Clarifications

90. We are in the process of uploading our evidence to the Cyber Security Services 3 but the system only allows 5mb max for all documents. Our accounts exceed this (>10mb) and we have tried to reduce the file size. Can you advise in how we submit our response to this question?

89. DPS Core Terms Clause 14.5 The Supplier must pay each Party's reasonable costs of complying with Clause 14.7 unless CCs or the buyers is at fault. - Do you mean complying with Clause 14.6? DPS Schedule 7 Order Procedure and Award Criteria The Buyer will need to state the term for the Order Contract in the Statement of Requirements. the maximum term for an order contract under this DPS is three years, including any extension. - What happens if (a) a quote is required for say 1 year of work but it's within only a couple of months of contract expiry? or (b) a change note is required within an existing project taking it over the 3 year term?

88. For Order Schedule 18 - Background Checks, to ensure we have correct processes in place, could you please advise what the process would be to carry out a check of records held by the DfE for engagements when this is required in addition to the DBS checks. Will the Relevant Convictions to be listed in Annex 1 be provided on a case by case basis at time of the order, or if this a standard set, can these be added now to Schedule 18? Thanks.

87. Clauses 7.1 - Please can the Authority consider that although the Supplier is able to provide reasonable co-operation to the Authority in the event that it receives a claim under pursuant to clause 7.1, the Supplier's contractual obligations should not extend to assisting the Authority in dealing with such claims as that may go beyond the intended scope of services. The Supplier would also not be permitted to disclose information about third parties.

86. Clause 4.1 - Would the Authority be willing to specify that insurance certificates will be an acceptable form of evidence that the Insurances are in force as per the requirements?

85. We have asked the below questions which have not been answered. Could you please clarify on them (or confirm that Financial Difficulties schedule does not apply on DPS level and we should seek the answers on an Order Contract level)? 1. We refer to DPS Schedule 7 cl. 2.2.1 which allows to reject the bid, but on the other hand as per DPS Schedule 4 cl.3.4 - repeated failure to bid may result in suspension from DPS. Can you please confirm if Supplier can reject the Order? 2. We refer to Joint Schedule 7 (Financial Difficulties) - Annex 2 together with "Credit Rating" definition and "Financial Distress Event" definition, bullet a). As per Annex we should use the "Failure Rating" - we have assumed that to be the failure score, which is a score out of 100 to measure how likely a business is to fail in the next 12 months and gives us the "risk indicator" part of our credit rating. Our current failure score is 97. A 10% fall would take us to 87 - which would still give us a risk indicator of 1 (failure score in the range of 86-100)- the best a company can have - it certainly wouldn't indicate any type of distress, but under current definition it would be. It means that we would need to go into conversation even being in the best score possible, which isn't really pragmatic. Therefore we suggest to use less sensitive measure, like a drop of two or more levels in our credit rating, which would be a more pragmatic approach. Could you consider amending Annex 2 and use "Credit Rating" instead of "Failure Rating" and the threshold being to fall by two levels? 3. We refer to Joint Schedule 7 (Financial Difficulties), part (f) of the Financial Distress definition. The clause refers to "financial indebtedness" but does not define it, nor does it indicate any level of materiality. Would it mean that even £200 would be a trigger? Is there expectation to start discussion with CCS on any such occasion? Could we have a more pragmatic approach and apply any definition of "financial indebtedness" and a level of materiality? 4. We refer to Joint Schedule 7 (Financial Difficulties), Part f of the Financial Distress definition bullet iv - cancellation or suspension of indebtedness - how do things like suspension of VAT payments under COVID19 fit into this - would that be a trigger? 5. We refer to Joint Schedule 7 (Financial Difficulties), all the notification requirements seems onerous and not always possible to comply, especially clause 4.3.1 requesting meeting within 3 Working Days. We would suggest notification requirements of 30 days. 6. We refer to Joint Schedule 7 (Financial Difficulties), clause 3.3 - We wouldn't be able to provide requested information externally based on unpublished results as we are part of a listed Group. We only can provide an audited and published data. Can you confirm that this would be acceptable?

84. We understand that Special Term 7 in the DPS Appointment Form limits supplier liability for DPS Core Terms clause 14.8, but given that the liability for breaches under clause 7.5 can also be limited by law, we would like to request the indemnity for any Losses incurred on those basis to be limited as follows: clause 7.5, Supplier's liability shall be limited within the liability cap set under clauses 11.1 and 11.2. Would you be in agreement with this please? Thanks.

83. Good morning, We are preparing our application for the Cyber Security Services 3 DPS Framework, as non-NCSC assured. We are expecting to become NCSC assured in 4 to 6 months, and I understand we will be able to request our DPS to be upgraded at that point. If we decided to apply for DPS now with a subcontractor who may be involved for some services, would the subcontractor also need to be NCSC assured when we request to upgrade, in addition to the Cyber Essentials certification that they need for either level of application. Thanks.

82. Good afternoon, We are in the process of our application for the above detailed DPS and have noticed that clause 14.7 of the Core Terms reads : 14.7 "The Supplier must pay each Party's reasonable costs of complying with 14.7 unless CCS or the buyer is at fault." Could you please confirm which clause this refers to please. Thank you for your kind assistance.

81. Hi Team, Can i confirm if it is a requirement to have CE+ to be appointed as a supplier to the Cyber Security Services 3 DPS framework? Reading Question 5, 6 and 7 of the Cyber Security Questionnaire it suggests that you need to be CE+. Thanks

80. We are about to submit our application for the above DPS and we understand that our staff have to be security checked to the BPSS level. Is it acceptable to submit our application now on the understanding we are in the process of gaining clearance for our staff? We would like to get our application in as soon as possible .

79. Hello, Please can you advise if this DPS includes cyber security training services. Many thanks

78. We refer to Joint Schedule 7 (Financial Difficulties), clause 3.3 - We wouldn't be able to provide requested information externally based on unpublished results as we are part of a listed Group. We only can provide an audited and published data. Can you confirm that this would be acceptable?

77. We refer to Joint Schedule 7 (Financial Difficulties), all the notification requirements seems onerous and not always possible to comply, especially clause 4.3.1 requesting meeting within 3 Working Days. We would suggest notification requirements of 30 days.

76. We refer to Joint Schedule 7 (Financial Difficulties), Part f of the Financial Distress definition bullet iv - cancellation or suspension of indebtedness - how do things like suspension of VAT payments under COVID19 fit into this - would that be a trigger?

75. We refer to Joint Schedule 7 (Financial Difficulties), part (f) of the Financial Distress definition. The clause refers to "financial indebtedness" but does not define it, nor does it indicate any level of materiality. Would it mean that even £200 would be a trigger? Is there expectation to start discussion with CCS on any such occasion? Could we have a more pragmatic approach and apply any definition of "financial indebtedness" and a level of materiality?

74. We refer to Joint Schedule 7 (Financial Difficulties) - Annex 2 together with "Credit Rating" definition and "Financial Distress Event" definition, bullet a). As per Annex we should use the "Failure Rating" - we have assumed that to be the failure score, which is a score out of 100 to measure how likely a business is to fail in the next 12 months and gives us the "risk indicator" part of our credit rating. Our current failure score is 97. A 10% fall would take us to 87 - which would still give us a risk indicator of 1 (failure score in the range of 86-100)- the best a company can have - it certainly wouldn't indicate any type of distress, but under current definition it would be. It means that we would need to go into conversation even being in the best score possible, which isn't really pragmatic. Therefore we suggest to use less sensitive measure, like a drop of two or more levels in our credit rating, which would be a more pragmatic approach. Could you consider amending Annex 2 and use "Credit Rating" instead of "Failure Rating" and the threshold being to fall by two levels?

73. We refer to DPS Schedule 7 cl. 2.2.1 which allows to reject the bid, but on the other hand as per DPS Schedule 4 cl.3.4 - repeated failure to bid may result in suspension from DPS. Can you please confirm if Supplier can reject the Order?

72. Clauses 7.1 - Please can the Authority consider that although the Supplier is able to provide reasonable co-operation to the Authority in the event that it receives a claim under pursuant to clause 7.1, the Supplier's contractual obligations should not extend to assisting the Authority in dealing with such claims as that may go beyond the intended scope of services. The Supplier would also not be permitted to disclose information about third parties.

71. Clause 4.1 - Would the Authority be willing to specify that insurance certificates will be an acceptable form of evidence that the Insurances are in force as per the requirements?