName": "United Kingdom"
            },
            "contactPoint": {
                "name": "Trevor Ford",
                "email": "box.GP.UKBuyer@nationalgrid.com"
            },
            "roles": [
                "buyer"
            ],
            "details": {
                "url": "https://www.nationalgrideso.com",
                "classifications": [
                    {
                        "scheme": "TED_CE_ACTIVITY",
                        "id": "ELECTRICITY",
                        "description": "Electricity"
                    }
                ]
            }
        }
    ],
    "buyer": {
        "id": "GB-COH-11014226",
        "name": "NATIONAL GRID ELECTRICITY SYSTEM OPERATOR LIMITED"
    },
    "language": "en"
}