Planning

Provision of Security Incident Event Management Tool

CROWN PROSECUTION SERVICE

This public procurement record has 1 release in its history.

Planning

14 Aug 2023 at 15:42

Planning Notice
Summary of the contracting process

The Crown Prosecution Service (CPS) is planning to procure a Security Incident Event Management Tool. This procurement falls under the 'services' category with a focus on system and support services. The CPS aims to engage suppliers through a Prior Information Notice to gather insights on potential service provisions. The planned procurement stage involves interaction with suppliers to understand the latest developments in SIEM technology and cost estimations. The CPS has set a future notice date of January 31, 2024, for this engagement exercise.

This tender presents an opportunity for businesses specialising in cybersecurity services and technology solutions to compete for the provision of a SIEM tool to the Crown Prosecution Service. Companies offering services related to log collection, real-time monitoring, incident response, threat detection, compliance reporting, and machine learning in the cybersecurity domain are well-suited to participate. The planned engagement stage provides a platform for suppliers to showcase their capabilities, innovations, and cost-effective solutions tailored to meet the specific requirements outlined by the CPS for this procurement.

Find more tenders on our Open Data Platform.
How relevant is this notice?

D3 Tenders Premium

Win More Public Sector Contracts

AI-powered tender discovery, pipeline management, and market intelligence — everything you need to grow your public sector business.

Start Free Trial Book a Demo
All Features Pricing

Notice Information

Notice Title

Provision of Security Incident Event Management Tool

Notice Description

Provision of a Security Incident Event Management Tool: The Crown Prosecution Service (CPS) is issuing a Prior Information Notice (PIN) to inform prospective suppliers of its intention to procure a Security Information and Event Management (SIEM) tool. CPS will go to market for a new SIEM system as part of its overall cybersecurity strategy.

Lot Information

Lot 1

The Crown Prosecution Service (CPS) is issuing a Prior Information Notice (PIN) to inform prospective suppliers of its intention to procure a Security Information and Event Management (SIEM) tool. CPS will go to market for a new SIEM system as part of its overall cybersecurity strategy. As a minimum, the tool should provide the following functionality: 1. Log Collection and Aggregation: The SIEM should be capable of collecting and aggregating logs and data from various sources across the CPS, such as network devices, servers, applications, cloud infrastructure, and endpoints/end-user-devices. 2. Integration and Compatibility: The SIEM should integrate seamlessly with existing security tools and technologies, such as intrusion detection/prevention systems (IDS/IPS), firewalls, antivirus solutions, and threat intelligence feeds. 3. Real-time Monitoring: The SIEM should provide real-time monitoring capabilities to detect and alert on suspicious or malicious activities as they occur. This involves continuous analysis of incoming log data to identify anomalies and patterns indicative of security threats. 4. Event Correlation and Analysis: The system should be able to correlate and analyse events from multiple sources to identify complex attack patterns that may go unnoticed when analysing individual events in isolation. 5. Threat Detection and Alerts: The SIEM should have threat detection mechanisms that can identify known threats based on signatures and behaviours, as well as emerging threats using advanced analytics and machine learning techniques. It should generate timely and actionable alerts for security teams. 6. Incident Response: The SIEM should facilitate efficient incident response by providing workflow and case management capabilities. This allows security teams to track, investigate, and remediate security incidents effectively. 7. Automated Remediation: The SIEM should be capable of integrating with network services and infrastructure to automatically mitigate significant threats in real time. 8. Data Retention and Storage: A SIEM system must be capable of storing and managing large volumes of log data over extended periods to support historical analysis, compliance requirements, and forensic investigations. An indicative estimate is 50TB of data over a rolling year. 9. Scalability: The SIEM should be scalable to accommodate growing data volumes and an expanding IT infrastructure. It should be able to handle the increasing demands of log collection, analysis, and storage. 10. User and Entity Behaviour Analytics (UEBA): Advanced SIEM systems incorporate UEBA capabilities to establish baselines of normal behaviour for users and entities. Deviations from these baselines can trigger alerts for potential insider threats or compromised accounts. 11. Compliance and Reporting: The SIEM should assist organisations in meeting regulatory compliance requirements by offering predefined compliance reports and helping to demonstrate adherence to industry standards and regulations. 12. Advanced Analytics and Machine Learning: Employing machine learning and advanced analytics can enhance threat detection by identifying subtle patterns and anomalies that may indicate novel or sophisticated attacks. At this stage, the CPS is seeking to engage with the supply market as part of an information-gathering exercise to understand how suppliers might approach the provision of the services outline above, particularly with regards to any developments in service delivery and innovation. Suppliers who wish to express their interest in this potential opportunity should do so via the contact details contained within the notice and shall subsequently be invited to attend a virtual engagement session in which they may present their observations on how the requirements within this Prior Information Notice could be fulfilled. This presentation may take any format and should cover the following areas: * the latest developments / capabilities in SIEM technology * a cost estimation - provide a comprehensive breakdown of potential cost associated with the service provision to the CPS. This should include: setup costs, ongoing service costs, any cost related to customisation, support, or upgrades as well as any other incidental costs that may be incurred during the service.

Notice Details

Publication & Lifecycle

Open Contracting ID
ocds-h6vhtk-03efa9
Publication Source
Find A Tender Service
Latest Notice
https://www.find-tender.service.gov.uk/Notice/023781-2023
Current Stage
Planning
All Stages
Planning

Procurement Classification

Notice Type
Planning Notice
Procurement Type
Standard
Procurement Category
Services
Procurement Method
Not Specified
Procurement Method Details
Not specified
Tender Suitability
Not specified
Awardee Scale
Not specified

Common Procurement Vocabulary (CPV)

CPV Divisions

72 - IT services: consulting, software development, Internet and support

CPV Codes

72250000 - System and support services

Notice Value(s)

Tender Value
Not specified
Lots Value
Not specified
Awards Value
Not specified
Contracts Value
Not specified

Notice Dates

Publication Date
14 Aug 20232 years ago
Submission Deadline
Not specified
Future Notice Date
31 Jan 2024Expired
Award Date
Not specified
Contract Period
Not specified - Not specified
Recurrence
Not specified

Notice Status

Tender Status
Planned
Lots Status
Planned
Awards Status
Not Specified
Contracts Status
Not Specified

Buyer & Supplier

Contracting Authority (Buyer)

Main Buyer
CROWN PROSECUTION SERVICE
Contact Name
Patience Arinaitwe
Contact Email
patience.arinaitwe@cps.gov.uk
Contact Phone
Not specified

Buyer Location

Locality
LONDON
Postcode
SW1H 9EA
Post Town
South West London
Country
England
Major Region (ITL 1)
TLI London
Basic Region (ITL 2)
TLI3 Inner London - West
Small Region (ITL 3)
TLI35 Westminster and City of London
Delivery Location
TLI3 Inner London - West
Local Authority
Westminster
Electoral Ward
St James's
Westminster Constituency
Cities of London and Westminster

Further Information

Open Contracting Data Standard (OCDS)

View full OCDS Record for this contracting process

Download

The Open Contracting Data Standard (OCDS) is a framework designed to increase transparency and access to public procurement data in the public sector. It is widely used by governments and organisations worldwide to report on procurement processes and contracts. 

{
    "tag": [
        "compiled"
    ],
    "id": "ocds-h6vhtk-03efa9-2023-08-14T16:42:21+01:00",
    "date": "2023-08-14T16:42:21+01:00",
    "ocid": "ocds-h6vhtk-03efa9",
    "initiationType": "tender",
    "tender": {
        "id": "ocds-h6vhtk-03efa9",
        "legalBasis": {
            "id": "32014L0024",
            "scheme": "CELEX"
        },
        "title": "Provision of Security Incident Event Management Tool",
        "status": "planned",
        "classification": {
            "scheme": "CPV",
            "id": "72250000",
            "description": "System and support services"
        },
        "mainProcurementCategory": "services",
        "description": "Provision of a Security Incident Event Management Tool: The Crown Prosecution Service (CPS) is issuing a Prior Information Notice (PIN) to inform prospective suppliers of its intention to procure a Security Information and Event Management (SIEM) tool. CPS will go to market for a new SIEM system as part of its overall cybersecurity strategy.",
        "lots": [
            {
                "id": "1",
                "description": "The Crown Prosecution Service (CPS) is issuing a Prior Information Notice (PIN) to inform prospective suppliers of its intention to procure a Security Information and Event Management (SIEM) tool. CPS will go to market for a new SIEM system as part of its overall cybersecurity strategy. As a minimum, the tool should provide the following functionality: 1. Log Collection and Aggregation: The SIEM should be capable of collecting and aggregating logs and data from various sources across the CPS, such as network devices, servers, applications, cloud infrastructure, and endpoints/end-user-devices. 2. Integration and Compatibility: The SIEM should integrate seamlessly with existing security tools and technologies, such as intrusion detection/prevention systems (IDS/IPS), firewalls, antivirus solutions, and threat intelligence feeds. 3. Real-time Monitoring: The SIEM should provide real-time monitoring capabilities to detect and alert on suspicious or malicious activities as they occur. This involves continuous analysis of incoming log data to identify anomalies and patterns indicative of security threats. 4. Event Correlation and Analysis: The system should be able to correlate and analyse events from multiple sources to identify complex attack patterns that may go unnoticed when analysing individual events in isolation. 5. Threat Detection and Alerts: The SIEM should have threat detection mechanisms that can identify known threats based on signatures and behaviours, as well as emerging threats using advanced analytics and machine learning techniques. It should generate timely and actionable alerts for security teams. 6. Incident Response: The SIEM should facilitate efficient incident response by providing workflow and case management capabilities. This allows security teams to track, investigate, and remediate security incidents effectively. 7. Automated Remediation: The SIEM should be capable of integrating with network services and infrastructure to automatically mitigate significant threats in real time. 8. Data Retention and Storage: A SIEM system must be capable of storing and managing large volumes of log data over extended periods to support historical analysis, compliance requirements, and forensic investigations. An indicative estimate is 50TB of data over a rolling year. 9. Scalability: The SIEM should be scalable to accommodate growing data volumes and an expanding IT infrastructure. It should be able to handle the increasing demands of log collection, analysis, and storage. 10. User and Entity Behaviour Analytics (UEBA): Advanced SIEM systems incorporate UEBA capabilities to establish baselines of normal behaviour for users and entities. Deviations from these baselines can trigger alerts for potential insider threats or compromised accounts. 11. Compliance and Reporting: The SIEM should assist organisations in meeting regulatory compliance requirements by offering predefined compliance reports and helping to demonstrate adherence to industry standards and regulations. 12. Advanced Analytics and Machine Learning: Employing machine learning and advanced analytics can enhance threat detection by identifying subtle patterns and anomalies that may indicate novel or sophisticated attacks. At this stage, the CPS is seeking to engage with the supply market as part of an information-gathering exercise to understand how suppliers might approach the provision of the services outline above, particularly with regards to any developments in service delivery and innovation. Suppliers who wish to express their interest in this potential opportunity should do so via the contact details contained within the notice and shall subsequently be invited to attend a virtual engagement session in which they may present their observations on how the requirements within this Prior Information Notice could be fulfilled. This presentation may take any format and should cover the following areas: * the latest developments / capabilities in SIEM technology * a cost estimation - provide a comprehensive breakdown of potential cost associated with the service provision to the CPS. This should include: setup costs, ongoing service costs, any cost related to customisation, support, or upgrades as well as any other incidental costs that may be incurred during the service.",
                "status": "planned"
            }
        ],
        "items": [
            {
                "id": "1",
                "additionalClassifications": [
                    {
                        "scheme": "CPV",
                        "id": "72250000",
                        "description": "System and support services"
                    },
                    {
                        "scheme": "CPVS",
                        "id": "72250000-FB09",
                        "description": "For security system"
                    }
                ],
                "deliveryAddresses": [
                    {
                        "region": "UKI3"
                    }
                ],
                "relatedLot": "1"
            }
        ],
        "communication": {
            "futureNoticeDate": "2024-01-31T00:00:00Z"
        }
    },
    "parties": [
        {
            "id": "GB-FTS-90184",
            "name": "Crown Prosecution Service",
            "identifier": {
                "legalName": "Crown Prosecution Service",
                "noIdentifierRationale": "notOnAnyRegister"
            },
            "address": {
                "streetAddress": "102 Petty France",
                "locality": "LONDON",
                "region": "UKI3",
                "postalCode": "SW1H 9EA",
                "countryName": "United Kingdom"
            },
            "contactPoint": {
                "name": "Patience Arinaitwe",
                "email": "patience.arinaitwe@cps.gov.uk"
            },
            "roles": [
                "buyer"
            ],
            "details": {
                "url": "https://www.cps.gov.uk",
                "classifications": [
                    {
                        "scheme": "TED_CA_TYPE",
                        "id": "MINISTRY",
                        "description": "Ministry or any other national or federal authority, including their regional or local subdivisions"
                    },
                    {
                        "scheme": "COFOG",
                        "description": "Provision of a Security Incident Event Management Tool"
                    }
                ]
            }
        }
    ],
    "buyer": {
        "id": "GB-FTS-90184",
        "name": "Crown Prosecution Service"
    },
    "language": "en"
}