Clarifications
There are 126 clarifications for this DPS
139. For question 6 of the Standard Selection Questionnaire, we aren't able to progress the application because we do not have a UK postcode. Please advise on what should be entered here.
If you contact support@nqc.com then they will be able to provide you with a dummy code for use within the field.
Answered
30/10/2024 10:33
138. Hi
If a bidder submits the SQ and is successful in getting to the DPSQ stage, does the bidder have a timeframe/set window in which they have to complete and return the DPSQ before the application expires? Or does the application just remain open and valid indefinitely throughout the life of the DPS?
Once the SQ has been completed your application will move into a "Registered 1" Stage where it will remain open until the next DPSQ stage is completed. We do go through the applications which remain at Registered 1 for over a year to understand whether organisations still wish to progress their applications.
Answered
14/10/2024 09:21
137. Can you please confirm whether responding 'No' to Q 144 of the SQ (144. Please confirm if you will be supporting apprenticeships and
skills development through this contract) will result in an application to the DPS being rejected?
We can confirm that answering 'No' to Q144 will not result in an application being rejected on the DPS.
Answered
22/08/2024 14:38
136. Please confirm it is acceptable to set Part 3 Certificate of Technical and Professional Ability 3.2.1. How Many Contract Examples? response to '0' following the instructions in 'READ FIRST RM3764iii Cyber Services DPS Needs v2.0(1).docx' - Selection Questionnaire - Not Applicable Questions 4.39/4.39?
Yes, Questions 133-135 (contract examples) are not required as part of your application and can be marked as No. This will then skip the evidence submission section outlined in Q.136.
Answered
09/04/2024 15:21
135. Hello,
We are interested in completing an application for the Cyber Security Services 3 DPS framework and notice that there are currently 121 Clarifications for RM3764iii. Would it be possible to have an exported spreadsheet of these clarifications to allow us to review them with our appropriate teams more easily than on the portal?
Kind regards
WSP UK
Yes, if you scroll down to the bottom of the clarifications page then there is an export button which allows your to export all questions and answers in a spreadsheet format.
Answered
19/03/2024 14:57
134. As an IASME accredited certification body (Accreditation for Cyber Essentials and/Or Cyber Assurance assessments), would we fulfil the criteria for the "Certification" service type within the "Consultancy and Advice" category?
Yes, we can confirm that if you are an IASME accredited certification body you would fulfil the criteria for 'certification'
Answered
21/02/2024 13:51
133. Q79 of the DPS Non-assured NCSC Services - Standards lists multiple clearances that individuals within the organisation have held, and would be able to obtain, but are currently lapsed. Would we still be able to state that we can provide staff with Clearance: Security Check or Clearance: Developed Vetting.
If the clearance has lapsed this should not be selected within Q79, suppliers should only select what they can provide. The DPSQ can be updated at anytime to add any clearances once they have been obtained or renewed.
Answered
15/12/2023 13:19
132. CSS3 DPS: Physical Security Penetration Testing Capability Assessment: We are able to answer an unambiguous "Yes" to all of the Questions within Capability Assessment document apart from "Q2. Do primary staff who would be involved in the exercise have minimum SC Clearance (either current or application/renewal in progress)?". We have several employees that have been SC cleared, and indeed DV cleared, over previous years. However more recently we have been engaged with commercial business and not had the requirement for SC clearance. So the clearances may have lapsed or individuals will not be tasked on this program, if successful. Therefore, our intention would be to renew clearances and/or initiate clearances, under the guidance of the Cabinet Office, for the purposes of this engagement. Is this sufficient to be able to answer yes to this question?
Responded to the supplier directly. This portal is for clarifications from CCS regarding the Cyber Security Services 3 DPS.
Answered
20/09/2023 15:12
129. Can you confirm when the CCS 3 framework will include Managed security services?
Such as Remote monitoring or management of IT security functions. Services include: identity and access management,
managed detection and response, security device management, co-managed services, managed endpoint security and security command centres.
Please refer to the 'RM3764iii Cyber services 3 Buyer Needs' document which details the managed security services included within this DPS agreement.
Answered
30/06/2023 11:18
126. Hi, For Question 52. Please confirm if you intend to use a supply chain for this contract.
We are not sure if we would look to use a supply chain in the future as we may partner depending on the support requirement in the bid. Just wanted to double-check if that was allowed, as we may choose to not use anyone else in the future to support if that's not the case.
Question 52 refers to use of third parties to fulfil the DPS Services. If your organisation has recognised a need to use third parties to fulfil the DPS Services specified in DPS Schedule 1, please respond to this question with a 'yes' and provide further details were required. Please also refer to the 'Read First RM3764iii Cyber Security Services DPS Needs' within the bid pack.
We recognise that arrangements in relation to Subcontracting and Groups of Economic Operators may be subject to future change, and may not be finalised until a later date. If you are successfully appointed to the DPS and are awarded a RM3764iii DPS Appointment, any changes to arrangements in relation to Subcontracting and Group of Economic Operators arrangements which are made following the award will be dealt with in accordance with DPS Schedule 6 (Key Subcontractors) of the DPS Appointment Form.
Answered
27/03/2023 14:00
125. Hi, for Question 78 - reference 'Standards'. Do you mind elaborating on this point as to what you mean by 'standards', as we have people who have the options listed but not all of our team. Probably more capabilities from us.
Please refer to 'DPS Schedule 1 - Specification' and 'RM364iii Cyber services 3 DPS Buyer Needs' within the bid pack.
Answered
27/03/2023 13:50
124. Good afternoon, ISO27001 has been listed within the below clarifications as an appropriate alternative to Cyber Essentials. The Cyber Security Services 3 DPS Application questionnaire has Cyber Essentials as pass/fail. Will we have an opportunity to evidence ISO certificate before being Failed?
Answered directly via a separate query to the Customer Service Centre
Answered
22/02/2023 13:26
123. Just some questions regarding the Service Matrix categories.
Filter 4 - does 'Civil Nuclear Communications' need to be specifically communications? Or can it relate to the Civil Nuclear sector as a whole?
Filter 4 - Does Energy include Energy Networks? Or should this be added as other?
There is a separate filter for Civil Nuclear and Communications, this can be viewed in Q80 of the DPSQ. Energy refers to the sector as a whole.
Answered
15/02/2023 13:11
122. It is our intention to add accreditations and standards over time.
Can one update one's service filter matrix once appointed, to keep is up-to-date with the company's development?
Once appointed a supplier can update their DPSQ at any time which allows them to add or remove applicable accreditations and standards
Answered
13/02/2023 09:00
121. Is there a closing date for submissions to the Cyber Security DPS 3 Ref RM3764.iii?
Suppliers can apply to join at anytime within the lifetime of the agreement
Answered
13/02/2023 11:47
120. Good Morning,
We have a subcontractor based in the Netherlands, they have do not have a UK residency. They are wholly owned by another company who do have a UK residency.
We are going to input the UK address of that company, but in regards to company number and details, should it be the company based in the UK or the company based in the Netherlands?
Thanks!
As stated in the DPS needs document you must disclose details for all subcontractors who directly contribute to your ability to meet your obligations under the DPS agreement, if this is the company based in the UK these are the details you will need to include within your submission
Answered
13/02/2023 13:10
119. Good Evening,
I've asked a previous question about whether an ISO 2007 supersedes the need for a cyber essentials certificate.
In the answer, we were told that cyber essentials is mandatory but an ISO 2007 supersedes the need.
Are you please able to confirm if we will be able to complete a successful application with only an ISO 2007 certification. Thankyou.
With regards to equivalence and subsequent acceptance, we refer you to the Procurement Policy Note 09/14 (Cyber Essential scheme certification). Please refer to Annex A & C (of the PPN) which covers the key requirements and provides an overview of equivalence specific to those organisations holding ISO 27001 certification.
Answered
02/02/2023 11:08
118. Regarding Joint Schedule 8 Article 2.1, the guarantee does not have a limit of amount. In paragraph 2.2. of the template it states that The Guarantor irrevocably and unconditionally undertakes upon demand to pay to the Beneficiary all monies and liabilities which are now or at any time hereafter shall have become payable by the Supplier to the Beneficiary under or in connection with the Guaranteed Agreement or in respect of the Guaranteed Obligations as if it were a primary obligor.
Could there be a limit please? Two times the value of the contract for example?
CCS does not agree, the schedule and clause shall remain as drafted.
Answered
31/01/2023 16:18
117. Is a cyber essentials certificate required if we have a ISO 27001 Certification instead. Or is the cyber essentials certificate required regardless?
Thank you
The Cyber Essentials Scheme (set of controls) is mandatory, however as detailed in PCR 2015 suppliers can offer alternative certification to evidence they have achieved these controls. ISO 27001 is a suitable alternative, any certification must be verified by an accrediting body and evidence that you meet the scheme requirements.
Answered
30/01/2023 14:13
116. Hello,
I have searched through the bid pack and I am unable to find clarification.
Does a ISO 27001 Certification supersede the need for a Cyber Essentials basic? Or is the Cyber Essentials certificate still required?
Could you please confirm whether you are referring to the mandatory or additional accreditations and standards as detailed in the 'buyer needs' document within the bid pack?
Answered
26/01/2023 15:05