Clarifications
There are 148 clarifications for this DPS
77. In relation to obtaining the Cyber Essentials Basic certification, we are currently certified under the ISO 27001 standard and have structured our security protocols according to the guidelines of the NIST Cybersecurity Framework. Furthermore, our ISO 27001 certification, which has been granted by a trusted third party, explicitly verifies that we fulfill all five stipulations outlined in the Cyber Essentials scheme. Is it possible for us to move forward with these existing certifications as part of our application for the Cyber Essentials Basic certification?
Your guidance and support in this matter would be highly valued.
Cyber Essentials certification is a mandatory requirement of the DPS. Please note that Cyber Essentials was developed because neither ISO27001 nor other considered standards were sufficiently prescriptive to defeat common internet based threats as per the PPN.
Answered
01/09/2023 13:15
76. Hi there, is there any scope for the Supplier to raise any deviations to the Terms & Conditions as part of our response? If so, at what point of the process between submitting the SQ+DPSQ and signing a call-off agreement with a buyer would we able to raise these? Thank you.
Core Terms & Conditions of the agreement cannot be changed. Please review the Bid Pack and also the "READ FIRST" document within the Bid Pack for further guidance.
Answered
01/09/2023 13:26
75. Good afternoon, as part of our submission we are proposing a subcontractor who does not yet have the Cyber Essentials accreditation. As per the guidelines they will certify to state that they will achieve this by award onto the DPS and they are currently in the process of completing their Cyber Essentials application. If, for example, they do not achieve certification by the required time, will this void our whole application onto the DPS Framework, or will they just be removed as a subcontractor from our application?
Cyber Essentials is a mandatory requirement for all framework suppliers (directly party to this agreement). Subcontractors need to self certify that they will have this in place as you say but it is down to yourselves as the framework supplier to manage this. Should a customer ask for the subcontractor's Cyber Essentials certification and they didn't have one then the risk would lie with yourselves.
Answered
07/09/2023 09:58
74. Hi. We have reviewed the Schedules and wanted to clarify at what point in the application would we be required to define our Special Terms to incorporate into the Appointment Form with CCS?
Core Terms & Conditions of the agreement cannot be changed. Please review the Bid Pack and also the "READ FIRST" document within the Bid Pack for further guidance.
Answered
01/09/2023 13:27
73. Are the RFP opportunities listed in DPS exclusively accessible to DPS-appointed suppliers, or are they also available through other channels?
The further competitions that are run from the DPS agreement are only open to the suppliers that are on the DPS Agreement. This list will be reduced when the customer completes their shortlisting exercise within SRS to then get a narrowed down list of supliers that can meet their requirement(s). It should not be open to any suppliers that are not on the DPS agreement or the customers shortlist.
Answered
21/08/2023 12:00
72. Regards Q9.1 Cyber essential.
Our Artificial intelligence device it is a stand-alone device (hardware and software are together) that physically connects to endoscopy devices, giving real time diagnostic support to clinician during endoscopy procedures. It does not connect to or network with any other software system. It does not collect or store data and does not transfer data to our AI device to be held for any purpose. This would appear to place us and the device out of scope of cyber essential certification, so can please discuss how we manage this with our framework submission.
Cyber Essentials is a mandatory requirement (PPN 09/14) and is assessed against the company, not the product(s)they provide.
Answered
16/08/2023 15:01
71. One of our subcontractors is based in the US and states that they do not have a Company Registration Number. Can you advise how we can answer the question where this is requested within the Supplier Questionnaire as we cannot progress without entering a number here that meets the format requested. Kind regards
Please enter an 8 digit dummy number in this field to allow you to progress with the Selection Questionnaire.
Answered
16/08/2023 11:47
70. We note in the clarification responses already published it is stated that suppliers do not need to answer question 133, 134 and 135 in regards to contract examples. Q137 relates back to these three questions, therefore how do you wish suppliers to answer or should we put not applicable? Kind regards.
Q137 states 'If you cannot provide at least one example customer contract, in no more than 500 words please provide an explanation for this e.g. your organisation is a new start-up or you have provided services in the past but not under a contract.' If you have provided contract examples you do not need to answer this question, if you have answered 'no' to questions 133,134 and 135 then you will need to provide an answer for Q137 to explain why you have not been able to provide an example in the previous questions.
Answered
16/08/2023 11:46
69. We intend to use a subcontractor that is not based in the UK however the online questionnaire will not accept the format of the postcode and will not let us progress. Can you advise what we should do in this instance please. We note the other questions that advise to use the postcode used when originally setting up an account however this question is in relation to the subcontractor postcode.
The Selection Questionnaire will not accept non-UK postcodes, therefore please enter M4 6JA as a work around and email the correct postcode to support@nqc.com who can complete this offline.
Answered
16/08/2023 11:46
68. 1. Please provide clarification on the distinctions between the Selection Questionnaire (SQ) and Dynamic Purchasing System Questionnaire (DPSQ) and where we need to apply & submit it.
2. Can we participate in the procurement process even if we do not possess a Cyber Essentials certificate?
3. Is it mandatory to provide evidence, such as documentation demonstrating economic and financial standing? If so, please specify where this information should be submitted.
4. Additionally, please indicate where I need to select the Services in the SQ that our organization can deliver.
5. Is it necessary to complete all the questions in SQ & DPSQ?
Please review the Bid Pack and then once you have read all the required documentation, you would then be required to follow the detailed process in order to submit a bid application on SRS against the specific DPS. Cyber Essentials is a mandatory requirement.
Answered
08/08/2023 12:25
67. Please provide clarification on the distinctions between the Selection Questionnaire (SQ) and Dynamic Purchasing System Questionnaire (DPSQ) and where we need to apply & submit it.
Can we participate in the procurement process even if we do not possess a Cyber Essentials certificate?
Is it mandatory to provide evidence, such as documentation demonstrating economic and financial standing? If so, please specify where this information should be submitted.
Additionally, please indicate where I need to select the Services in the SQ that our organization can deliver.
Is it necessary to complete all the questions in SQ & DPSQ?
Please review the Bid Pack and then once you have read all the required documentation, you would then be required to follow the detailed process in order to submit a bid application on SRS against the specific DPS. Cyber Essentials is a mandatory requirement.
Answered
08/08/2023 12:23
66. Hello,
Can you confirm whether parts "Relevant experience" and "Pat Performance" are related to Medtronic performance as an organisation, or are they looking for specific examples of our technology linked to the DPS in question?
Kind Regards
The 'relevant experience' and 'Past Performance' would be specific to the scope of the service or technology you are providing under the DPS.
Answered
10/08/2023 11:42
65. For our office in the United Kingdom, do we simply need to acknowledge these bid pack documents, or are there any specific documents that we need to send as well?
Please review the Bid Pack and then once you have read all the required documentation, you would then be required to follow the detailed process in order to submit a bid application on SRS against the specific DPS.
Answered
04/07/2023 14:04
64. As a US based company do we require to have a UK Company Registration Number to complete an application?
With regards to your company registration please provide the same details you used to register as a supplier on the Supplier Registration website.
Answered
26/05/2023 13:18
63. Question 55 on attachment 6 Asks 'Please confirm you are able to provide your Companies House number, to verify your response at question 54. If you fail to provide a response to this question, you will not be able to progress with your DPS submission.
We are not yet registered as a company in the UK so do not have a Companies House number but do have a DUNS number.
Do we have to have a Companies House number to apply to be on the DPS or can we just confirm we don't have a number and proceed with the application?
With regards to your company registration please provide the same details you used to register as a supplier on the Supplier Registration website.
Answered
26/05/2023 13:24
62. 162. Which of the following CESG cyber certifications does your organisation currently hold? Please tick all that apply.
We do not have any of these, are they a hard requirement for the application? We do have our Cyber Essentials Plus and ISO27001 certifications if these are sufficient as an alternative?
Please see the below list of insurances which are a mandatory requirement:
- Employer's (Compulsory) Liability Insurance of £5,000,000.00 minimum
- Public Liability Insurance of £1,000,000.00 minimum
- Professional Indemnity Insurance of £1,000,000.00 minimum
- Cyber Essentials or Cyber Essentials Plus
Answered
26/05/2023 13:17
61. 150. Can you supply a list of your relevant principal contracts for goods and/or services provided in the last three years?
Are we required to provide copies or a list of contracts with all our vendors?
You are required to provide details of contracts that you have been awarded in the last three years outlining the buyer details, scope of services provided and total contract value and duration.
Answered
26/05/2023 13:17
60. 147. Please describe the supply chain management systems, policies, standards and procedures you currently have in place to ensure robust supply chain management.
Risk management capability and security of supply throughout the supply chain may be considered at selection stage. For example, assurance may be sought that robust, proportionate contingency measures are in place to ensure safe delivery of steel to the authority. See Procurement Policy Note 16/15
Please can you provide more info on what you are wanting to see here?
Please could you kindly confirm what is being asked to clarify here? Please provide a more specific inquiry after reviewing PPN 16/15
Answered
26/05/2023 13:16
59. 129. Do you meet the minimum level of economic and financial standing and/or minimum financial threshold specified within the evaluation criteria for this procurement?
Our Legal Team has asked what this criteria is?
CCS can confirm that suppliers are not obliged to provide a response to this question. In the event your financial failure score, provided by Dunn and Bradstreet, falls below the indicated threshold, you will be contacted directly by CCS in order to gather the relevent financial evidencees for further assessment.
We will undertake an assessment of your economic and financial standing using the DUNS number (as provided by Dun and Bradstreet) for your organisation which you input when registering on the SRS registration system. The report provided by the credit reference agency (Dun and Bradstreet) will be used to determine the level of financial risk you represent. If the score provided by the credit reference agency is 35 or more, then your Request to participate will continue to proceed in the DPS Selection process. If the score is less than 35 our Commercial Finance Team will request sight of you last 2 years accounts to carry out a further assessment
CCS can confirm that suppliers are not obliged to provide a response to this question. In the event your financial failure score, provided by Dunn and Bradstreet, falls below the indicated threshold, you will be contacted directly by CCS in order to gather the relevent financial evidencees for further assessment.
Answered
26/05/2023 13:15
58. In the "Buyer Needs" document of Part 1 of the Bid Pack, Section 2.5, there is a list of standards and certifications (e.g., ISO 9001, 10007, 14001, 13066, etc.) and the following lead-in paragraph language: "The Supplier shall comply with the appropriate Standards (or equivalent) as updated and applicable for the RM6200 Artificial Intelligence DPS which shall include but not be limited to:"
Question 1 - Are all the identified standards required certifications of all Suppliers for the RM6200 DPS Agreement, or is there discretion and flexibility available to remove standards/certifications that do not apply to a Supplier?
Question 2 - If the Supplier believes any of these standards/certifications should not apply to it, given the nature of its products or services, is there a process or mechanism to remove such inapplicable standards/certifications from the DPS Agreement for the Supplier?
Please see the below list of insurances which are a mandatory requirement:
- Employer's (Compulsory) Liability Insurance of £5,000,000.00 minimum
- Public Liability Insurance of £1,000,000.00 minimum
- Professional Indemnity Insurance of £1,000,000.00 minimum
- Cyber Essentials or Cyber Essentials Plus
Answered
26/05/2023 13:14
