Stonewater Limited : Provision of a Managed Detection and Response Cyber Security Service

UK-Joey Barron: Computer support and consultancy services.
Section I: Contracting Authority
      I.1) Name and addresses
             Stonewater Commercial Limited
             Suite C, Lancaster House, Grange Business Park, Enderby Road, Joey Barron, LE8 6EP, United Kingdom
             Tel. +44 7764791080, Email: joey.barron@stonewater.org
             Contact: Joey Barron
             Main Address: https://www.stonewater.org/
             NUTS Code: UKF25
      I.2) Joint procurement
      The contract involves joint procurement: No.
      In the case of joint procurement involving different countries, state applicable national procurement law: Not provided       
      The contract is awarded by a central purchasing body: No.
      I.3) Communication
      The procurement documents are available for unrestricted and full direct access, free of charge, at: https://www.delta-esourcing.com/tenders/UK-UK-Joey-Barron:-Computer-support-and-consultancy-services./H25NGB5638
      Additional information can be obtained from: the abovementioned address
      Tenders or requests to participate must be sent to the abovementioned address       
      Electronic communication requires the use of tools and devices that are not generally available. Unrestricted and full direct access to these tools and devices is possible, free of charge, at: Not provided
      I.4) Type of the contracting authority
            Body governed by public law
      I.5) Main activity
            Housing and community amenities

Section II: Object
II.1) Scope of the procurement
      II.1.1) Title: Provision of a Managed Detection and Response Cyber Security Service       
      Reference Number: Not provided
      II.1.2) Main CPV Code:
      72600000 - Computer support and consultancy services.

      II.1.3) Type of contract: SERVICES
      II.1.4) Short description: a.The scope of services for the Minimum Detection and Response (MDR) cyber security requirement includes the implementation of a comprehensive MDR solution for Stonewater Housing Association's digital infrastructure. This encompasses continuous 24/7 monitoring of network traffic, systems, applications, and endpoints. The MDR solution will employ advanced threat detection mechanisms, escalate incidents based on severity, conduct rapid incident investigations, integrate threat intelligence feeds, facilitate immediate response and mitigation actions, support forensic analysis, ensure robust logging and reporting, adhere to compliance regulations, demonstrate performance and scalability, undergo thorough testing, provide training and ongoing technical support, and remain subject to periodic review and updates to address evolving cyber threats and best practices.
b.An extended Scope of Services can be viewed within the document ‘Appendix A – Extended Scope of Services'       
      II.1.5) Estimated total value:
      Value excluding VAT: 160,000       
      Currency: GBP
      II.1.6) Information about lots:
      This contract is divided into lots: No       
   
II.2) Description
      
      II.2.2) Additional CPV codes:
      Not Provided       
      II.2.3) Place of performance:
      UKF25 North Northamptonshire
      
      II.2.4) Description of procurement: a.The scope of services for the Minimum Detection and Response (MDR) cyber security requirement includes the implementation of a comprehensive MDR solution for Stonewater Housing Association's digital infrastructure. This encompasses continuous 24/7 monitoring of network traffic, systems, applications, and endpoints. The MDR solution will employ advanced threat detection mechanisms, escalate incidents based on severity, conduct rapid incident investigations, integrate threat intelligence feeds, facilitate immediate response and mitigation actions, support forensic analysis, ensure robust logging and reporting, adhere to compliance regulations, demonstrate performance and scalability, undergo thorough testing, provide training and ongoing technical support, and remain subject to periodic review and updates to address evolving cyber threats and best practices.
b.An extended Scope of Services can be viewed within the document ‘Appendix A – Extended Scope of Services – Provision of MDR Cyber Security Services’.
      II.2.5) Award criteria:
            Criteria below
            Quality criterion - Name: Implementation / Weighting: 10
            Quality criterion - Name: Continuous Improvement / Weighting: 10
            Quality criterion - Name: Contract Management / Weighting: 10
            Quality criterion - Name: Understanding and Compliance with Regulatory Environment / Weighting: 10
            Quality criterion - Name: Sample Reports, Documentation and System Review / Weighting: 10
            Quality criterion - Name: Social Value and Sustainability / Weighting: 10
                        
            Cost criterion - Name: Total Contract Value / Weighting: 10
                              
      II.2.6) Estimated value:
      Value excluding VAT: 160,000       
      Currency: GBP       
      II.2.7) Duration of the contract, framework agreement or dynamic purchasing system:
      Duration in months: 24       
      This contract is subject to renewal: Yes       
      Description of renewals: After the initial 24 months there are 3, 12 month extensions, optional to Stonewater.
      
      II.2.10) Information about variants:
      Variants will be accepted: No
      II.2.11) Information about options:
      Options:       No             
      Description of options: Not provided
      II.2.12) Information about electronic catalogues:
      Tenders must be presented in the form of electronic catalogues or include an electronic catalogue: No
      II.2.13) Information about European Union funds:
      The procurement is related to a project and/or programme financed by European Union funds: No       
      Identification of the project: Not provided             
      II.2.14) Additional information: Not provided       


Section III: Legal, Economic, Financial And Technical Information
   III.1) Conditions for participation
      III.1.1) Suitability to pursue the professional activity, including requirements relating to enrolment on professional or trade registers
      List and brief description of conditions:          
      Compliance and Legal Requirements

General Data Protection Regulation (GDPR):
a. As a data controller, Stonewater must ensure the protection and lawful processing
of personal data of its residents, employees, and stakeholders.

Data Protection Act 2018:
a. This UK-specific legislation supplements GDPR and outlines specific data protection
requirements, including data subject rights and lawful processing of personal data.

Charities Act 2011:
a. Comply with the regulations and reporting obligations under the Charities Act,
considering Stonewater's charity status.

Financial Conduct Authority (FCA) Regulations:
a. If Stonewater provides financial services or operates certain financial activities, it
must adhere to FCA regulations relevant to data protection and cybersecurity.

Housing Ombudsman Service Standards:
a. Ensure that cybersecurity practices align with the Housing Ombudsman Service Standards for housing associations, providing secure and reliable services to residents.

Cyber Essentials Certification:
a. Obtain and maintain the Cyber Essentials Plus certification, demonstrating commitment to basic cybersecurity hygiene and protection against common threats.

BSI ISO/IEC 27001:
a. Although not mandatory, adopting ISO/IEC 27001 can provide a structured framework for information security management and assurance to stakeholders.

Equality Act 2010:
a. While not cybersecurity-specific, Stonewater must ensure that its cybersecurity practices do not discriminate against any individuals based on protected characteristics under the Equality Act.

Public Services Network (PSN) Compliance:
a. If Stonewater connects to public sector networks, adhere to the PSN compliance requirements for secure data sharing and communication.

National Housing Federation (NHF) Guidelines:
a. Align with NHF guidelines for housing associations, considering their recommendations on cybersecurity and data protection.

UK Government Cybersecurity Guidance:
a. Follow the National Cyber Security Centre (NCSC) guidelines and recommendations for effective cybersecurity practices in the public and nonprofit sectors.

Charity Commission Guidance:
a. Comply with Charity Commission guidance relevant to data protection, security, and operational practices for charities.
b. It's important for Stonewater to continuously monitor and adapt to changes in regulations, standards, and guidelines applicable to its sector. Adhering to these compliance mandates will help ensure the protection of sensitive data, maintain stakeholder trust, and uphold the organisation's reputation.    
      III.1.2) Economic and financial standing          
      Selection criteria as stated in the procurement documents       
      List and brief description of selection criteria:       
      Not Provided    
      Minimum level(s) of standards possibly required (if applicable) :       
      Not Provided    
      III.1.3) Technical and professional ability    
      Selection criteria as stated in the procurement documents
      List and brief description of selection criteria:       
      Not Provided      
      Minimum level(s) of standards possibly required (if applicable) :          
      Not Provided   
      III.1.5) Information about reserved contracts (if applicable)   
      The contract is reserved to sheltered workshops and economic operators aiming at the social and professional integration of disabled or disadvantaged persons: No       
      The execution of the contract is restricted to the framework of sheltered employment programmes: No    
      
   III.2) Conditions related to the contract
      III.2.1) Information about a particular profession    
      Reference to the relevant law, regulation or administrative provision:          
      Not Provided    
      III.2.2) Contract performance conditions          
      Not Provided          
      III.2.3) Information about staff responsible for the performance of the contract
      Obligation to indicate the names and professional qualifications of the staff assigned to performing the contract: No

Section IV: Procedure
   IV.1) Description OPEN
      IV.1.1) Type of procedure: Open   
   
   IV.1.3) Information about a framework agreement or a dynamic purchasing system    
         The procurement involves the establishment of a framework agreement - NO    
         In the case of framework agreements justification for any duration exceeding 4 years: Not Provided    
   
   
   IV.1.6) Information about electronic auction:
      An electronic auction will be used: No
      Additional information about electronic auction: Not provided
   IV.1.8) Information about the Government Procurement Agreement (GPA)
      The procurement is covered by the Government Procurement Agreement: Yes       
   IV.2) Administrative information
      IV.2.1) Previous publication concerning this procedure:
         Notice number in the OJ S: Not provided       
      IV.2.2) Time limit for receipt of tenders or requests to participate
       Date: 04/10/2023 Time: 12:00
            
      IV.2.4) Languages in which tenders or requests to participate may be submitted: English,       
      IV.2.6) Minimum time frame during which the tenderer must maintain the tender:
         Duration in month(s): 4
      
      IV.2.7) Conditions for opening of tenders:
         Date: 04/10/2023
         Time: 12:01
         Place:
         Online via the Delta Portal
      

Section VI: Complementary Information
   VI.1) Information about recurrence
   This is a recurrent procurement: No    
   Estimated timing for further notices to be published: Not provided
   VI.2) Information about electronic workflows
   Electronic ordering will be used Yes       
   Electronic invoicing will be accepted Yes       
   Electronic payment will be used Yes       
   VI.3) Additional Information: The contracting authority considers that this contract may be suitable for economic operators that are small or medium enterprises (SMEs). However, any selection of tenderers will be based solely on the criteria set out for the procurement.
To view this notice, please click here:
https://www.delta-esourcing.com/delta/viewNotice.html?noticeId=804897052
   VI.4) Procedures for review
   VI.4.1) Review body:
             His Majesty's High Court of Justice
       Strand, London, London, WC2A 2LL, United Kingdom
   VI.4.2) Body responsible for mediation procedures:
Not provided
   VI.4.3) Review procedure
   Precise information on deadline(s) for review procedures:    
    Not Provided    
   VI.4.4) Service from which information about the lodging of appeals may be obtained:
          Jephson Housing Association Group
       Unit 12, Narrowboat Way, Brierley Hill, DY5 1UF, United Kingdom
       Tel. +44 1384471065
   VI.5) Date Of Dispatch Of This Notice: 24/08/2023

Annex A