1. Home
  2. DPS marketplace
Cyber Security Services 3 DPS

Clarifications

There are 122 clarifications for this DPS

135. Hello, We are interested in completing an application for the Cyber Security Services 3 DPS framework and notice that there are currently 121 Clarifications for RM3764iii. Would it be possible to have an exported spreadsheet of these clarifications to allow us to review them with our appropriate teams more easily than on the portal? Kind regards WSP UK
Yes, if you scroll down to the bottom of the clarifications page then there is an export button which allows your to export all questions and answers in a spreadsheet format.
Answered
19/03/2024 14:57
134. As an IASME accredited certification body (Accreditation for Cyber Essentials and/Or Cyber Assurance assessments), would we fulfil the criteria for the "Certification" service type within the "Consultancy and Advice" category?
Yes, we can confirm that if you are an IASME accredited certification body you would fulfil the criteria for 'certification'
Answered
21/02/2024 13:51
133. Q79 of the DPS Non-assured NCSC Services - Standards lists multiple clearances that individuals within the organisation have held, and would be able to obtain, but are currently lapsed. Would we still be able to state that we can provide staff with Clearance: Security Check or Clearance: Developed Vetting.
If the clearance has lapsed this should not be selected within Q79, suppliers should only select what they can provide. The DPSQ can be updated at anytime to add any clearances once they have been obtained or renewed.
Answered
15/12/2023 13:19
132. CSS3 DPS: Physical Security Penetration Testing Capability Assessment: We are able to answer an unambiguous "Yes" to all of the Questions within Capability Assessment document apart from "Q2. Do primary staff who would be involved in the exercise have minimum SC Clearance (either current or application/renewal in progress)?". We have several employees that have been SC cleared, and indeed DV cleared, over previous years. However more recently we have been engaged with commercial business and not had the requirement for SC clearance. So the clearances may have lapsed or individuals will not be tasked on this program, if successful. Therefore, our intention would be to renew clearances and/or initiate clearances, under the guidance of the Cabinet Office, for the purposes of this engagement. Is this sufficient to be able to answer yes to this question?
Responded to the supplier directly. This portal is for clarifications from CCS regarding the Cyber Security Services 3 DPS.
Answered
20/09/2023 15:12
129. Can you confirm when the CCS 3 framework will include Managed security services? Such as Remote monitoring or management of IT security functions. Services include: identity and access management, managed detection and response, security device management, co-managed services, managed endpoint security and security command centres.
Please refer to the 'RM3764iii Cyber services 3 Buyer Needs' document which details the managed security services included within this DPS agreement.
Answered
30/06/2023 11:18
126. Hi, For Question 52. Please confirm if you intend to use a supply chain for this contract. We are not sure if we would look to use a supply chain in the future as we may partner depending on the support requirement in the bid. Just wanted to double-check if that was allowed, as we may choose to not use anyone else in the future to support if that's not the case.
Question 52 refers to use of third parties to fulfil the DPS Services. If your organisation has recognised a need to use third parties to fulfil the DPS Services specified in DPS Schedule 1, please respond to this question with a 'yes' and provide further details were required. Please also refer to the 'Read First RM3764iii Cyber Security Services DPS Needs' within the bid pack. We recognise that arrangements in relation to Subcontracting and Groups of Economic Operators may be subject to future change, and may not be finalised until a later date. If you are successfully appointed to the DPS and are awarded a RM3764iii DPS Appointment, any changes to arrangements in relation to Subcontracting and Group of Economic Operators arrangements which are made following the award will be dealt with in accordance with DPS Schedule 6 (Key Subcontractors) of the DPS Appointment Form.
Answered
27/03/2023 14:00
125. Hi, for Question 78 - reference 'Standards'. Do you mind elaborating on this point as to what you mean by 'standards', as we have people who have the options listed but not all of our team. Probably more capabilities from us.
Please refer to 'DPS Schedule 1 - Specification' and 'RM364iii Cyber services 3 DPS Buyer Needs' within the bid pack.
Answered
27/03/2023 13:50
124. Good afternoon, ISO27001 has been listed within the below clarifications as an appropriate alternative to Cyber Essentials. The Cyber Security Services 3 DPS Application questionnaire has Cyber Essentials as pass/fail. Will we have an opportunity to evidence ISO certificate before being Failed?
Answered directly via a separate query to the Customer Service Centre
Answered
22/02/2023 13:26
123. Just some questions regarding the Service Matrix categories. Filter 4 - does 'Civil Nuclear Communications' need to be specifically communications? Or can it relate to the Civil Nuclear sector as a whole? Filter 4 - Does Energy include Energy Networks? Or should this be added as other?
There is a separate filter for Civil Nuclear and Communications, this can be viewed in Q80 of the DPSQ. Energy refers to the sector as a whole.
Answered
15/02/2023 13:11
122. It is our intention to add accreditations and standards over time. Can one update one's service filter matrix once appointed, to keep is up-to-date with the company's development?
Once appointed a supplier can update their DPSQ at any time which allows them to add or remove applicable accreditations and standards
Answered
13/02/2023 09:00
121. Is there a closing date for submissions to the Cyber Security DPS 3 Ref RM3764.iii?
Suppliers can apply to join at anytime within the lifetime of the agreement
Answered
13/02/2023 11:47
120. Good Morning, We have a subcontractor based in the Netherlands, they have do not have a UK residency. They are wholly owned by another company who do have a UK residency. We are going to input the UK address of that company, but in regards to company number and details, should it be the company based in the UK or the company based in the Netherlands? Thanks!
As stated in the DPS needs document you must disclose details for all subcontractors who directly contribute to your ability to meet your obligations under the DPS agreement, if this is the company based in the UK these are the details you will need to include within your submission
Answered
13/02/2023 13:10
119. Good Evening, I've asked a previous question about whether an ISO 2007 supersedes the need for a cyber essentials certificate. In the answer, we were told that cyber essentials is mandatory but an ISO 2007 supersedes the need. Are you please able to confirm if we will be able to complete a successful application with only an ISO 2007 certification. Thankyou.
With regards to equivalence and subsequent acceptance, we refer you to the Procurement Policy Note 09/14 (Cyber Essential scheme certification). Please refer to Annex A & C (of the PPN) which covers the key requirements and provides an overview of equivalence specific to those organisations holding ISO 27001 certification.
Answered
02/02/2023 11:08
118. Regarding Joint Schedule 8 Article 2.1, the guarantee does not have a limit of amount. In paragraph 2.2. of the template it states that The Guarantor irrevocably and unconditionally undertakes upon demand to pay to the Beneficiary all monies and liabilities which are now or at any time hereafter shall have become payable by the Supplier to the Beneficiary under or in connection with the Guaranteed Agreement or in respect of the Guaranteed Obligations as if it were a primary obligor. Could there be a limit please? Two times the value of the contract for example?
CCS does not agree, the schedule and clause shall remain as drafted.
Answered
31/01/2023 16:18
117. Is a cyber essentials certificate required if we have a ISO 27001 Certification instead. Or is the cyber essentials certificate required regardless? Thank you
The Cyber Essentials Scheme (set of controls) is mandatory, however as detailed in PCR 2015 suppliers can offer alternative certification to evidence they have achieved these controls. ISO 27001 is a suitable alternative, any certification must be verified by an accrediting body and evidence that you meet the scheme requirements.
Answered
30/01/2023 14:13
116. Hello, I have searched through the bid pack and I am unable to find clarification. Does a ISO 27001 Certification supersede the need for a Cyber Essentials basic? Or is the Cyber Essentials certificate still required?
Could you please confirm whether you are referring to the mandatory or additional accreditations and standards as detailed in the 'buyer needs' document within the bid pack?
Answered
26/01/2023 15:05
115. r.e. Joint Schedule 3 - Article 1.3, specifically, ''The Supplier shall ensure that the public and products liability policy contain an indemnity to principals clause under which the Relevant Authority shall be indemnified in respect of claims made against the Relevant Authority in respect of death or bodily injury or third party property damage arising out of or in connection with the Deliverables and for which the Supplier is legally liable. '' Is it mandatory to have the indemnity to principals clause within our public and products liability policy?
CCS can confirm that is correct as detailed in Joint Schedule 3, clause 1.3
Answered
20/01/2023 13:10
114. In Article 7.5 and 8.3 we note there is no limit to the indemnity. Could you please clarify if this article is covered by Articles 11.1 (Each Party's total aggregate liability in each Contract Year under this DPS Contract is no more than £100,000) and 11.2 (Each Party's total aggregate liability in each Contract Year under each Order Contract is no more than the greater of £1 million or 150% of the Estimated Yearly Charges unless specified in the Order Form)?
Please refer to Core terms 11.5 and Special Term 7 within the DPS Appointment Form
Answered
03/01/2023 13:34
113. Nothing is foreseen within the Core Terms Article 10.3 regarding the payment for the work already performed. Please could you clarify if there would be payment for the work already performed?
CCS can confirm that existing payment obligations formed via provision of Deliverables prior to Termination would still apply. We would refer you to 10.5.2 and 10.5.7 for the consequences of Termination under 10.3
Answered
05/01/2023 13:00
112. r.e. Article 1.3, is it mandatory to have the indemnity to principals clause within our public and products liability policy?
Could you please confirm the clause you are referring to?
Answered
03/01/2023 13:35

Welcome to Supplier Registration Service chat.
Please do not send any confidential information.

Please be aware that this chat is using translation software powered by Google Translate which may affect the accuracy of the language and phrases used.

Are you sure you wish to end this chat? Are you sure you wish to disconnect this chat? New chat message from Please use the 'End Chat' link to end this chat and close the window. Do you want to reset the chat window position? Reset windows