Cyber Remediation Cyber Ops Delivery Partner

Concepts

• salford
• information technology
• enterprise security programme
• delivery activities
• cyber remediation
• cyber operations projects
• cyber remediation and cyber operations projects
• hmrc delivery areas
• delivery requests
• cyber security threats

Location

United Kingdom:

Description

HMRC Chief Digital and Information Office (CDIO) is the internal department tasked with the provision of critical IT services, which enable billions of pounds of annual tax revenue, customer interfaces, and other UK tax operational systems. The Enterprise Security Programme has secured investment for a three-year period which started April 2022. The investment for 2023/24 will contribute to HMRCs objectives by delivering enterprise-wide security improvements and support strategic planning and delivery activities (transformational, remediatory and enabling). The Cyber Remediation and Cyber Operations Projects are 2 of 5 projects within the Enterprise Security Programme. Their objective is to deliver risk mitigation by remediating known vulnerabilities across our systems and services through the application of patches, configuration changes and encryption, additional access & session monitoring controls as well as strengthening networks/vulnerability assessment security controls/assurance and enhance HMRCs capability to mitigate, detect and respond to Cyber Security threats.

Total Quantity or Scope

Services in scope are a range of services that HMRC utilises and relies upon to deliver its duties to the UK public. They are categorised in terms of critically and assigned a Gold/Silver/Bronze status. Some services also support critical national infrastructure (CNI), such as Real Time Information (RTI), New Tax Credits (NTC) and National Insurance and PAYE Service (NPS) • Co-ordination of Vulnerability scanning activity using third party and/or in-house vulnerability scanning tool and subsequent patching and hardening addressing vulnerability identified from vulnerability scans (~ 135 Services) • Co-ordination with incumbent suppliers to enable Transparent Data Encryption (TDE) for in-scope services (~30 Services) • Co-ordination of the implementation of Oracle Key Vault on to the HMRC Estate and facilitating the integration of existing HMRC Services onto Oracle Key Vault. • Co-ordination with incumbent supplier to apply Transport Layer Security (TLS) for in-scope services (~60 Services) • Co-ordination of Patching of WebLogic platform and upgrade to v10.3.6 and uplift of Java to v1.7 (~ 15 Services) • Co-ordination of the deployment of Skybox onto the HMRC Estate • Co-ordination with HMRC Delivery areas to on-board/integrate the Tenable Vulnerability Scanning tool for in scope HMRC Services Also, significant Programme/Project Management type activities co-ordinating delivery management and assurance working with internal HMRC delivery groups and IT suppliers. Key activities will cover the ordering and monitoring of work packages/delivery requests through from initiation to implementation, including handover of changes to the HMRC Service owner community . Additional information: This procurement will be conducted by way of an eSourcing event using HMRC's SAP Ariba eSourcing Portal. Please ensure you are registered with the HMRC SAP Ariba eSourcing Portal to gain access to the procurement documentation when it is released which will contain full details of the requirement. If you are not already registered, the registration link is: http://hmrc.supplier-eu.ariba.com/ad/register/SSOActions?type=full As part of the registration process you will receive a system generated email asking you to activate your SAP Ariba supplier account by verifying your email address. Once you have completed the activation process you will receive a further email by return confirming the 'registration process is now complete' and providing you with 'your organisation's account ID' number. If an email response from HMRC is not received within one working day of your request, please re-contact sapariba.hmrcsupport@hmrc.gov.uk (after first checking your spam in-box) notifying non-receipt and confirming when your registration request was first made. Once you have obtained 'your organization's account ID' number, please email james.gadsby@hmrc.gov.uk and copy in e.procurement@hmrc.gov.uk and sapariba.hmrcsupport@hmrc.gov.uk with your account ID number. Once you have complied with the foregoing you will receive an e-mail confirming access to the procurement event once it is built. Further information about HMRC's procurement tool SAP Ariba, a Suppliers Guide and general information about supplying to HMRC is available on the HMRC website: www.hmrc.gov.uk/about/supplying.htm If you have already registered on SAP Ariba then you may also need to re-register on HMRC's SAP Ariba in order to be added to the event. All clarification questions must be submitted via the SAP Ariba system messaging functionality and received by 17:00hrs 24/11/22.

Award Criteria

CPV Codes

• 72000000 - IT services: consulting, software development, Internet and support

Indicators

• This is a one-off contract (no recurrence)
• Renewals are not available.

Other Information

** PREVIEW NOTICE, please check Find a Tender for full details. **