1. Home
  3. DPS marketplace
Cyber Security Services 3 DPS

Clarifications

There are 131 clarifications for this DPS

56. Within Attachment 1 - Cyber Services 3 Filter Matrix v1 you have MPPV (1, 2, 3) standard listed in Filter 3 tab. Please can you confirm that this relates to the NPPV scheme run by Warwickshire police?
We can confirm that it is NPPV (Non-Police Personnel Vetting). CCS is currently correcting the sub filter and will notify all suppliers once the DPS and he bid pack documents have been amended.
Answered
18/02/2020 10:09
55. Hi Team: Core Terms provide for unlimited liability for breaches of, inter alia, data, laws and IP (Core Terms 11.5)). This isn't industry standard for the type of services requested by the ITT and may prevent Tier 1 suppliers from bidding on this framework or subsequent call-off engagements. This further contradicts guidance in the Outsourcing Playbook published by the Government Commercial Function advising government entities not to ask suppliers to accept unlimited liability or to assume unreasonable/ un-quantifiable risk. Please advise whether CCS would consider introducing a reasonable liability cap for these categories or include within the general damages cap on both framework and call-off levels.
CCS can confirm that following further review of the clarification questions received in relation to the liability clauses within the Core Terms of the Terms and Conditions, a Special Term (7) has now been included in the DPS Appointment Form. The DPS Appointment Form is electronically signed by the Supplier in the DPS Agreeing stage, to enable a Supplier to become 'Appointed' to the DPS (as detailed in Section 6 of the READ First DPS Needs document within the bid pack). This special term (7) removes the unlimited liability on Suppliers for GDPR breach and replaces it with a £10m cap. CCS consider this a reduction in exposure which should reduce Suppliers' perceived risk. Please refer to Attachment 7 - Part 2, in the DPS Bid Pack to locate the amended DPS Appointment Form V2.0 for information.
Answered
12/02/2020 12:58
52. We have a clarification question on Question 77 Cyber Security Services 3 DPS Registration Questionnaire. Our question : Please can we check that we are interpreting this question correctly. Should we read it as; "Does your organisation have the following standards (certifications)" E.g. Does your organisation have people with DV clearances? Or does it mean "Is your organisation able to certify to these standards?" E.g. Are you able to issue DV clearances? 77. Please select the 'Standards', that your organisation is able to provide 'Non-assured NCSC Services' for. Tick all that apply. Cyber Essentials Plus CREST/Tiger/Cyber/Other Qualified PCI Assessor Project Management - APM Qualified Project Management - PRINCE Qualified Clearance: Counter Terrorist Check Clearance: Security Check Clearance: Developed Vetting MPPV 1,2,3
This question is referring to whether your organisation has staff who are cleared to a particular security level (some Govt organisations will require staff and contractors to be cleared to a certain level before being given access to their premises and or data). It is not asking whether your organisation is able to issue security clearances.
Answered
06/02/2020 12:36
51. RM3764iii Cyber Services 3 - Dynamic Purchasing Systems Agreement. Selection Questionnaire: Question 1. Question 0.1 Asks, do you want to submit a completed EU ESPD in response to questions 21 through to 103.60 (Sub-Contractor questions) and questions 105 through to 126 (Exclusion Grounds) of this Selection questionnaire? We are not listing or using any Sub-Contractors, therefore not providing a response to questions 21 through to 103.60, but are we still required to provide a response to questions 105 through to 126 (Exclusion Grounds). Question 2. Part 3: For the Relevant Experience Questions 133, 134, and 135 we have responded no, as in Section 4.35 of the Dynamic Purchasing System Agreement, page 15, it states that Part 1, Example 1, 2 and 3, questions Q133, Q134 and Q135, are not applicable to this RM376iii - Cyber Services 3 procurement. Can you please confirm that this is correct
Q1 - Yes you are required to provide a response to all mandatory questions including questions 105 to 126. Q2 part 3 - That is correct, questions 133 - 135 are not applicable as detailed in the READ FIRST DPS Needs document
Answered
12/02/2020 13:01
49. For the purpose of the SQ and DPS submission do we need to complete the Financial Assessment Document? We are aware the Subcontractors and Economic attachments should be completed based on the answer in response to this. Could you also confirm where we would upload the document if this is required?
CCS can confirm that attachement 3 Financial Assessment in the Bid Pack is for information only and will be used by CCS Commercial Finance Team in the event that a supplier fails to meet the financial threashold score of 40 as detailed in section 14.3 of the READ FIRST DPS Needs document. Further information in relation to financial criteria for this DPS can be loacted in section 4.11 to 4.20 (Economic and Financil Standing) of the READ FIRST DPS Needs document.
Answered
19/02/2020 13:15
48. Hi, there is not a DPS schedule 3 (DPS Pricing), could you please provide this? Thanks
DPS Schedule 3 (DPS Pricing) can be found in the bid pack under Attachment 7 - Part 2 (Terms and Conditions). Pricing itself is set by the buyer at the call-off stage.
Answered
11/02/2020 08:32
47. Within the documentation it states the following: Selection Questionnaire - Not Applicable questions: 4.35. There are questions in the Selection Questionnaire that are not applicable for this RM3764iii - Cyber Services 3 procurement, therefore please note, a response is NOT required to the questions as detailed below:  Part 1: (Contract Example 1) - Q133  Part 1: (Contract Example 2) - Q134  Part 1: (Contract Example 3) - Q135  Part 3: (Steel) Q147 - Q149  Part 3: (Supply Chain) Q150 - Q154  Part 3: (NHS Questions) Q157 - Q161 4.36. Evidence submission stage for the following questions  Q166 - Q172;  Q174;  Q176; and  Q179 - Q185 Also it states these questions/questions with evidences are not applicable for this process. Can you confirm for certain this is not required for these questions at the SQ stages. Therefore, if a response/evidenced documentation has not been provided against these we will not be disqualified from the tendering process. Thanks
CCS can confirm in accordance withthe READ FIRST DPS Needs document within the bid pack the not applicable questions you have referred to do not require a response.
Answered
12/02/2020 12:57
46. Are there any logos we can use once appointed to advertise the fact that we are on this DPS?
Suppliers appointed to this agreement are encouraged to promote the fact that their goods and services are available through a CCS agreement to prospective public sector buyers. Once appointed suppliers can request a copy of the marketing toolkit which includes logos and guidance.
Answered
11/02/2020 08:31
44. In the Bid Pack document: READ FIRST RM3764iii Cyber Services DPS Needs v1 you say: "You need to send your questions through the DPS Marketplace clarification link (on SRS) or the DPS Mailbox address info@crowncommercial.gov.uk and as detailed in the OJEU Contract Notice. Both options can be used to communicate with us." As far as we can see, there is no DPS Marketplace clarification link on SRS and our attempt to use Live Chat (ref 10302401) did not get a response, so we are hoping that you will be able to route our questions to the appropriate person via this general mailbox. Here are the questions: 1. The online Selection Questionnaire HMG_UNIT_SQ-363-v8 seems to include questions on which CESG cyber certifications we hold, but these questions are not in the pdf version of the SQ in the RM3764iii Cyber Services DPS bid pack and do not appear to be referenced anywhere else in the documentation. Can you clarify please? The pdf version of the SQ does reference NCSC Assured and Non-assured services (Q65-77 in the Registration Questionnaire section) and they are included in Attachment 1 - Cyber Services 3 Filter Matrix v1. However there is no mention of them in the mandatory requirements (RM3764iii Cyber services 3 DPS Buyer Needs v1, section 3). Bramble Hub uses sub-contractor partners to deliver its services, who have NCSC certified specialists (CPP )and products (CAPS). Are we correct in understanding that we can bid for the framework?
CCS can confirm sub-scontractors are permissable as part of bidders DPS submission. For full details on how to register for the Supplier Registration Service (SRS) and how to apply for the RM3764.iii Cyber Services 3 DPS, please refer to the READ First DPS Needs document in the bid pack.
Answered
31/01/2020 11:36
43. Please could you provide an ETA / timeframe that clarification questions are responded to? We were hoping to submit our response on the 13th, however are unable to do so without having confirmed and completed documentation to meet Framework requirements.
Can you please advise which clarification questions you are referring to as unanswered to enable CCS to further investigate.
Answered
12/02/2020 12:56
42. In relation to Clause 10.5.2 - where it states that payment obligations stop immediately on termination save for any accumulated rights. Can you confirm that the Buyer is still liable for payment of work performed up until termination?
The Buyer is obliged to pay invoices for all undisputed Goods and Services delivered up to the point of termination in accordance with Clause 4.4.
Answered
13/02/2020 11:20
41. In relation to Core Term 14.3 - can you confirm that this is only related to engagements where we (the Supplier) would be the only holder of the data such as a managed service.
Please refer to the definition of Government Data in Joint Schedule 1. The Supplier is required to securely hold any Government Data it receives from the Buyer through the course of the Order Contract as specified in this Clause.
Answered
13/02/2020 11:21
40. Hi, we have been accepted onto the Cyber Security Services 3 DPS, as an Appointed Supplier. However we are unable to see where we upload service definitions etc. We clicked on the Update Evidence button on our dashboard profile however it advised that no evidence is required. If this is the case please advise if there are any other actions we need to do at this stage, thanks
CCS can confirm that suppliers are not required to upload definitions of service definitions in support of the services selected in their submission. Once appointed to the DPS, there are no further actions required only those specified by buying organisations at compeition stage, if a supplier is invited to a competition. Additionally, any requirements as specified in the Terms and Conditions (T's&C's) such as MI, Cyber certification etc, which will be requested by the designated CCS Commercial Agreement Manger in accordance with the T's&C's.
Answered
31/01/2020 11:07
39. With regards to Joint Schedule 4 (Commercially Sensitive Information) which applies to both a call off/and the framework contract. Could you confirm if suppliers are required to complete the order form template at this stage?
The order form template forms the contract between the customer (buying organisation) and you as the supplier and therefore does not need to be completed until you have tendered for and are awarded work under a call-off.
Answered
02/04/2020 08:22
38. There is a Guarantee in Joint schedule 8. Can you clarify that a DPS Guarantee is not required as a condition of the award of the DPS Contract?
CCS can confirm that a guarantor may be required subject to CCS Commercial Finance team assessment, in the event that a supplier fails to meet the financial threshold score (40) for this DPS, and any subsequent additional financial requirements as specified at section 4.11 - 4.20 of the READ First DPS Needs document which forms part of the bid pack. Guarantors are corporate guarantors and will only be permissable at CCS request as above. A guarantor is not a condition of appointment to this DPS unless specified by CCS Commercial Finance team in accordance with the response provided above.
Answered
31/01/2020 11:08
37. 1. Can we bid on one lot and subsequently bid/ add to the lots as and when? For example if we bid on Lot 1 now and are live and active, perhaps 2 months later wish to be on Lot 2 and 3 - will this be possible to be added as a supplier at any time during the DPS Agreement? 2. Can you clarify what is the assessment timelines from when a DPS is submitted to award selection? 3. How long does the assessment of the evaluation take from submission to when a supplier can be approved under the DPS and be live?
CCS can confirm that there are no Lots in a DPS. Suppliers as part of their DPS submission confirm which of the services they can provide as detailed in Attachment 1 - Cyber Services 3 filters as detailed in the bid pack. During the lifetime of the DPS, suppliers can update their service offering (add/ remove) by following the Update Answers guidance as detailed in the READ First DPS Needs document which forms part of the bid pack. CCS can confirm that assessment timelines are subject to supplier responses. For example if a supplier successfully completes their DPS submission on day 1 of commencing their Selection Questionnaire by meeting all the required selection criteria, they can become appointed to the DPS on the same day. However, in the event a supplier fails to meet all of the selection questionnaire requirements and enters into assessing stage, CCS have 15 working days to work with the supplier and conclude the reasons for assessing status.
Answered
31/01/2020 11:12
36. With regards to Joint schedule 3 (Insurance), Clause 7.2 - Except where the Relevant Authority is the claimant party, the Supplier shall give the Relevant Authority notice within twenty (20) Working Days after any insurance claim in excess of 10% of the sum required to be insured pursuant to Paragraph 5.1 relating to or arising out of the provision of the Deliverables or this Contract on any of the Insurances or which, but for the application of the applicable policy excess, would be made on any of the Insurances and (if required by the Relevant Authority) full details of the incident giving rise to the claim. Can you please clarify that this notification is only applicable to third party claims which would have the effect of reducing the level of minimum cover available for any claims under a Contract?
Yes, that is correct. CCS can confirm this notification is only applicable to third party claims which would have the effect of reducing the level of minimum cover available for any claims under a Contract
Answered
13/02/2020 11:17
35. Bid pack Attachment 6 Selection Questionaire PDF (inf only) - lists Joint Schedule 5 (Corporate Social Responsibility) RM3764.iii. Where is this document as we cannot locate in the bid packs. Thank you
CCS can confirm that Joint Schedule 5 (Corporate Social Responsibility) should be contained in Attachment 7b - Part 3 of the bid pack, and as listed in the DPS Appointment Form. CCS can confirm that this Schedule will be uploaded to the bid pack in due course. A notification to all suppliers once the Schedule has been uploaded will be issued.
Answered
31/01/2020 11:13
34. Good afternoon, Clause 14.8 of the DPS Core Terms v1.0 indemnifies CCS and each Buyer against any and all Losses incurred if the Supplier breaches Clause 14 and any Data Protection Legislation. Clause 11.5 states that this would be on an uncapped basis. Can you please confirm this is correct or can the indemnity be made subject to a liability capping formula?
CCS can confirm that following further review of the clarification questions received in relation to the liability clauses within the Core Terms of the Terms and Conditions, a Special Term (7) has now been included in the DPS Appointment Form. The DPS Appointment Form is electronically signed by the Supplier in the DPS Agreeing stage, to enable a Supplier to become 'Appointed' to the DPS (as detailed in Section 6 of the READ First DPS Needs document within the bid pack). This special term (7) removes the unlimited liability on Suppliers for GDPR breach and replaces it with a £10m cap. CCS consider this a reduction in exposure which should reduce Suppliers' perceived risk. Please refer to Attachment 7 - Part 2, in the DPS Bid Pack to locate the amended DPS Appointment Form V2.0 for information.
Answered
13/02/2020 11:15
33. Awaiting response to the question on Attachment 1 - Cyber Services 3 Filter Matrix v1 lists the CNI sectors. Row 11 contains "Civil Nuclear Communications". Is this a typographical error and should read "Civil Nuclear" and "Communications" as a separate entry?
CCS are currently amending the Civil Nuclear Communications sub filter, which will be changed to 2x filters (Communications and Civil Nuclear in the CNI category. CCS will issue a notification to all suppliers once the DPS and all corresponding bid pack documents have been amended.
Answered
24/09/2020 15:41
Export

Welcome to Supplier Registration Service chat.
Please do not send any confidential information.

Please be aware that this chat is using translation software powered by Google Translate which may affect the accuracy of the language and phrases used.

Are you sure you wish to end this chat? Are you sure you wish to disconnect this chat? New chat message from Please use the 'End Chat' link to end this chat and close the window. Do you want to reset the chat window position? Reset windows