--- title: "Provision of Security Incident Event Management Tool" ocid: "ocds-h6vhtk-03efa9" canonical_url: "https://d3tenders.com/contract/?ocid=ocds-h6vhtk-03efa9" markdown_url: "https://d3tenders.com/contract/ocds-h6vhtk-03efa9.md" json_url: "https://d3tenders.com/contract/ocds-h6vhtk-03efa9.json" source: "Find A Tender Service" current_stage: "Planning" buyer: "CROWN PROSECUTION SERVICE" published: "2023-08-14" --- # Provision of Security Incident Event Management Tool Buyer: CROWN PROSECUTION SERVICE Current stage: Planning OCID: ocds-h6vhtk-03efa9 [View canonical contract page](https://d3tenders.com/contract/?ocid=ocds-h6vhtk-03efa9) [Download OCDS JSON](https://d3tenders.com/contract/ocds-h6vhtk-03efa9.json) ## Summary The Crown Prosecution Service (CPS) is planning to procure a Security Incident Event Management Tool. This procurement falls under the 'services' category with a focus on system and support services. The CPS aims to engage suppliers through a Prior Information Notice to gather insights on potential service provisions. The planned procurement stage involves interaction with suppliers to understand the latest developments in SIEM technology and cost estimations. The CPS has set a future notice date of January 31, 2024, for this engagement exercise. This tender presents an opportunity for businesses specialising in cybersecurity services and technology solutions to compete for the provision of a SIEM tool to the Crown Prosecution Service. Companies offering services related to log collection, real-time monitoring, incident response, threat detection, compliance reporting, and machine learning in the cybersecurity domain are well-suited to participate. The planned engagement stage provides a platform for suppliers to showcase their capabilities, innovations, and cost-effective solutions tailored to meet the specific requirements outlined by the CPS for this procurement. ## Notice Provision of a Security Incident Event Management Tool: The Crown Prosecution Service (CPS) is issuing a Prior Information Notice (PIN) to inform prospective suppliers of its intention to procure a Security Information and Event Management (SIEM) tool. CPS will go to market for a new SIEM system as part of its overall cybersecurity strategy. ### Lot Information Lot 1 The Crown Prosecution Service (CPS) is issuing a Prior Information Notice (PIN) to inform prospective suppliers of its intention to procure a Security Information and Event Management (SIEM) tool. CPS will go to market for a new SIEM system as part of its overall cybersecurity strategy. As a minimum, the tool should provide the following functionality: 1. Log Collection and Aggregation: The SIEM should be capable of collecting and aggregating logs and data from various sources across the CPS, such as network devices, servers, applications, cloud infrastructure, and endpoints/end-user-devices. 2. Integration and Compatibility: The SIEM should integrate seamlessly with existing security tools and technologies, such as intrusion detection/prevention systems (IDS/IPS), firewalls, antivirus solutions, and threat intelligence feeds. 3. Real-time Monitoring: The SIEM should provide real-time monitoring capabilities to detect and alert on suspicious or malicious activities as they occur. This involves continuous analysis of incoming log data to identify anomalies and patterns indicative of security threats. 4. Event Correlation and Analysis: The system should be able to correlate and analyse events from multiple sources to identify complex attack patterns that may go unnoticed when analysing individual events in isolation. 5. Threat Detection and Alerts: The SIEM should have threat detection mechanisms that can identify known threats based on signatures and behaviours, as well as emerging threats using advanced analytics and machine learning techniques. It should generate timely and actionable alerts for security teams. 6. Incident Response: The SIEM should facilitate efficient incident response by providing workflow and case management capabilities. This allows security teams to track, investigate, and remediate security incidents effectively. 7. Automated Remediation: The SIEM should be capable of integrating with network services and infrastructure to automatically mitigate significant threats in real time. 8. Data Retention and Storage: A SIEM system must be capable of storing and managing large volumes of log data over extended periods to support historical analysis, compliance requirements, and forensic investigations. An indicative estimate is 50TB of data over a rolling year. 9. Scalability: The SIEM should be scalable to accommodate growing data volumes and an expanding IT infrastructure. It should be able to handle the increasing demands of log collection, analysis, and storage. 10. User and Entity Behaviour Analytics (UEBA): Advanced SIEM systems incorporate UEBA capabilities to establish baselines of normal behaviour for users and entities. Deviations from these baselines can trigger alerts for potential insider threats or compromised accounts. 11. Compliance and Reporting: The SIEM should assist organisations in meeting regulatory compliance requirements by offering predefined compliance reports and helping to demonstrate adherence to industry standards and regulations. 12. Advanced Analytics and Machine Learning: Employing machine learning and advanced analytics can enhance threat detection by identifying subtle patterns and anomalies that may indicate novel or sophisticated attacks. At this stage, the CPS is seeking to engage with the supply market as part of an information-gathering exercise to understand how suppliers might approach the provision of the services outline above, particularly with regards to any developments in service delivery and innovation. Suppliers who wish to express their interest in this potential opportunity should do so via the contact details contained within the notice and shall subsequently be invited to attend a virtual engagement session in which they may present their observations on how the requirements within this Prior Information Notice could be fulfilled. This presentation may take any format and should cover the following areas: * the latest developments / capabilities in SIEM technology * a cost estimation - provide a comprehensive breakdown of potential cost associated with the service provision to the CPS. This should include: setup costs, ongoing service costs, any cost related to customisation, support, or upgrades as well as any other incidental costs that may be incurred during the service. ## Key Details | Field | Value | | --- | --- | | Publication source | Find A Tender Service | | Latest notice | https://www.find-tender.service.gov.uk/Notice/023781-2023 | | Notice type | Planning Notice | | Procurement type | Standard | | Procurement category | Services | | Procurement method | Not Specified | | Procurement method details | Not specified | | Tender suitability | Not specified | | Awardee scale | Not specified | | All stages | Planning | ## Dates | Field | Value | | --- | --- | | Publication date | 14 Aug 2023 | | Submission deadline | Not specified | | Future notice date | 31 Jan 2024 | | Award date | Not specified | | Contract period | Not specified | | Recurrence | Not specified | ## Values | Field | Value | | --- | --- | | Tender value | Not specified | | Lots value | Not specified | | Awards value | Not specified | | Contracts value | Not specified | ## Status | Field | Value | | --- | --- | | Tender status | Planned | | Lots status | Planned | | Awards status | Not specified | | Contracts status | Not specified | ## Buyer | Field | Value | | --- | --- | | Main buyer | CROWN PROSECUTION SERVICE | | Locality | LONDON | | Post town | South West London | | Postcode | SW1H 9EA | | Country | England | | ITL 1 | TLI London | | ITL 2 | TLI3 Inner London - West | | ITL 3 | TLI35 Westminster and City of London | | Local authority | Westminster | | Electoral ward | St James's | | Westminster constituency | Cities of London and Westminster | | Delivery location | TLI3 Inner London - West | ## CPV Codes ### Divisions - 72 - IT services: consulting, software development, Internet and support ### Codes - 72250000 - System and support services ## Release History - 14 Aug 2023 at 15:42 - Planning - Planning Notice - https://www.find-tender.service.gov.uk/Notice/023781-2023 ## Notice URLs - https://www.cps.gov.uk ## Provenance This Markdown file is an alternate public rendering of the D3 Tenders contract record. The canonical page is https://d3tenders.com/contract/?ocid=ocds-h6vhtk-03efa9. The underlying structured data is available as OCDS JSON at https://d3tenders.com/contract/ocds-h6vhtk-03efa9.json.