DEPARTMENT OF ENERGY AND CLIMATE CHANGE
TRN 1052/07/2105 - Supply of Cyber Security Technical Benchmarking
This sits below the typical range for Petroleum, Fuel & Energy Products contracts — a smaller, more accessible award. Based on 3,437 valued Petroleum, Fuel & Energy Products tenders in our corpus.
The E3CC High-level Risks and Control Assessment across the downstream gas and electricity sectors identified the following priority areas of shared risk on which industry have requested HMG support.
This work will look at the best practices and maturity of management across members in both Operational Technology (OT) and Information Technology (IT) environments of their companies for: - Access control and identity management - Communications management, including remote access - Management of end point security and data leakage prevention For each of the topic areas, the following process will be followed: Background research will be carried out to look at existing standards, general best practices and any specific standards and practices relevant to the electricity and gas sectors.
From these, and initial conversations with the E3CC members as well as reference back to the E3CC cyber security risk assessment, a series of themes, sub-topics and key questions will be developed.
The aim is to identify levels of maturity as well as lessons learnt/key best practices.
The key questions will then be used to survey the E3CC membership, usually in the form of a telephone interview. (Participation is voluntary, but past benchmarks have gained the involvement of 80-100% of all 16 members; we expect the contractor to work with us at the earliest opportunity, if involvement looks to be significantly less than this, i.e. <50% of the members).
Anonymity will be assured by the contractor, although members may volunteer to be attributed on sub-topics if they wish.
The data collected from the completed questionnaires and interviews will then be collated and analysed and may have additional literature research added to help explain any findings, where required The results will be collated into a report which is then presented to the following E3CC meeting and retained on the private E3CC section of the CPNI Extranet.
The final reports will include: - A definition of good cyber security practices against each of these three topics; - An assessment of cyber maturity within the downstream gas and electricity sectors against each of the three topic areas, against good-practice.
This will be a baseline for future assessments. - An assessment of cyber security practices compared to other CNI sectors, where appropriate. - Any Recommendations on how to improve cyber security practices within the downstream gas and electricity sectors based on the analysis of the findings.
What the supplier must deliver
The E3CC High-level Risks and Control Assessment
The E3CC High-level Risks and Control Assessment across the downstream gas and electricity sectors identified the following priority areas of shared risk on which industry have requested HMG support.
Derived from the notice text — always confirm against the original documents.
Skills, tools & certifications
Detected from the notice — the capabilities and credentials this bid calls for. Click one to see who wins that work.
Make the case to bid
Reveal who to approach at DEPARTMENT OF ENERGY AND CLIMATE CHANGE, and generate a go-to-market strategy from their news, accounts and people.
- OCID
- 3b6a828b-000b-4a86-b3a1-9b2dda2c70cd
- Stage
- contract · Contract
- Source
- Contracts Finder
- Buyer ref
- TRN 1052/07/2015
Contains public sector information licensed under the Open Government Licence v3.0. Source data © Crown copyright.
Who wins this kind of work
The suppliers and buyers around this opportunity — drawn from official award data. Drag to orbit; click a node to explore.
Top suppliers & buyers in Petroleum, Fuel & Energy Products
Assembling the market network…
DEPARTMENT OF ENERGY AND CLIMATE CHANGE’s tender network
Assembling the network…