Planning

OT and IT Cybersecurity Services framework

SCOTTISH HYDRO ELECTRIC TRANSMISSION PLC

This public procurement record has 1 release in its history.

Planning

08 Jul 2024 at 19:20

Planning Notice
Summary of the contracting process

The Scottish Hydro Electric Transmission Plc. is planning to procure Operational Technology (OT) and IT Cybersecurity Services framework, valued at £150 million, in the Computer support and consultancy services category. The procurement stage is currently at the planning phase, with a submission deadline of August 19, 2024. The intended delivery location is the UK, and the buyer organisation is looking for suppliers who can provide cybersecurity services and professional services, including design assurance, security testing, and incident management.

This opportunity to provide cybersecurity services for the Scottish Hydro Electric Transmission Plc. presents a significant growth potential for businesses experienced in cybersecurity, IT managed services, and infrastructure consulting. Prospective suppliers need to demonstrate expertise in delivering similar services at scale, knowledge of OT and IT equipment, and accreditation to SOC2 or ISO27001 levels. The procurement process expects suppliers to commit to preventing modern slavery, reveal subcontractor identities, and have the capability to deliver services for the contract's duration, creating openings for specialised cybersecurity firms to thrive in providing critical national infrastructure services.

Find more tenders on our Open Data Platform.
How relevant is this notice?

D3 Tenders Premium

Win More Public Sector Contracts

AI-powered tender discovery, pipeline management, and market intelligence — everything you need to grow your public sector business.

Start Free Trial Book a Demo
All Features Pricing

Notice Information

Notice Title

OT and IT Cybersecurity Services framework

Notice Description

Scottish Hydro Electric Transmission Plc. (SHET) seeks a skilled provider of Operational Technology (OT) cybersecurity assurance services and IT cybersecurity services. The supplier will act as an independent assurance authority, ensuring that OT systems are designed, delivered and managed in a secure manner and in line with SHET and national standards. Among key responsibilities the prospective supplier would provide design assurance, assurance of onsite installation, security testing, threat-intelligence, and operational assurance. Additionally they may be required to provide ad-hoc projects and support with incident management and response, digital forensics, security, network and infrastructure consulting. The supplier should be able to provide CREST certified penetration testing services There may be a future requirement for IT managed services, IT cybersecurity services and project delivery services to be provided by the supplier, so it is desirable that the supplier have the capability to provide IT managed services (for example but not limited to networking, infrastructure, cybersecurity specialisms), cybersecurity services and professional services. This may include implementing new security tools or architectures. The PIN estimate reflects a combination of day to day capacity, flex contingency, potential ad-hoc projects and support services, and is not a promise or guarantee that the estimate will be reached during the initial or renewal terms.

Lot Information

Lot 1

Detailed description Among key responsibilities the prospective supplier would provide design assurance, assurance of onsite installation, security testing, threat-intelligence, and operational assurance. Additionally they may be required to provide ad-hoc projects and support with incident management and response, digital forensics, security, network and infrastructure consulting. SHET seeks suppliers with experience in all of the following; Audit Review & Compliance Cyber Security Training & Awareness Design and Build of Turnkey Cyber Security Services Digital Forensics Incident Management & Response Risk Assessment and Management Services Security Architecture Services Security Consultancy Security Testing Technical Cyber Assurance Vulnerability Management Desirable; o Infrastructure Managed Service Support o Network Service Managed Service Support o IT managed services delivery (including but not limited to networking, infrastructure, cybersecurity) o Vendor Cyber Assurance Managed Services. There may be a future requirement for IT managed services, IT cybersecurity services and project delivery services to be provided by the supplier, so it is desirable that the supplier have the capability to provide IT managed services (for example but not limited to networking, infrastructure, cybersecurity specialisms) and professional services. This may include implementing new security tools or architectures. The PIN estimate reflects a combination of day to day capacity, flex contingency, potential ad-hoc projects and support services, and is not a promise or guarantee that the estimate will be reached during the initial or renewal terms.

Renewal: Duration estimate reflects initial term with extension options up to a maximum term of 10 years

Notice Details

Publication & Lifecycle

Open Contracting ID
ocds-h6vhtk-047bc5
Publication Source
Find A Tender Service
Latest Notice
https://www.find-tender.service.gov.uk/Notice/020845-2024
Current Stage
Planning
All Stages
Planning

Procurement Classification

Notice Type
Planning Notice
Procurement Type
Framework
Procurement Category
Services
Procurement Method
Not Specified
Procurement Method Details
Not specified
Tender Suitability
Not specified
Awardee Scale
Not specified

Common Procurement Vocabulary (CPV)

CPV Divisions

72 - IT services: consulting, software development, Internet and support

CPV Codes

72600000 - Computer support and consultancy services

Notice Value(s)

Tender Value
£150,000,000 £100M-£1B
Lots Value
£150,000,000 £100M-£1B
Awards Value
Not specified
Contracts Value
Not specified

Notice Dates

Publication Date
8 Jul 20241 years ago
Submission Deadline
Not specified
Future Notice Date
18 Aug 2024Expired
Award Date
Not specified
Contract Period
Not specified - Not specified
Recurrence
Not specified

Notice Status

Tender Status
Planned
Lots Status
Planned
Awards Status
Not Specified
Contracts Status
Not Specified

Buyer & Supplier

Contracting Authority (Buyer)

Main Buyer
SCOTTISH HYDRO ELECTRIC TRANSMISSION PLC
Contact Name
James Pike
Contact Email
james.pike@sse.com
Contact Phone
Not specified

Buyer Location

Locality
PERTH
Postcode
PH1 3AQ
Post Town
Perth
Country
Scotland
Major Region (ITL 1)
TLM Scotland
Basic Region (ITL 2)
TLM0 Eastern Scotland
Small Region (ITL 3)
TLM02 Perth and Kinross, and Stirling
Delivery Location
Not specified
Local Authority
Perth and Kinross
Electoral Ward
Perth City North
Westminster Constituency
Perth and Kinross-shire

Further Information

Open Contracting Data Standard (OCDS)

View full OCDS Record for this contracting process

Download

The Open Contracting Data Standard (OCDS) is a framework designed to increase transparency and access to public procurement data in the public sector. It is widely used by governments and organisations worldwide to report on procurement processes and contracts. 

{
    "tag": [
        "compiled"
    ],
    "id": "ocds-h6vhtk-047bc5-2024-07-08T20:20:51+01:00",
    "date": "2024-07-08T20:20:51+01:00",
    "ocid": "ocds-h6vhtk-047bc5",
    "initiationType": "tender",
    "tender": {
        "id": "7648",
        "legalBasis": {
            "id": "32014L0025",
            "scheme": "CELEX"
        },
        "title": "OT and IT Cybersecurity Services framework",
        "status": "planned",
        "classification": {
            "scheme": "CPV",
            "id": "72600000",
            "description": "Computer support and consultancy services"
        },
        "mainProcurementCategory": "services",
        "description": "Scottish Hydro Electric Transmission Plc. (SHET) seeks a skilled provider of Operational Technology (OT) cybersecurity assurance services and IT cybersecurity services. The supplier will act as an independent assurance authority, ensuring that OT systems are designed, delivered and managed in a secure manner and in line with SHET and national standards. Among key responsibilities the prospective supplier would provide design assurance, assurance of onsite installation, security testing, threat-intelligence, and operational assurance. Additionally they may be required to provide ad-hoc projects and support with incident management and response, digital forensics, security, network and infrastructure consulting. The supplier should be able to provide CREST certified penetration testing services There may be a future requirement for IT managed services, IT cybersecurity services and project delivery services to be provided by the supplier, so it is desirable that the supplier have the capability to provide IT managed services (for example but not limited to networking, infrastructure, cybersecurity specialisms), cybersecurity services and professional services. This may include implementing new security tools or architectures. The PIN estimate reflects a combination of day to day capacity, flex contingency, potential ad-hoc projects and support services, and is not a promise or guarantee that the estimate will be reached during the initial or renewal terms.",
        "value": {
            "amount": 150000000,
            "currency": "GBP"
        },
        "lots": [
            {
                "id": "1",
                "description": "Detailed description Among key responsibilities the prospective supplier would provide design assurance, assurance of onsite installation, security testing, threat-intelligence, and operational assurance. Additionally they may be required to provide ad-hoc projects and support with incident management and response, digital forensics, security, network and infrastructure consulting. SHET seeks suppliers with experience in all of the following; Audit Review & Compliance Cyber Security Training & Awareness Design and Build of Turnkey Cyber Security Services Digital Forensics Incident Management & Response Risk Assessment and Management Services Security Architecture Services Security Consultancy Security Testing Technical Cyber Assurance Vulnerability Management Desirable; o Infrastructure Managed Service Support o Network Service Managed Service Support o IT managed services delivery (including but not limited to networking, infrastructure, cybersecurity) o Vendor Cyber Assurance Managed Services. There may be a future requirement for IT managed services, IT cybersecurity services and project delivery services to be provided by the supplier, so it is desirable that the supplier have the capability to provide IT managed services (for example but not limited to networking, infrastructure, cybersecurity specialisms) and professional services. This may include implementing new security tools or architectures. The PIN estimate reflects a combination of day to day capacity, flex contingency, potential ad-hoc projects and support services, and is not a promise or guarantee that the estimate will be reached during the initial or renewal terms.",
                "value": {
                    "amount": 150000000,
                    "currency": "GBP"
                },
                "contractPeriod": {
                    "durationInDays": 3600
                },
                "hasRenewal": true,
                "renewal": {
                    "description": "Duration estimate reflects initial term with extension options up to a maximum term of 10 years"
                },
                "status": "planned"
            }
        ],
        "items": [
            {
                "id": "1",
                "deliveryAddresses": [
                    {
                        "region": "UK"
                    }
                ],
                "deliveryLocation": {
                    "description": "Onsite delivery services to take place in the UK"
                },
                "relatedLot": "1"
            }
        ],
        "communication": {
            "futureNoticeDate": "2024-08-19T00:00:00+01:00"
        },
        "submissionMethod": [
            "electronicSubmission"
        ],
        "submissionMethodDetails": "https://sse.app.jaggaer.com/esop/guest/go/opportunity/detail?opportunityId=387",
        "selectionCriteria": {
            "criteria": [
                {
                    "type": "suitability",
                    "description": "Prospective suppliers should be able to commit that they have reasonable procedures in place for the prevention of modern slavery, human trafficking, financial crime and bribery Prospective suppliers should be able to commit to revealing the identity of any third party subcontractors or solutions upon which their delivery of services would be dependent. SHET may require the right to undertake business probity, financial, cybersecurity and other compliance reviews of subcontractors. Prospective suppliers may be required to sign a Non-Disclosure-Agreement before security sensitive content is shared with them Other or additional conditions of participation may be set out in the final tender documents.",
                    "appliesTo": [
                        "supplier"
                    ]
                },
                {
                    "type": "economic",
                    "description": "Prospective suppliers should have a minimum annual turnover of PS50m p.a. The financial standing of a prospective supplier must give SHET reasonable confidence that they can successfully fund the services for the duration and accept reasonable liability in line with the level of risk their project presents to SHET. Other/additional requirements may be set out in the final tender documents.",
                    "appliesTo": [
                        "supplier"
                    ]
                },
                {
                    "type": "technical",
                    "description": "Prospective suppliers should be able to evidence strong knowledge and experience in the delivery of similar services, at scale; ideally in a critical national infrastructure context. Prospective suppliers should be familiar with major brands of OT and IT equipment Additional requirements may be set out in the final tender documents.",
                    "minimum": "Prospective suppliers will be required to be accredited to SOC2 or ISO27001 level (or recognized equivalent) Prospective suppliers should be able to provide personnel based in the UK (during delivery) who have been through enhanced background vetting or carry current security clearance (SC or above). The same vetting expectation may be required for subcontractors of the supplier who work on the delivery Prospective suppliers should be knowledgeable in NIST standard SP800-53 Penetration test personnel provided should be CREST accredited. Additional requirements may be set out in the final tender documents",
                    "appliesTo": [
                        "supplier"
                    ]
                }
            ]
        },
        "otherRequirements": {
            "requiresStaffNamesAndQualifications": true
        },
        "techniques": {
            "hasFrameworkAgreement": true,
            "frameworkAgreement": {
                "maximumParticipants": 1,
                "periodRationale": "The cost, resource effort, complexity and business disruption to change a major support partner is substantial; 10 years reflects and reasonable period through which it is desirable to retain the services of a single supplier. It is desirable to retain a cybersecurity providers services for an extended time so they are deeply familiar with the recent history and practices of the organisation"
            }
        },
        "submissionTerms": {
            "languages": [
                "en"
            ]
        },
        "contractTerms": {
            "hasElectronicOrdering": true,
            "electronicInvoicingPolicy": "allowed",
            "hasElectronicPayment": true
        }
    },
    "parties": [
        {
            "id": "GB-COH-SC213461",
            "name": "SCOTTISH HYDRO ELECTRIC TRANSMISSION PLC",
            "identifier": {
                "legalName": "SCOTTISH HYDRO ELECTRIC TRANSMISSION PLC",
                "id": "SC213461",
                "scheme": "GB-COH"
            },
            "address": {
                "streetAddress": "Inveralmond House,200 Dunkeld Road",
                "locality": "PERTH",
                "region": "UKM77",
                "postalCode": "PH13AQ",
                "countryName": "United Kingdom"
            },
            "contactPoint": {
                "name": "James Pike",
                "email": "james.pike@sse.com"
            },
            "roles": [
                "buyer"
            ],
            "details": {
                "url": "https://www.ssen-transmission.co.uk/",
                "classifications": [
                    {
                        "scheme": "TED_CE_ACTIVITY",
                        "description": "IT Services"
                    }
                ]
            }
        },
        {
            "id": "GB-FTS-117914",
            "name": "SSE Plc.",
            "identifier": {
                "legalName": "SSE Plc."
            },
            "address": {
                "locality": "Perth, Scotland",
                "countryName": "United Kingdom"
            },
            "roles": [
                "reviewBody"
            ]
        }
    ],
    "buyer": {
        "id": "GB-COH-SC213461",
        "name": "SCOTTISH HYDRO ELECTRIC TRANSMISSION PLC"
    },
    "language": "en"
}