--- title: "Security Operation Centre" ocid: "ocds-h6vhtk-03c554" canonical_url: "https://d3tenders.com/contract/?ocid=ocds-h6vhtk-03c554" markdown_url: "https://d3tenders.com/contract/ocds-h6vhtk-03c554.md" json_url: "https://d3tenders.com/contract/ocds-h6vhtk-03c554.json" source: "Find A Tender Service" current_stage: "Planning" buyer: "WEST YORKSHIRE COMBINED AUTHORITY" published: "2023-04-28" --- # Security Operation Centre Buyer: WEST YORKSHIRE COMBINED AUTHORITY Current stage: Planning OCID: ocds-h6vhtk-03c554 [View canonical contract page](https://d3tenders.com/contract/?ocid=ocds-h6vhtk-03c554) [Download OCDS JSON](https://d3tenders.com/contract/ocds-h6vhtk-03c554.json) ## Summary The West Yorkshire Combined Authority is planning a tender titled "Security Operation Centre" in the services industry category. The Authority aims to implement Microsoft's Sentinel System Incident Event Monitoring tool and seeks an external party to provide a Security Operations Centre for 24/7 monitoring. The procurement is planned with a value of £250,000. The tender, initiated under the legal basis CELEX, is set to create opportunities for businesses to offer IT services such as consulting, software development, and Internet support. The communication of future notice is scheduled for May 22, 2023, with the delivery location being Leeds, UK. This tender by the West Yorkshire Combined Authority presents business growth opportunities for IT service providers specialising in cybersecurity solutions. Companies offering services related to SIEM implementation, security event monitoring, and incident response are well-suited to compete. The procurement stage is in the planning phase, allowing businesses to prepare comprehensive proposals aligning with the Authority's requirement to enhance cybersecurity posture and resilience. The Tender presents a chance for businesses to contribute to ensuring information security and identifying potential threats to the Combined Authority's assets and operations. ## Notice West Yorkshire Combined Authority would like to procure an external party to implement Microsoft's Sentinel System Incident Event Monitoring (SIEM) tool into its Azure environment. The Combined Authority require security events, that are captured and correlated by the SIEM solution, to be monitored 24/7 using an externally hosted Security Operations Centre (SOC). The Combined Authority will leverage the security alerts provided by the SOC: * To understand where the Combined Authority needs to focus its resources to maximise its cybersecurity posture. * To detect and respond to threats, keeping the information held on systems and networks secure. * To increase resilience by learning about the changing threat landscape (both malicious and non-malicious, internal and external) * To identify and address negligent or criminal behaviours. To derive business intelligence about user behaviours to shape and prioritise the development of technologies. ### Lot Information Lot 1 In January 2022, the Combined Authority received several recommendations from the Department Levelling Up, Housing and Communities (DLUHC). A number of these recommendations centred round a central logging solution and the ability to monitor events and act on alerts. Specifically, the following recommendations were stated: * Identify a suitable solution which is the best fit for the Combined Authority by carrying out an assessment of key log sources, required alerts and cost. * Upon implementation of a centralised logging solution ensure that log retention is documented and agreed. * Upon implementation of a centralised logging solution, automated log analysis and correlation functionality and a formal log incident triaging process should then be developed and documented. The SIEM solution must be able to provide a centralised logging solution which receives logs from all the Combined Authority's endpoints, network devices and applications. The SIEM will primarily be for security event capture and alerting, not necessarily capturing non security technical events. The SOC must be able to monitor and respond to the SIEM alerts on a 24/7/365 basis. Alerts which are of sufficient interest must be reported to ICT Services as per the Combined Authority's ICT incident response process and within agreed Service Level Agreement (SLA) time frames. The Combined Authority's Target Operating Model has considered both threats and assets. Threat analysis has taken into account the higher level of public awareness the Combined Authority has gained since it has become a Mayoral Authority. The Threat Actor Sophistication has been assessed using the Stix v2.1 framework. The Combined Authority's threat actor sophistication is expected to range from none to intermediate and potentially advanced, as per the framework. The Combined Authority faces several threats, typical of many government organisations. These threats range from data loss of sensitive Combined Authority data, ransomware, fraud via social engineering using attack vectors like phishing and smishing, to specific threats to a person of interest, such as politically or criminally motivated hacking attacks against the mayor and / or the Police & Crime Commissioner. ## Key Details | Field | Value | | --- | --- | | Publication source | Find A Tender Service | | Latest notice | https://www.find-tender.service.gov.uk/Notice/012388-2023 | | Notice type | Planning Notice | | Procurement type | Standard | | Procurement category | Services | | Procurement method | Not Specified | | Procurement method details | Not specified | | Tender suitability | Not specified | | Awardee scale | Not specified | | All stages | Planning | ## Dates | Field | Value | | --- | --- | | Publication date | 28 Apr 2023 | | Submission deadline | Not specified | | Future notice date | 21 May 2023 | | Award date | Not specified | | Contract period | Not specified | | Recurrence | Not specified | ## Values | Field | Value | | --- | --- | | Tender value | £250,000 | | Lots value | Not specified | | Awards value | Not specified | | Contracts value | Not specified | ## Status | Field | Value | | --- | --- | | Tender status | Planned | | Lots status | Planned | | Awards status | Not specified | | Contracts status | Not specified | ## Buyer | Field | Value | | --- | --- | | Main buyer | WEST YORKSHIRE COMBINED AUTHORITY | | Locality | LEEDS | | Post town | Leeds | | Postcode | LS1 2DE | | Country | England | | ITL 1 | TLE Yorkshire and The Humber | | ITL 2 | TLE4 West Yorkshire | | ITL 3 | TLE42 Leeds | | Local authority | Leeds | | Electoral ward | Little London & Woodhouse | | Westminster constituency | Leeds Central and Headingley | | Delivery location | TLE Yorkshire and The Humber | ## CPV Codes ### Divisions - 72 - IT services: consulting, software development, Internet and support ### Codes - 72000000 - IT services: consulting, software development, Internet and support ## Release History - 28 Apr 2023 at 15:39 - Planning - Planning Notice - https://www.find-tender.service.gov.uk/Notice/012388-2023 ## Notice URLs - https://uk.eu-supply.com/ctm/Company/CompanyInformation/Index/103257 - https://uk.eu-supply.com/ctm/Supplier/Documents/Folder/66481 - https://www.westyorks-ca.gov.uk ## Provenance This Markdown file is an alternate public rendering of the D3 Tenders contract record. The canonical page is https://d3tenders.com/contract/?ocid=ocds-h6vhtk-03c554. The underlying structured data is available as OCDS JSON at https://d3tenders.com/contract/ocds-h6vhtk-03c554.json.