Buyer Name: Waste & Resources Action Programme
Buyer Address: Second Floor, Blenheim Court, 19 George Street, Banbury, UKJ14, OX16 5BH, United Kingdom
Contact Name: Procurement Lead
Contact Email: procurement@wrap.org.uk
Contact Telephone: 01295 584100
WRAP is seeking to procure support across two (2) distinct service packages: •Service Package 1: Managed Service Provider (MSP) •Service Package 2: Security Operations Centre (SOC) / SIEM Provider Bidders may submit a proposal for one or both packages. WRAP may award a single contract covering both service areas or award separate contracts for each service package, depending on the quality and value for money of the responses. Service Package 1: Managed Service Provider (MSP) The primary objective of this package is to supplement WRAP’s internal IT function with a scalable, flexible and proactive Managed IT Services Partner. The MSP will enhance WRAP’s operational resilience, ensure efficient ticket management, maintain high system performance and align IT service delivery with WRAP’s evolving organisational needs and cybersecurity posture. Service Package 1: Security Operations Centre (SOC) / SIEM Provider The objective of this package is to secure WRAP’s IT environment by delivering robust, around-the-clock cybersecurity monitoring, rapid incident response, and advanced threat intelligence services. The selected provider will strengthen WRAP’s security posture and support regulatory compliance. To submit a Bid, register for free on: https://www.delta-esourcing.com/ Access Code (to find the opportunity): XU66K63TY7 For more information about this opportunity, please visit the Delta eSourcing portal at: https://www.delta-esourcing.com/tenders/UK-UK-Banbury:-IT-services:-consulting%2C-software-development%2C-Internet-and-support./XU66K63TY7 To respond to this opportunity, please click here: https://www.delta-esourcing.com/respond/XU66K63TY7
External Link: https://www.find-tender.service.gov.uk/Notice/016706-2025
Link Description: Tender notice on Find a Tender
Lot Title: Managed Service Provider (MSP)
Lot Description: The primary objective of this package is to supplement WRAP’s internal IT function with a scalable, flexible and proactive Managed IT Services Partner. The MSP will enhance WRAP’s operational resilience, ensure efficient ticket management, maintain high system performance and align IT service delivery with WRAP’s evolving organisational needs and cybersecurity posture. Services required are as follows: Server Monitoring & Reporting Provide 24/7 real-time monitoring of WRAP's Azure-based virtual servers. Detect and report on performance degradation, downtime, system anomalies, and security issues. Deliver automated and manual alerts for potential threats or service failures. Generate monthly reports covering server health, uptime, patching status, capacity utilisation, and threat logs. IT Support Escalation, Overflow and Flexible Support Provide Tier 2 and Tier 3 support, acting as an escalation point for complex IT incidents. Respond to overflow tickets exceeding internal team capacity (i.e., 20+ tickets/month). Ensure tight integration with WRAP’s ITSM system (Freshservice) for ticket visibility and lifecycle updates. Be able to scale up support provision within 24 hours, as needed for peak periods or critical events. Ability to attend WRAP Offices for to supplement on-site IT presence. Full Helpdesk Coverage Provide full-service first line and second-line helpdesk support when WRAP’s internal team is unavailable (e.g., holidays, absences). Deliver end-user support (remote or on-site if necessary), including troubleshooting, password resets, software/hardware issues, and user onboarding/offboarding. Liaise with third-party vendors and escalate incidents to manufacturers or cloud providers as required. Project Support Contribute a minimum of 2 hours per month to support WRAP's digital projects (e.g., migrations, software rollouts, endpoint configuration). Allow unused support hours to roll over for future use to enable flexibility in project delivery. Knowledge Management Maintain and update WRAP’s internal knowledge base to reflect new system configurations, known issues, and support resolutions. Ensure regular documentation updates within Freshservice, enabling WRAP's internal team to access up-to-date self-help and procedural guides. Compliance & Cybersecurity Ensure all services comply with relevant data protection laws and certifications, including GDPR, Cyber Essentials, and ISO 27001. Implement and maintain baseline cybersecurity hygiene (e.g., patching, MFA enforcement, basic security hardening). Review & Collaboration Attend monthly service review meetings to report performance against SLAs, review incidents, and discuss ongoing improvements. Participate in quarterly strategic reviews to align services with WRAP’s IT roadmap and business goals. Identifying industry trends and insights to help WRAP stay current. Working Hours Provide core services during UK business hours (08:00 – 17:00 GMT/BST, Monday to Friday), with capacity for out-of-hours escalation in urgent situations if needed.
Lot Package 1 Status: active
Lot Package 1 Value (Gross): GBP 120,000.00
Lot Package 1 Contract Start: 2025-06-09T00:00:00Z
Lot Package 1 Contract End: 2027-06-08T23:59:59Z
Lot Package 1 SME Suitable: Yes
Lot Package 1 Award Criterion (price): Price (35%)
Lot Package 1 Award Criterion (quality): Quality (65%)
Lot Title: Security Operations Centre (SOC) / SIEM Provider
Lot Description: The objective of this package is to secure WRAP’s IT environment by delivering robust, around-the-clock cybersecurity monitoring, rapid incident response, and advanced threat intelligence services. The selected provider will strengthen WRAP’s security posture and support regulatory compliance. Services required are as follows: 24/7 Security Monitoring Provide continuous monitoring through a mature SIEM solution, capturing logs from cloud and on-prem environments. Detect known and unknown threats using automated correlation engines and behaviour analytics. Alert WRAP to critical incidents, providing actionable context and remediation suggestions. Incident Response & Remediation Provide hands-on containment, investigation, and remediation support for security incidents. Respond in accordance with defined SLAs (e.g., critical threat response within 15 minutes). Hold NCSC-assured service provider status or equivalent (e.g., CREST, CIR Level 2+ certification). Threat Intelligence & Hunting Conduct proactive threat hunting activities based on emerging indicators of compromise (IOCs) and known tactics, techniques, and procedures (TTPs). Ingest and apply global threat intelligence feeds, adapting detection rules accordingly. Compliance & Regulatory Support Ensure ongoing compliance with ISO 27001, Cyber Essentials Plus, and other UK regulatory standards. Enable auditable log retention, forensic readiness, and transparent record-keeping. Integration with WRAP’s Security Stack Seamlessly integrate with Microsoft 365 Defender, Azure Security Centre, EDR/XDR tools, and WRAP’s firewalls and network infrastructure. Provide visibility across multi-cloud and hybrid environments, including integration with third-party security tools. Custom Detection Rules Build and maintain custom detection rules and workflows tailored to WRAP’s use cases and risk profile. Collaborate with WRAP’s internal teams to ensure detections reflect evolving business and technical contexts. Global Incident Coordination Provide “follow-the-sun” support, ensuring continuous coverage and coordination with WRAP’s global operations (if applicable). Leverage regional SOC teams to respond to threats in real-time regardless of time zone. Real-Time Reporting Offer live dashboards and periodic reporting (e.g., weekly/monthly) on incidents, threat trends, vulnerabilities, and system health. Include executive-level summaries and technical deep-dives where appropriate. Collaboration Work closely with WRAP’s internal cybersecurity and IT teams. Participate in incident response tabletop exercises, scenario planning, and quarterly joint reviews. Required Capabilities (applicable to both packages) are as follows: Demonstrated experience supporting public or non-profit organisations, preferably within the UK or global NGO sector. Evidence of supporting hybrid environments, particularly Azure and Microsoft 365 (or equivalent). Flexible, transparent pricing models that suit WRAP’s operating needs and enable scaling of services. Data handling practices compliant with UK GDPR, Data Protection Act 2018, and relevant international data laws (or equivalent).
Lot Package 2 Status: active
Lot Package 2 Value (Gross): GBP 60,000.00
Lot Package 2 Contract Start: 2025-06-09T00:00:00Z
Lot Package 2 Contract End: 2027-06-08T23:59:59Z
Lot Package 2 SME Suitable: Yes
Lot Package 2 Award Criterion (price): Price (35%)
Lot Package 2 Award Criterion (quality): Quality (65%)
Document Description: Invitation to Tender (ITT)
Document Description: Conditions of Contract
Document Description: Quotation & Rates Schedule (Excel Format)
Document Description: Tender notice on Find a Tender
{
"buyer": {
"id": "GB-PPON-PCTJ-5948-ZJZV",
"name": "Waste \u0026 Resources Action Programme"
},
"date": "2025-04-24T10:52:04+01:00",
"id": "016706-2025",
"initiationType": "tender",
"language": "en",
"ocid": "ocds-h6vhtk-0506cc",
"parties": [
{
"address": {
"country": "GB",
"countryName": "United Kingdom",
"locality": "Banbury",
"postalCode": "OX16 5BH",
"region": "UKJ14",
"streetAddress": "Second Floor, Blenheim Court, 19 George Street"
},
"contactPoint": {
"email": "procurement@wrap.org.uk",
"name": "Procurement Lead",
"telephone": "01295 584100"
},
"details": {
"classifications": [
{
"description": "Public authority - sub-central government",
"id": "publicAuthoritySubCentralGovernment",
"scheme": "UK_CA_TYPE"
}
]
},
"id": "GB-PPON-PCTJ-5948-ZJZV",
"identifier": {
"id": "PCTJ-5948-ZJZV",
"scheme": "GB-PPON"
},
"name": "Waste \u0026 Resources Action Programme",
"roles": [
"buyer"
]
}
],
"tag": [
"tender"
],
"tender": {
"aboveThreshold": false,
"description": "WRAP is seeking to procure support across two (2) distinct service packages:\n\u2022Service Package 1: Managed Service Provider (MSP)\n\u2022Service Package 2: Security Operations Centre (SOC) / SIEM Provider\nBidders may submit a proposal for one or both packages. WRAP may award a single contract covering both service areas or award separate contracts for each service package, depending on the quality and value for money of the responses.\nService Package 1: Managed Service Provider (MSP)\nThe primary objective of this package is to supplement WRAP\u2019s internal IT function with a scalable, flexible and proactive Managed IT Services Partner. The MSP will enhance WRAP\u2019s operational resilience, ensure efficient ticket management, maintain high system performance and align IT service delivery with WRAP\u2019s evolving organisational needs and cybersecurity posture.\nService Package 1: Security Operations Centre (SOC) / SIEM Provider\nThe objective of this package is to secure WRAP\u2019s IT environment by delivering robust, around-the-clock cybersecurity monitoring, rapid incident response, and advanced threat intelligence services. The selected provider will strengthen WRAP\u2019s security posture and support regulatory compliance.\nTo submit a Bid, register for free on: https://www.delta-esourcing.com/\nAccess Code (to find the opportunity): XU66K63TY7\nFor more information about this opportunity, please visit the Delta eSourcing portal at: \nhttps://www.delta-esourcing.com/tenders/UK-UK-Banbury:-IT-services:-consulting%2C-software-development%2C-Internet-and-support./XU66K63TY7\nTo respond to this opportunity, please click here: \nhttps://www.delta-esourcing.com/respond/XU66K63TY7",
"documents": [
{
"description": "Invitation to Tender (ITT)",
"documentType": "biddingDocuments",
"format": [],
"id": "A-943641447",
"url": "https://www.find-tender.service.gov.uk/Notice/Attachment/A-943641447"
},
{
"description": "Conditions of Contract",
"documentType": "biddingDocuments",
"format": [],
"id": "A-943641467",
"url": "https://www.find-tender.service.gov.uk/Notice/Attachment/A-943641467"
},
{
"description": "Quotation \u0026 Rates Schedule (Excel Format)",
"documentType": "biddingDocuments",
"format": [],
"id": "A-943641765",
"url": "https://www.find-tender.service.gov.uk/Notice/Attachment/A-943641765"
},
{
"datePublished": "2025-04-24T10:52:04+01:00",
"description": "Tender notice on Find a Tender",
"documentType": "tenderNotice",
"format": "text/html",
"id": "016706-2025",
"noticeType": "UK4",
"url": "https://www.find-tender.service.gov.uk/Notice/016706-2025"
}
],
"enquiryPeriod": {
"endDate": "2025-05-20T23:45:00Z"
},
"id": "ocds-h6vhtk-0506cc",
"items": [
{
"additionalClassifications": [
{
"description": "IT services: consulting, software development, Internet and support",
"id": "72000000",
"scheme": "CPV"
}
],
"deliveryAddresses": [
{
"country": "GB",
"countryName": "United Kingdom",
"region": "UK"
}
],
"id": "Package 1",
"relatedLot": "Package 1"
},
{
"additionalClassifications": [
{
"description": "IT services: consulting, software development, Internet and support",
"id": "72000000",
"scheme": "CPV"
}
],
"deliveryAddresses": [
{
"country": "GB",
"countryName": "United Kingdom",
"region": "UK"
}
],
"id": "Package 2",
"relatedLot": "Package 2"
}
],
"legalBasis": {
"id": "2023/54",
"scheme": "UKPGA",
"uri": "https://www.legislation.gov.uk/ukpga/2023/54/contents"
},
"lots": [
{
"awardCriteria": {
"criteria": [
{
"description": "Long criteria description",
"name": "Price",
"numbers": [
{
"number": 35,
"weight": "percentageExact"
}
],
"type": "price"
},
{
"description": "Long criteria description",
"name": "Quality",
"numbers": [
{
"number": 65,
"weight": "percentageExact"
}
],
"type": "quality"
}
]
},
"contractPeriod": {
"endDate": "2027-06-08T23:59:59Z",
"maxExtentDate": "2028-06-08T23:59:59Z",
"startDate": "2025-06-09T00:00:00Z"
},
"description": "The primary objective of this package is to supplement WRAP\u2019s internal IT function with a scalable, flexible and proactive Managed IT Services Partner. The MSP will enhance WRAP\u2019s operational resilience, ensure efficient ticket management, maintain high system performance and align IT service delivery with WRAP\u2019s evolving organisational needs and cybersecurity posture.\nServices required are as follows:\nServer Monitoring \u0026 Reporting\nProvide 24/7 real-time monitoring of WRAP\u0027s Azure-based virtual servers.\nDetect and report on performance degradation, downtime, system anomalies, and security issues.\nDeliver automated and manual alerts for potential threats or service failures.\nGenerate monthly reports covering server health, uptime, patching status, capacity utilisation, and threat logs.\nIT Support Escalation, Overflow and Flexible Support\nProvide Tier 2 and Tier 3 support, acting as an escalation point for complex IT incidents.\nRespond to overflow tickets exceeding internal team capacity (i.e., 20+ tickets/month).\nEnsure tight integration with WRAP\u2019s ITSM system (Freshservice) for ticket visibility and lifecycle updates.\nBe able to scale up support provision within 24 hours, as needed for peak periods or critical events.\nAbility to attend WRAP Offices for to supplement on-site IT presence. \nFull Helpdesk Coverage\nProvide full-service first line and second-line helpdesk support when WRAP\u2019s internal team is unavailable (e.g., holidays, absences).\nDeliver end-user support (remote or on-site if necessary), including troubleshooting, password resets, software/hardware issues, and user onboarding/offboarding.\nLiaise with third-party vendors and escalate incidents to manufacturers or cloud providers as required.\nProject Support\nContribute a minimum of 2 hours per month to support WRAP\u0027s digital projects (e.g., migrations, software rollouts, endpoint configuration).\nAllow unused support hours to roll over for future use to enable flexibility in project delivery.\nKnowledge Management\nMaintain and update WRAP\u2019s internal knowledge base to reflect new system configurations, known issues, and support resolutions.\nEnsure regular documentation updates within Freshservice, enabling WRAP\u0027s internal team to access up-to-date self-help and procedural guides.\nCompliance \u0026 Cybersecurity\nEnsure all services comply with relevant data protection laws and certifications, including GDPR, Cyber Essentials, and ISO 27001.\nImplement and maintain baseline cybersecurity hygiene (e.g., patching, MFA enforcement, basic security hardening).\nReview \u0026 Collaboration\nAttend monthly service review meetings to report performance against SLAs, review incidents, and discuss ongoing improvements.\nParticipate in quarterly strategic reviews to align services with WRAP\u2019s IT roadmap and business goals.\nIdentifying industry trends and insights to help WRAP stay current.\nWorking Hours\nProvide core services during UK business hours (08:00 \u2013 17:00 GMT/BST, Monday to Friday), with capacity for out-of-hours escalation in urgent situations if needed.",
"hasRenewal": true,
"id": "Package 1",
"renewal": {
"description": "Optional 1 year extension, if deemed necessary."
},
"status": "active",
"suitability": {
"sme": true,
"vcse": true
},
"title": "Managed Service Provider (MSP)",
"value": {
"amountGross": 120000.0,
"currency": "GBP"
}
},
{
"awardCriteria": {
"criteria": [
{
"description": "Long criteria description",
"name": "Price",
"numbers": [
{
"number": 35,
"weight": "percentageExact"
}
],
"type": "price"
},
{
"description": "Long criteria description",
"name": "Quality",
"numbers": [
{
"number": 65,
"weight": "percentageExact"
}
],
"type": "quality"
}
]
},
"contractPeriod": {
"endDate": "2027-06-08T23:59:59Z",
"maxExtentDate": "2028-06-08T23:59:59Z",
"startDate": "2025-06-09T00:00:00Z"
},
"description": "The objective of this package is to secure WRAP\u2019s IT environment by delivering robust, around-the-clock cybersecurity monitoring, rapid incident response, and advanced threat intelligence services. The selected provider will strengthen WRAP\u2019s security posture and support regulatory compliance.\nServices required are as follows:\n24/7 Security Monitoring\nProvide continuous monitoring through a mature SIEM solution, capturing logs from cloud and on-prem environments.\nDetect known and unknown threats using automated correlation engines and behaviour analytics.\nAlert WRAP to critical incidents, providing actionable context and remediation suggestions.\nIncident Response \u0026 Remediation\nProvide hands-on containment, investigation, and remediation support for security incidents.\nRespond in accordance with defined SLAs (e.g., critical threat response within 15 minutes).\nHold NCSC-assured service provider status or equivalent (e.g., CREST, CIR Level 2+ certification).\nThreat Intelligence \u0026 Hunting\nConduct proactive threat hunting activities based on emerging indicators of compromise (IOCs) and known tactics, techniques, and procedures (TTPs).\nIngest and apply global threat intelligence feeds, adapting detection rules accordingly.\nCompliance \u0026 Regulatory Support\nEnsure ongoing compliance with ISO 27001, Cyber Essentials Plus, and other UK regulatory standards.\nEnable auditable log retention, forensic readiness, and transparent record-keeping.\nIntegration with WRAP\u2019s Security Stack\nSeamlessly integrate with Microsoft 365 Defender, Azure Security Centre, EDR/XDR tools, and WRAP\u2019s firewalls and network infrastructure.\nProvide visibility across multi-cloud and hybrid environments, including integration with third-party security tools.\nCustom Detection Rules\nBuild and maintain custom detection rules and workflows tailored to WRAP\u2019s use cases and risk profile.\nCollaborate with WRAP\u2019s internal teams to ensure detections reflect evolving business and technical contexts.\nGlobal Incident Coordination\nProvide \u201cfollow-the-sun\u201d support, ensuring continuous coverage and coordination with WRAP\u2019s global operations (if applicable).\nLeverage regional SOC teams to respond to threats in real-time regardless of time zone.\nReal-Time Reporting\nOffer live dashboards and periodic reporting (e.g., weekly/monthly) on incidents, threat trends, vulnerabilities, and system health.\nInclude executive-level summaries and technical deep-dives where appropriate.\nCollaboration\nWork closely with WRAP\u2019s internal cybersecurity and IT teams.\nParticipate in incident response tabletop exercises, scenario planning, and quarterly joint reviews.\nRequired Capabilities (applicable to both packages) are as follows:\nDemonstrated experience supporting public or non-profit organisations, preferably within the UK or global NGO sector.\nEvidence of supporting hybrid environments, particularly Azure and Microsoft 365 (or equivalent).\nFlexible, transparent pricing models that suit WRAP\u2019s operating needs and enable scaling of services.\nData handling practices compliant with UK GDPR, Data Protection Act 2018, and relevant international data laws (or equivalent).",
"hasRenewal": true,
"id": "Package 2",
"renewal": {
"description": "Optional 1 year extension, if necessary."
},
"status": "active",
"suitability": {
"sme": true,
"vcse": true
},
"title": "Security Operations Centre (SOC) / SIEM Provider",
"value": {
"amountGross": 60000.0,
"currency": "GBP"
}
}
],
"mainProcurementCategory": "services",
"procurementMethod": "open",
"procurementMethodDetails": "Below threshold - open competition",
"status": "active",
"submissionMethodDetails": "https://www.delta-esourcing.com/",
"submissionTerms": {
"electronicSubmissionPolicy": "allowed"
},
"tenderPeriod": {
"endDate": "2025-05-20T23:45:00Z"
},
"title": "Managed Service Provider (MSP) \u0026 Security Operations Centre (SOC) / SEIM Provider",
"value": {
"amount": 180000.0,
"amountGross": 180000.0,
"currency": "GBP"
}
}
}