Clarifications
There are 127 clarifications for this DPS
94. Dear CCS. I asked the following question a week ago : "Can I confirm if there is a "Data Protection Liability Cap" for the Cyber Security Services RFP and, if so, what is the cap?. Can you advise when we could expect a response?
Answered in previous question
Answered
27/01/2021 12:16
93. Can I confirm if there is a "Data Protection Liability Cap" for the Cyber Security Services RFP and, if so, what is the cap?
Please refer to the Bid Pack where DPS Appointment Form version 2 containing Special Term 7 can be located, the liability on Suppliers for GDPR breach is capped at £10m.
Answered
27/01/2021 12:15
92. We are already listed on the Cyber Security Services 3 DPS for some services, but have recently added another service to our portfolio. Please can you advise how we go about adding a service to the live DPS.
You will need to log into the SRS system and your SQ and in section 2 you can amend your service offerings. Once you have re-submitted you will be prompted to re-accept the terms and conditions.
Answered
24/09/2020 10:05
91. Good Afternoon, Sorry I am struggling to find the answer in the guidance. Can you confirm if in the DPS there is any Marking guidelines and Weightings for the questions that will be asked in the ITT? Or do we outline and set our own? Thank you
Buyer has been answered directly
Answered
24/09/2020 16:01
90. We are in the process of uploading our evidence to the Cyber Security Services 3 but the system only allows 5mb max for all documents. Our accounts exceed this (>10mb) and we have tried to reduce the file size. Can you advise in how we submit our response to this question?
It is the supplier's responsibility to compress their files to the appropriate size.
Answered
24/09/2020 10:06
89. DPS Core Terms Clause 14.5
The Supplier must pay each Party's reasonable costs of complying with Clause 14.7 unless CCs or the buyers is at fault.
- Do you mean complying with Clause 14.6?
DPS Schedule 7 Order Procedure and Award Criteria
The Buyer will need to state the term for the Order Contract in the Statement of Requirements. the maximum term for an order contract under this DPS is three years, including any extension.
- What happens if (a) a quote is required for say 1 year of work but it's within only a couple of months of contract expiry? or (b) a change note is required within an existing project taking it over the 3 year term?
DPS Core Terms Clause 14.7 reads 'The Supplier must pay each Party's reasonable costs of complying with Clause 14.7 unless CCS or the
Buyer is at fault. ' This should refer to clause 14.6.
Answered
24/09/2020 10:06
88. For Order Schedule 18 - Background Checks, to ensure we have correct processes in place, could you please advise what the process would be to carry out a check of records held by the DfE for engagements when this is required in addition to the DBS checks. Will the Relevant Convictions to be listed in Annex 1 be provided on a case by case basis at time of the order, or if this a standard set, can these be added now to Schedule 18?
Thanks.
This information will be detailed by the customer in their further call for competition.
Answered
24/09/2020 10:08
87. Clauses 7.1 - Please can the Authority consider that although the Supplier is able to provide reasonable co-operation to the Authority in the event that it receives a claim under pursuant to clause 7.1, the Supplier's contractual obligations should not extend to assisting the Authority in dealing with such claims as that may go beyond the intended scope of services. The Supplier would also not be permitted to disclose information about third parties.
Please can the supplier confirm which schedule they are referring to.
Answered
24/09/2020 10:09
86. Clause 4.1 - Would the Authority be willing to specify that insurance certificates will be an acceptable form of evidence that the Insurances are in force as per the requirements?
Insurance certificates are an acceptable form of evidence.
Answered
23/07/2020 15:37
85. We have asked the below questions which have not been answered. Could you please clarify on them (or confirm that Financial Difficulties schedule does not apply on DPS level and we should seek the answers on an Order Contract level)?
1. We refer to DPS Schedule 7 cl. 2.2.1 which allows to reject the bid, but on the other hand as per DPS Schedule 4 cl.3.4 - repeated failure to bid may result in suspension from DPS. Can you please confirm if Supplier can reject the Order?
2. We refer to Joint Schedule 7 (Financial Difficulties) - Annex 2 together with "Credit Rating" definition and "Financial Distress Event" definition, bullet a). As per Annex we should use the "Failure Rating" - we have assumed that to be the failure score, which is a score out of 100 to measure how likely a business is to fail in the next 12 months and gives us the "risk indicator" part of our credit rating. Our current failure score is 97. A 10% fall would take us to 87 - which would still give us a risk indicator of 1 (failure score in the range of 86-100)- the best a company can have - it certainly wouldn't indicate any type of distress, but under current definition it would be. It means that we would need to go into conversation even being in the best score possible, which isn't really pragmatic. Therefore we suggest to use less sensitive measure, like a drop of two or more levels in our credit rating, which would be a more pragmatic approach. Could you consider amending Annex 2 and use "Credit Rating" instead of "Failure Rating" and the threshold being to fall by two levels?
3. We refer to Joint Schedule 7 (Financial Difficulties), part (f) of the Financial Distress definition. The clause refers to "financial indebtedness" but does not define it, nor does it indicate any level of materiality. Would it mean that even £200 would be a trigger? Is there expectation to start discussion with CCS on any such occasion? Could we have a more pragmatic approach and apply any definition of "financial indebtedness" and a level of materiality?
4. We refer to Joint Schedule 7 (Financial Difficulties), Part f of the Financial Distress definition bullet iv - cancellation or suspension of indebtedness - how do things like suspension of VAT payments under COVID19 fit into this - would that be a trigger?
5. We refer to Joint Schedule 7 (Financial Difficulties), all the notification requirements seems onerous and not always possible to comply, especially clause 4.3.1 requesting meeting within 3 Working Days. We would suggest notification requirements of 30 days.
6. We refer to Joint Schedule 7 (Financial Difficulties), clause 3.3 - We wouldn't be able to provide requested information externally based on unpublished results as we are part of a listed Group. We only can provide an audited and published data. Can you confirm that this would be acceptable?
1. A supplier may reject/ not apply for tenders under the DPS where it is not deemed suitable. Where possible we would ask that you let the buying organisation know why you are not bidding. This will not lead to a supplier being rejected from the DPS.
2. Please see Clause 6 'What happens if your credit rating is still good'
3. If there there is a possibility that CCS would believe that it could directly impact the performance of a contract then it needs to be raised
4. This would not be considered a financial distress event.
5. The Joint Terms and conditions are non-negotiable.
6. Yes this is acceptable.
Answered
24/09/2020 10:20
84. We understand that Special Term 7 in the DPS Appointment Form limits supplier liability for DPS Core Terms clause 14.8, but given that the liability for breaches under clause 7.5 can also be limited by law, we would like to request the indemnity for any Losses incurred on those basis to be limited as follows: clause 7.5, Supplier's liability shall be limited within the liability cap set under clauses 11.1 and 11.2.
Would you be in agreement with this please?
Thanks.
The core terms and conditions are non- negotiable.
Answered
24/09/2020 10:22
83. Good morning,
We are preparing our application for the Cyber Security Services 3 DPS Framework, as non-NCSC assured. We are expecting to become NCSC assured in 4 to 6 months, and I understand we will be able to request our DPS to be upgraded at that point. If we decided to apply for DPS now with a subcontractor who may be involved for some services, would the subcontractor also need to be NCSC assured when we request to upgrade, in addition to the Cyber Essentials certification that they need for either level of application.
Thanks.
For NCSC assured services, subcontracting is only allowed for CHECK, not any of the other schemes. If you appoint a subcontractor to carry out a Check assured requirement, they must also be CHECK assured.
Answered
24/09/2020 10:22
82. Good afternoon,
We are in the process of our application for the above detailed DPS and have noticed that clause 14.7 of the Core Terms reads :
14.7 "The Supplier must pay each Party's reasonable costs of complying with 14.7 unless CCS or the buyer is at fault." Could you please confirm which clause this refers to please.
Thank you for your kind assistance.
DPS Core Terms Clause 14.7 reads 'The Supplier must pay each Party's reasonable costs of complying with Clause 14.7 unless CCS or the
Buyer is at fault. ' This should refer to clause 14.6.
Answered
24/09/2020 10:23
81. Hi Team,
Can i confirm if it is a requirement to have CE+ to be appointed as a supplier to the Cyber Security Services 3 DPS framework?
Reading Question 5, 6 and 7 of the Cyber Security Questionnaire it suggests that you need to be CE+.
Thanks
Basic cyber essentials is enough to be appointed as a supplier.
Answered
23/07/2020 15:38
80. We are about to submit our application for the above DPS and we understand that our staff have to be security checked to the BPSS level.
Is it acceptable to submit our application now on the understanding we are in the process of gaining clearance for our staff? We would like to get our application in as soon as possible .
All staff will need to be BPSS cleared before you are appointed to the DPS.
Answered
24/09/2020 10:34
79. Hello,
Please can you advise if this DPS includes cyber security training services.
Many thanks
Yes the DPS includes a filter for Cyber Security Training both under the NCSC assured route and the non-NCSC assured route.
Answered
24/09/2020 10:35
78. We refer to Joint Schedule 7 (Financial Difficulties), clause 3.3 - We wouldn't be able to provide requested information externally based on unpublished results as we are part of a listed Group. We only can provide an audited and published data. Can you confirm that this would be acceptable?
Answered in a previous question
Answered
24/09/2020 15:42
77. We refer to Joint Schedule 7 (Financial Difficulties), all the notification requirements seems onerous and not always possible to comply, especially clause 4.3.1 requesting meeting within 3 Working Days. We would suggest notification requirements of 30 days.
Answered in a previous question
Answered
24/09/2020 15:42
76. We refer to Joint Schedule 7 (Financial Difficulties), Part f of the Financial Distress definition bullet iv - cancellation or suspension of indebtedness - how do things like suspension of VAT payments under COVID19 fit into this - would that be a trigger?
Answered in a previous question
Answered
24/09/2020 15:42
75. We refer to Joint Schedule 7 (Financial Difficulties), part (f) of the Financial Distress definition. The clause refers to "financial indebtedness" but does not define it, nor does it indicate any level of materiality. Would it mean that even £200 would be a trigger? Is there expectation to start discussion with CCS on any such occasion? Could we have a more pragmatic approach and apply any definition of "financial indebtedness" and a level of materiality?
Answered in a previous question
Answered
24/09/2020 15:42