1. Home
  3. DPS marketplace
  5. Cyber Security Services 3 DPS
Cyber Security Services 3 DPS

Clarifications

There are 139 clarifications for this DPS

86. Clause 4.1 - Would the Authority be willing to specify that insurance certificates will be an acceptable form of evidence that the Insurances are in force as per the requirements?

Insurance certificates are an acceptable form of evidence.
Answered
23/07/2020 15:37

85. We have asked the below questions which have not been answered. Could you please clarify on them (or confirm that Financial Difficulties schedule does not apply on DPS level and we should seek the answers on an Order Contract level)? 1. We refer to DPS Schedule 7 cl. 2.2.1 which allows to reject the bid, but on the other hand as per DPS Schedule 4 cl.3.4 - repeated failure to bid may result in suspension from DPS. Can you please confirm if Supplier can reject the Order? 2. We refer to Joint Schedule 7 (Financial Difficulties) - Annex 2 together with "Credit Rating" definition and "Financial Distress Event" definition, bullet a). As per Annex we should use the "Failure Rating" - we have assumed that to be the failure score, which is a score out of 100 to measure how likely a business is to fail in the next 12 months and gives us the "risk indicator" part of our credit rating. Our current failure score is 97. A 10% fall would take us to 87 - which would still give us a risk indicator of 1 (failure score in the range of 86-100)- the best a company can have - it certainly wouldn't indicate any type of distress, but under current definition it would be. It means that we would need to go into conversation even being in the best score possible, which isn't really pragmatic. Therefore we suggest to use less sensitive measure, like a drop of two or more levels in our credit rating, which would be a more pragmatic approach. Could you consider amending Annex 2 and use "Credit Rating" instead of "Failure Rating" and the threshold being to fall by two levels? 3. We refer to Joint Schedule 7 (Financial Difficulties), part (f) of the Financial Distress definition. The clause refers to "financial indebtedness" but does not define it, nor does it indicate any level of materiality. Would it mean that even £200 would be a trigger? Is there expectation to start discussion with CCS on any such occasion? Could we have a more pragmatic approach and apply any definition of "financial indebtedness" and a level of materiality? 4. We refer to Joint Schedule 7 (Financial Difficulties), Part f of the Financial Distress definition bullet iv - cancellation or suspension of indebtedness - how do things like suspension of VAT payments under COVID19 fit into this - would that be a trigger? 5. We refer to Joint Schedule 7 (Financial Difficulties), all the notification requirements seems onerous and not always possible to comply, especially clause 4.3.1 requesting meeting within 3 Working Days. We would suggest notification requirements of 30 days. 6. We refer to Joint Schedule 7 (Financial Difficulties), clause 3.3 - We wouldn't be able to provide requested information externally based on unpublished results as we are part of a listed Group. We only can provide an audited and published data. Can you confirm that this would be acceptable?

1. A supplier may reject/ not apply for tenders under the DPS where it is not deemed suitable. Where possible we would ask that you let the buying organisation know why you are not bidding. This will not lead to a supplier being rejected from the DPS. 2. Please see Clause 6 'What happens if your credit rating is still good' 3. If there there is a possibility that CCS would believe that it could directly impact the performance of a contract then it needs to be raised 4. This would not be considered a financial distress event. 5. The Joint Terms and conditions are non-negotiable. 6. Yes this is acceptable.
Answered
24/09/2020 10:20

84. We understand that Special Term 7 in the DPS Appointment Form limits supplier liability for DPS Core Terms clause 14.8, but given that the liability for breaches under clause 7.5 can also be limited by law, we would like to request the indemnity for any Losses incurred on those basis to be limited as follows: clause 7.5, Supplier's liability shall be limited within the liability cap set under clauses 11.1 and 11.2. Would you be in agreement with this please? Thanks.

The core terms and conditions are non- negotiable.
Answered
24/09/2020 10:22

83. Good morning, We are preparing our application for the Cyber Security Services 3 DPS Framework, as non-NCSC assured. We are expecting to become NCSC assured in 4 to 6 months, and I understand we will be able to request our DPS to be upgraded at that point. If we decided to apply for DPS now with a subcontractor who may be involved for some services, would the subcontractor also need to be NCSC assured when we request to upgrade, in addition to the Cyber Essentials certification that they need for either level of application. Thanks.

For NCSC assured services, subcontracting is only allowed for CHECK, not any of the other schemes. If you appoint a subcontractor to carry out a Check assured requirement, they must also be CHECK assured.
Answered
24/09/2020 10:22

82. Good afternoon, We are in the process of our application for the above detailed DPS and have noticed that clause 14.7 of the Core Terms reads : 14.7 "The Supplier must pay each Party's reasonable costs of complying with 14.7 unless CCS or the buyer is at fault." Could you please confirm which clause this refers to please. Thank you for your kind assistance.

DPS Core Terms Clause 14.7 reads 'The Supplier must pay each Party's reasonable costs of complying with Clause 14.7 unless CCS or the Buyer is at fault. ' This should refer to clause 14.6.
Answered
24/09/2020 10:23

81. Hi Team, Can i confirm if it is a requirement to have CE+ to be appointed as a supplier to the Cyber Security Services 3 DPS framework? Reading Question 5, 6 and 7 of the Cyber Security Questionnaire it suggests that you need to be CE+. Thanks

Basic cyber essentials is enough to be appointed as a supplier.
Answered
23/07/2020 15:38

80. We are about to submit our application for the above DPS and we understand that our staff have to be security checked to the BPSS level. Is it acceptable to submit our application now on the understanding we are in the process of gaining clearance for our staff? We would like to get our application in as soon as possible .

All staff will need to be BPSS cleared before you are appointed to the DPS.
Answered
24/09/2020 10:34

79. Hello, Please can you advise if this DPS includes cyber security training services. Many thanks

Yes the DPS includes a filter for Cyber Security Training both under the NCSC assured route and the non-NCSC assured route.
Answered
24/09/2020 10:35

78. We refer to Joint Schedule 7 (Financial Difficulties), clause 3.3 - We wouldn't be able to provide requested information externally based on unpublished results as we are part of a listed Group. We only can provide an audited and published data. Can you confirm that this would be acceptable?

Answered in a previous question
Answered
24/09/2020 15:42

77. We refer to Joint Schedule 7 (Financial Difficulties), all the notification requirements seems onerous and not always possible to comply, especially clause 4.3.1 requesting meeting within 3 Working Days. We would suggest notification requirements of 30 days.

Answered in a previous question
Answered
24/09/2020 15:42

76. We refer to Joint Schedule 7 (Financial Difficulties), Part f of the Financial Distress definition bullet iv - cancellation or suspension of indebtedness - how do things like suspension of VAT payments under COVID19 fit into this - would that be a trigger?

Answered in a previous question
Answered
24/09/2020 15:42

75. We refer to Joint Schedule 7 (Financial Difficulties), part (f) of the Financial Distress definition. The clause refers to "financial indebtedness" but does not define it, nor does it indicate any level of materiality. Would it mean that even £200 would be a trigger? Is there expectation to start discussion with CCS on any such occasion? Could we have a more pragmatic approach and apply any definition of "financial indebtedness" and a level of materiality?

Answered in a previous question
Answered
24/09/2020 15:42

74. We refer to Joint Schedule 7 (Financial Difficulties) - Annex 2 together with "Credit Rating" definition and "Financial Distress Event" definition, bullet a). As per Annex we should use the "Failure Rating" - we have assumed that to be the failure score, which is a score out of 100 to measure how likely a business is to fail in the next 12 months and gives us the "risk indicator" part of our credit rating. Our current failure score is 97. A 10% fall would take us to 87 - which would still give us a risk indicator of 1 (failure score in the range of 86-100)- the best a company can have - it certainly wouldn't indicate any type of distress, but under current definition it would be. It means that we would need to go into conversation even being in the best score possible, which isn't really pragmatic. Therefore we suggest to use less sensitive measure, like a drop of two or more levels in our credit rating, which would be a more pragmatic approach. Could you consider amending Annex 2 and use "Credit Rating" instead of "Failure Rating" and the threshold being to fall by two levels?

Answered in a previous question
Answered
24/09/2020 15:42

73. We refer to DPS Schedule 7 cl. 2.2.1 which allows to reject the bid, but on the other hand as per DPS Schedule 4 cl.3.4 - repeated failure to bid may result in suspension from DPS. Can you please confirm if Supplier can reject the Order?

Answered in a previous question
Answered
24/09/2020 15:43

72. Clauses 7.1 - Please can the Authority consider that although the Supplier is able to provide reasonable co-operation to the Authority in the event that it receives a claim under pursuant to clause 7.1, the Supplier's contractual obligations should not extend to assisting the Authority in dealing with such claims as that may go beyond the intended scope of services. The Supplier would also not be permitted to disclose information about third parties.

Please can the supplier confirm which schedule they are referring to.
Answered
16/10/2020 12:55

71. Clause 4.1 - Would the Authority be willing to specify that insurance certificates will be an acceptable form of evidence that the Insurances are in force as per the requirements?

Insurance certificates are an acceptable form of evidence.
Answered
16/10/2020 12:57

70. Hi, We intend to use subcontractors to deliver some services/solutions. Is it permissible to include their certifications in Part 3 Question 162 of the Selection Questionnaire (Which of the following CESG cyber certifications does your organisation currently hold)? Thank you.

Please note that the answers to these questions relate to the organisation applying to be on the DPS and not any subcontractors. For reference, subcontractors are only allowed under the CHECK scheme, not under any other NCSC assured service categories. If you use a subcontractor for CHECK, they must also be CHECK assured.
Answered
24/09/2020 10:46

69. How long does it take to get registered as a supplier after completing the SQ?

CCS can confirm, that if an organisation successfully meets all of the selection criteria for the RM3764.iii DPS, then 'Appointed' DPS status can be confirmed the same day that an organisation submits their DPS application. However, in the event that an organisation negatively answers one or more of the selection questions and enters 'assessing' stage or 'disabled' stage, as per the information provided in the READ First DPS Needs document which forms part of the RM3764.iii bid pack, CCS have 15 working days to process your DPS application in accordance with the PCR2015. Kind regards CCS
Answered
13/03/2020 13:44

68. For questions 'Supporting commitment to develop and invest in skills, development and apprenticeships' and 'A certificate for each principal contract for goods and/or services provided in the last three years', would you please let us know the applicability and expected response?

Please provide evidence of any evidence of investing in skills, development and apprenticeships if possible. Please provide a summary for each contract submitted.
Answered
24/09/2020 11:56

67. Would you please let us know the required limit for professional indemnity insurance?

As per DPS Joint Schedule 3 - Insurance Requirements, suppliers must have professional indemnity insurance with cover of not less than £1,000,000.
Answered
06/03/2020 08:03
Export

Welcome to Supplier Registration Service chat.
Please do not send any confidential information.

Please be aware that this chat is using translation software powered by Google Translate which may affect the accuracy of the language and phrases used.

Are you sure you wish to end this chat? Are you sure you wish to disconnect this chat? New chat message from Please use the 'End Chat' link to end this chat and close the window. Do you want to reset the chat window position? Reset windows