---
title: "Privilege Access Management PoC"
ocid: "ocds-b5fd17-8f067b5e-3b8f-4f30-a895-35864320a501"
canonical_url: "https://d3tenders.com/contract/?ocid=ocds-b5fd17-8f067b5e-3b8f-4f30-a895-35864320a501"
markdown_url: "https://d3tenders.com/contract/ocds-b5fd17-8f067b5e-3b8f-4f30-a895-35864320a501.md"
json_url: "https://d3tenders.com/contract/ocds-b5fd17-8f067b5e-3b8f-4f30-a895-35864320a501.json"
source: "Contracts Finder"
current_stage: "Tender"
buyer: "MINISTRY OF JUSTICE"
published: "2022-04-14"
---

# Privilege Access Management PoC

Buyer: MINISTRY OF JUSTICE  
Current stage: Tender  
OCID: ocds-b5fd17-8f067b5e-3b8f-4f30-a895-35864320a501

[View canonical contract page](https://d3tenders.com/contract/?ocid=ocds-b5fd17-8f067b5e-3b8f-4f30-a895-35864320a501)  
[Download OCDS JSON](https://d3tenders.com/contract/ocds-b5fd17-8f067b5e-3b8f-4f30-a895-35864320a501.json)

## Summary

The Ministry of Justice is seeking proposals for a Privileged Access Management (PAM) proof of concept (PoC) contract, which aims to enhance security measures for system administration interfaces within Her Majesty's Courts and Tribunals Service (HMCTS). This opportunity falls under the services category, specifically focusing on data security software. The tender is currently in the active stage, with a submission deadline of 22 April 2022 and the PoC contract expected to commence on 2 May 2022 and conclude by 29 July 2022. The procurement method is open, allowing organisations to participate in the bidding process.

This tender presents a significant growth opportunity for businesses that specialise in cybersecurity solutions, particularly those offering PAM services, as HMCTS seeks to understand the benefits of implementing third-party security tools. Small and medium-sized enterprises (SMEs) are encouraged to apply, providing an avenue for innovative firms to showcase their expertise in mitigating cyber risks and enhancing security frameworks. Businesses equipped to address high-level requirements such as role-based access management and robust auditing capabilities will find this tender particularly aligned with their offerings.

## Notice

Opportunity Outline: PAM (Privileged Access Management) is an additional security measure that can be placed in front of a system administration interface. Her Majesty's Courts and Tribunals Service (HMCTS) intend to run a pro bono proof of concept (POC) process to better understand how PAM can help protect the department. What is PAM: PAM is based on two central concepts: Just in time Administration and Just enough Administration. Just in time Administration: No assumed access is granted; Request access must be made. A Temporary credential is given to the system administrator through workflow. Just enough administration: Just enough Administration is another way of describing the concept of least privilege. Benefits of PAM: It will make it more difficult for an attacker to pivot into critical services, from an already compromised management access workstation. It will introduce an additional source of auditing, making it easier to identify misuse of administration interfaces. This will act as a strong deterrent against the insider threat, where a legitimate system administrator may consider abusing their access. It will introduce additional guard rails to help system administrators. They will hold less responsibility to protect their access credentials. It will help protect them from accidentally making unintended changes. Privilege Access Management would be an Enterprise level initiative covering all business areas that are part of the strategic roadmap, however the initial focus is on two groups within HMCTS. This contract opportunity only covers the pro bono POC. Hence, it will be for a pro bono contract. Proof of Concept: HMCTS wish to run one POC with two suppliers, to understand if a third-party security tool would be of any benefit to HMCTS systems. The POC is envisioned to last up to 3 months and be carried out asap. High Level Requirements to be used for the POC: The Key requirements that operate as a baseline for mitigation of the Cyber risks are: Just-in-time Administration Request access - workflow Approval process Just enough Administration (Least privilege) Full system level/ global admin privilege should be an exception Definition of role-based access management Strong logging and auditing Logging keystrokes which could leverage behavioural analytics Session recording Centralisation Policy management and roll out Reporting / metrics - BI Based Periodical user entitlement reviews Additional information: Further information available, please email: CCMD-DandTSupplierInbox@justice.gov.uk

## Key Details

| Field | Value |
| --- | --- |
| Publication source | Contracts Finder |
| Latest notice | https://www.contractsfinder.service.gov.uk/Notice/2ff8ab9e-885c-4b5f-8508-e66147d07976 |
| Notice type | Tender Notice |
| Procurement type | Standard |
| Procurement category | Services |
| Procurement method | Open |
| Procurement method details | Open procedure (below threshold) |
| Tender suitability | SME |
| Awardee scale | Not specified |
| All stages | Tender |

## Dates

| Field | Value |
| --- | --- |
| Publication date | 14 Apr 2022 |
| Submission deadline | 22 Apr 2022 |
| Future notice date | Not specified |
| Award date | Not specified |
| Contract period | 1 May 2022 - 29 Jul 2022 |
| Recurrence | Not specified |

## Values

| Field | Value |
| --- | --- |
| Tender value | Not specified |
| Lots value | Not specified |
| Awards value | Not specified |
| Contracts value | Not specified |

## Status

| Field | Value |
| --- | --- |
| Tender status | Active |
| Lots status | Not specified |
| Awards status | Not specified |
| Contracts status | Not specified |

## Buyer

| Field | Value |
| --- | --- |
| Main buyer | MINISTRY OF JUSTICE |
| Locality | LONDON |
| Post town | East London |
| Postcode | E14 3PU |
| Country | England |
| ITL 1 | TLI London |
| ITL 2 | TLI4 Inner London - East |
| ITL 3 | TLI42 Tower Hamlets |
| Local authority | Tower Hamlets |
| Electoral ward | Island Gardens |
| Westminster constituency | Poplar and Limehouse |
| Delivery location | Not specified |

## CPV Codes

### Divisions

- 48 - Software package and information systems

### Codes

- 48732000 - Data security software package

## Release History

- 14 Apr 2022 at 09:46 - Tender - Tender Notice - https://www.contractsfinder.service.gov.uk/Notice/2ff8ab9e-885c-4b5f-8508-e66147d07976

## Documents

- https://www.contractsfinder.service.gov.uk/Notice/2ff8ab9e-885c-4b5f-8508-e66147d07976
  14th April 2022 - Opportunity notice on Contracts Finder
- https://www.contractsfinder.service.gov.uk/Notice/Attachment/423d39e7-e0cc-4738-a0a4-a2ffdf95064f
  n/a

## Provenance

This Markdown file is an alternate public rendering of the D3 Tenders contract record. The canonical page is https://d3tenders.com/contract/?ocid=ocds-b5fd17-8f067b5e-3b8f-4f30-a895-35864320a501. The underlying structured data is available as OCDS JSON at https://d3tenders.com/contract/ocds-b5fd17-8f067b5e-3b8f-4f30-a895-35864320a501.json.