Ealing ICT Cyber Security Contract 2023

Description

Ealing Council required a range of managed security services provided by a trusted single source supplier who could provide flexible and integrated support over a 3 year contract term. This was to replace the existing contract for these services that expired on 28th February 2023. The contracting authority was seeking to procure services for: 1) Managed Security Operations Centre (SOC) a) Security monitoring, threat protection, threat hunting and incident response covering a digital estate of over 4000 endpoints and 300 servers, across Windows, Linux, and Cloud-based (Azure) operating systems and environments; b) Incident investigations, triage, and response; c) Vulnerability scanning of many IP ranges / hosts with remediation tracking. 2) Incident Response a) Implementation of joint incident response processes for major incidents, out-of-band communication mechanisms, and management plans Incident investigations, triage, and response; b) Forensic analysis of indicators of compromise and analysis of malware samples to understand the extent of a compromise should it occur; c) Rapid remote interception of, containment of, and response to live cyber threats; d) Triage and first response without requiring intervention from Ealing personnel; e) This should be read and answered in conjunction with the SOC requirement as complimentary services/capabilities. 3) Penetration Testing a) Security audits and assessment including penetration testing of web applications and infrastructure, configuration and build reviews, etc... b) IT Health Check Testing delivered by suitably qualified and experienced personnel, in accordance with NCSC Protocols; c) 'Red Team' attack simulation services; d) The supplier should be able to provide resourcing for approximately 100 days of penetration testing per annum. The Council awarded a call off contract to Jumpsec Limited from the Crown Commercial Services Dynamic Purchasing System (DPS) "Cyber Security Services 3 - RM3764.3", in accordance with the rules of the DPS for the provision of ICT Cyber Security Services for a duration of three years commencing on the 1 March 2023, with a budget of £0.360m per annum. Lot 1: Ealing Council required a range of managed security services provided by a trusted single source supplier who could provide flexible and integrated support over a 3 year contract term. This was to replace the existing contract for these services that expired on 28th February 2023. The contracting authority was seeking to procure services for: 1) Managed Security Operations Centre (SOC) a) Security monitoring, threat protection, threat hunting and incident response covering a digital estate of over 4000 endpoints and 300 servers, across Windows, Linux, and Cloud-based (Azure) operating systems and environments; b) Incident investigations, triage, and response; c) Vulnerability scanning of many IP ranges / hosts with remediation tracking. 2) Incident Response a) Implementation of joint incident response processes for major incidents, out-of-band communication mechanisms, and management plans Incident investigations, triage, and response; b) Forensic analysis of indicators of compromise and analysis of malware samples to understand the extent of a compromise should it occur; c) Rapid remote interception of, containment of, and response to live cyber threats; d) Triage and first response without requiring intervention from Ealing personnel; e) This should be read and answered in conjunction with the SOC requirement as complimentary services/capabilities. 3) Penetration Testing a) Security audits and assessment including penetration testing of web applications and infrastructure, configuration and build reviews, etc... b) IT Health Check Testing delivered by suitably qualified and experienced personnel, in accordance with NCSC Protocols; c) 'Red Team' attack simulation services; d) The supplier should be able to provide resourcing for approximately 100 days of penetration testing per annum. The Council awarded a call off contract to Jumpsec Limited from the Crown Commercial Services Dynamic Purchasing System (DPS) "Cyber Security Services 3 - RM3764.3", in accordance with the rules of the DPS for the provision of ICT Cyber Security Services for a duration of three years commencing on the 1 March 2023, with a budget of £0.360m per annum.