Clarifications
There are 131 clarifications for this DPS
144. Good morning.
Please can you confirm the Insurance Requirements for Cyber Security Services 3 RM3764iii.
Within the document "READ FIRST RM3764iii Cyber Services DPS Needs v2.0" provided in the Bid Pack at Section 4.8 it states that we will fail if we:
oDo not confirm that you have Employer's (Compulsory) Liability Insurance of £5,000,000.00 minimum; or in the event that your organisation is exempt, failure to provide a copy of your proof of exemption;
oDo not confirm that you have Public Liability Insurance of £5,000,000.00 minimum;
oDo not confirm that you have Professional Indemnity Insurance of £1,000,000.00 minimum;
However, within "Attachment 6 - SQ and DPSQ" at Page 168 it states that "Public Liability Insurance = £1m or more"
Please advise the correct level that applies.
Kind Regards
Please refer to DPS Joint Schedule 3 - Insurance Requirements. The level of cover required for Public Liability Insurance is a minimum of 5 million pounds.
Answered
14/02/2025 14:46
143. We are already on the DPS, however, we understand the DPS has been extended to 2027. Do we need to apply again?
No - All current appointed suppliers will continue on the agreement until either the DPS closes or the supplier wishes to remove themselves. The extension does not require any action from yourselves.
Answered
05/02/2025 08:48
142. We are keen to join the framework; however, as a business, we currently have individuals with professional cybersecurity qualifications but lack the business-level certifications referenced in Q162 and Q163 of the SQ.
We understand that the CESG certifications listed are no longer active or issued and have been replaced by modern schemes under the NCSC and the UK Cyber Security Council. Upon further investigation, we identified the relevant NCSC equivalent, but this pathway is now closed to new applications. Additionally, it appears that the UK Cyber Security Council currently focuses on individual certifications, particularly through the introduction of Chartership Titles for cybersecurity professionals, with no formal framework for business-level certifications at this time.
Given this, we are seeking clarification on how best to address these questions and what steps we can take to gain recognition or "assured status" to move forward.
Questions 162 and 163 are not mandatory questions for joining the DPS. The CESG certifications are set within the Selection Questionnaire and pre-date the agreement - these have now been replaced by the NCSC assured services which your company would need to join via NCSC. We would encourage you to get in touch with NCSC as to whether applications will be open for these pathways in the near future. Similarly, the UK Cyber Security Councils professional titles have recently been released on the agreement which are aimed at individuals with the cyber industry. Again, these are not mandatory in order to join the DPS.
You can join and update your service offerings at such a time as you have certifications, NCSC assured services or staff with UKCSC professional titles.
Answered
21/01/2025 14:03
141. How can a supplier who is on the framework issue their revised annually indexed rates.
As this agreement is a Dynamic Purchasing System (DPS), suppliers do not submit pricing or rate cards as part of their selection questionnaire. Pricing is determined at the further competition stage.
Answered
14/01/2025 16:00
140. Hello,
we are looking into joining this, however we would likely join as a single entity with a Key Subcontractor. Our likely Key Subcontractor is currently already registered on this DPS as a single entity.
I note from another CCS framework process that this is permitted - I just wanted to check that this is the same for the DPS RM3764.3?
Kind Regards
MIAA
Yes, this is permitted on the RM3764.3 Cyber DPS.
Answered
22/11/2024 14:00
139. For question 6 of the Standard Selection Questionnaire, we aren't able to progress the application because we do not have a UK postcode. Please advise on what should be entered here.
If you contact support@nqc.com then they will be able to provide you with a dummy code for use within the field.
Answered
30/10/2024 10:33
138. Hi
If a bidder submits the SQ and is successful in getting to the DPSQ stage, does the bidder have a timeframe/set window in which they have to complete and return the DPSQ before the application expires? Or does the application just remain open and valid indefinitely throughout the life of the DPS?
Once the SQ has been completed your application will move into a "Registered 1" Stage where it will remain open until the next DPSQ stage is completed. We do go through the applications which remain at Registered 1 for over a year to understand whether organisations still wish to progress their applications.
Answered
14/10/2024 09:21
137. Can you please confirm whether responding 'No' to Q 144 of the SQ (144. Please confirm if you will be supporting apprenticeships and
skills development through this contract) will result in an application to the DPS being rejected?
We can confirm that answering 'No' to Q144 will not result in an application being rejected on the DPS.
Answered
22/08/2024 14:38
136. Please confirm it is acceptable to set Part 3 Certificate of Technical and Professional Ability 3.2.1. How Many Contract Examples? response to '0' following the instructions in 'READ FIRST RM3764iii Cyber Services DPS Needs v2.0(1).docx' - Selection Questionnaire - Not Applicable Questions 4.39/4.39?
Yes, Questions 133-135 (contract examples) are not required as part of your application and can be marked as No. This will then skip the evidence submission section outlined in Q.136.
Answered
09/04/2024 15:21
135. Hello,
We are interested in completing an application for the Cyber Security Services 3 DPS framework and notice that there are currently 121 Clarifications for RM3764iii. Would it be possible to have an exported spreadsheet of these clarifications to allow us to review them with our appropriate teams more easily than on the portal?
Kind regards
WSP UK
Yes, if you scroll down to the bottom of the clarifications page then there is an export button which allows your to export all questions and answers in a spreadsheet format.
Answered
19/03/2024 14:57
134. As an IASME accredited certification body (Accreditation for Cyber Essentials and/Or Cyber Assurance assessments), would we fulfil the criteria for the "Certification" service type within the "Consultancy and Advice" category?
Yes, we can confirm that if you are an IASME accredited certification body you would fulfil the criteria for 'certification'
Answered
21/02/2024 13:51
133. Q79 of the DPS Non-assured NCSC Services - Standards lists multiple clearances that individuals within the organisation have held, and would be able to obtain, but are currently lapsed. Would we still be able to state that we can provide staff with Clearance: Security Check or Clearance: Developed Vetting.
If the clearance has lapsed this should not be selected within Q79, suppliers should only select what they can provide. The DPSQ can be updated at anytime to add any clearances once they have been obtained or renewed.
Answered
15/12/2023 13:19
132. CSS3 DPS: Physical Security Penetration Testing Capability Assessment: We are able to answer an unambiguous "Yes" to all of the Questions within Capability Assessment document apart from "Q2. Do primary staff who would be involved in the exercise have minimum SC Clearance (either current or application/renewal in progress)?". We have several employees that have been SC cleared, and indeed DV cleared, over previous years. However more recently we have been engaged with commercial business and not had the requirement for SC clearance. So the clearances may have lapsed or individuals will not be tasked on this program, if successful. Therefore, our intention would be to renew clearances and/or initiate clearances, under the guidance of the Cabinet Office, for the purposes of this engagement. Is this sufficient to be able to answer yes to this question?
Responded to the supplier directly. This portal is for clarifications from CCS regarding the Cyber Security Services 3 DPS.
Answered
20/09/2023 15:12
129. Can you confirm when the CCS 3 framework will include Managed security services?
Such as Remote monitoring or management of IT security functions. Services include: identity and access management,
managed detection and response, security device management, co-managed services, managed endpoint security and security command centres.
Please refer to the 'RM3764iii Cyber services 3 Buyer Needs' document which details the managed security services included within this DPS agreement.
Answered
30/06/2023 11:18
126. Hi, For Question 52. Please confirm if you intend to use a supply chain for this contract.
We are not sure if we would look to use a supply chain in the future as we may partner depending on the support requirement in the bid. Just wanted to double-check if that was allowed, as we may choose to not use anyone else in the future to support if that's not the case.
Question 52 refers to use of third parties to fulfil the DPS Services. If your organisation has recognised a need to use third parties to fulfil the DPS Services specified in DPS Schedule 1, please respond to this question with a 'yes' and provide further details were required. Please also refer to the 'Read First RM3764iii Cyber Security Services DPS Needs' within the bid pack.
We recognise that arrangements in relation to Subcontracting and Groups of Economic Operators may be subject to future change, and may not be finalised until a later date. If you are successfully appointed to the DPS and are awarded a RM3764iii DPS Appointment, any changes to arrangements in relation to Subcontracting and Group of Economic Operators arrangements which are made following the award will be dealt with in accordance with DPS Schedule 6 (Key Subcontractors) of the DPS Appointment Form.
Answered
27/03/2023 14:00
125. Hi, for Question 78 - reference 'Standards'. Do you mind elaborating on this point as to what you mean by 'standards', as we have people who have the options listed but not all of our team. Probably more capabilities from us.
Please refer to 'DPS Schedule 1 - Specification' and 'RM364iii Cyber services 3 DPS Buyer Needs' within the bid pack.
Answered
27/03/2023 13:50
124. Good afternoon, ISO27001 has been listed within the below clarifications as an appropriate alternative to Cyber Essentials. The Cyber Security Services 3 DPS Application questionnaire has Cyber Essentials as pass/fail. Will we have an opportunity to evidence ISO certificate before being Failed?
Answered directly via a separate query to the Customer Service Centre
Answered
22/02/2023 13:26
123. Just some questions regarding the Service Matrix categories.
Filter 4 - does 'Civil Nuclear Communications' need to be specifically communications? Or can it relate to the Civil Nuclear sector as a whole?
Filter 4 - Does Energy include Energy Networks? Or should this be added as other?
There is a separate filter for Civil Nuclear and Communications, this can be viewed in Q80 of the DPSQ. Energy refers to the sector as a whole.
Answered
15/02/2023 13:11
122. It is our intention to add accreditations and standards over time.
Can one update one's service filter matrix once appointed, to keep is up-to-date with the company's development?
Once appointed a supplier can update their DPSQ at any time which allows them to add or remove applicable accreditations and standards
Answered
13/02/2023 09:00
121. Is there a closing date for submissions to the Cyber Security DPS 3 Ref RM3764.iii?
Suppliers can apply to join at anytime within the lifetime of the agreement
Answered
13/02/2023 11:47
