Part - Public Services Ombudsman for Wales



The Public Services Ombudsman for Wales (PSOW)AN INVITATION TO TENDER FORIT Support ServicesPublished via .ukReturn date of ITT: 5pm Friday 30th October 2020Contents HYPERLINK \l "PartA" Part A: Introduction & OverviewThe Public Services Ombudsman for Wales (PSOW)Overview of IT support services requiredPage 3Part B: Instruction to SuppliersHow to ApplyFreedom of Information and transparency Additional Documents Required PricingSustainabilityEquality and DiversityPage 6Part C: Evaluation and Qualification CriteriaEvaluationTender application terms and conditionsPage 10Schedule 1: IT Support RequirementKPI SLA / Monthly ReportingCore Maintenance Non-Core Services2nd line support1st line support (Cover)Business continuity and back upsData Access and SecurityExit Strategy Confidentiality of PSOW data About the supplierBudgetary ConsiderationsChanges to specificationPage 11Schedule 2: The current IT specification PSOW existing IT infrastructureOur current software and servicesNetwork and Line RentalEnd User Equipment and Planned changesBackup and Disaster RecoveryAntivirus / IT securityPage 20Schedule 3: Key Performance IndicatorsPage 23Schedule 4: Application FormPage 26Schedule 5: Data Protection QuestionnairePage 34Schedule 6: Monthly report requirementsPage 36Invitation to TenderContract Requirement Specification for IT Support ServicesDeadline for bids to be received5pm Friday 30th October 2020Part A: Introduction & OverviewThe Public Services Ombudsman for Wales (PSOW)The PSOW has three specific roles. The first is to consider complaints made by members of the public that they have suffered hardship or injustice through maladministration or service failure on the part of a body in the Ombudsman’s jurisdiction. The bodies that come within jurisdiction are generally those that provide services where responsibility for their provision has been devolved to Wales and include the Welsh Government and its sponsored bodies, local government, registered social landlords (Housing Associations),the National Health Service (including GP’s and dentists) and independent care organisations. The second role is to consider complaints that members of local authorities have broken their authority’s Code of Conduct. The third role is to drive systemic improvement of complaints handling and public services in Wales. The Ombudsman is independent of all government bodies and the service provided is free of charge.Further details about the Ombudsman role (including PSOW annual reports) can be found on the current PSOW website at ombudsman.wales Overview of IT support services requiredThis Invitation to Tender (ITT) has been prepared for the purpose of inviting proposals for the provision of a IT Support Service contract for the Public Services Ombudsman for Wales (PSOW). It will be the responsibility of the IT support provider to ensure maximum operational efficiency of IT services and to ensure IT availability meets the required standards and KPI thresholds. Reliable IT provision is of the utmost importance to the organisation and as such the PSOW has requirements for the performance of this contract with consequences for under performance of agreed contractual KPI’s. The contract awarded will be subject to PSOW’s requirements and satisfactory performance of KPI’s through continuous monitoring and performance review. The Public Services Ombudsman for Wales is seeking to appoint an IT support provider that will be responsible for:Ensuring that the Ombudsman IT systems and IT devices authorised to connect to PSOW on premise servers e.g. individual PSOW Issued PC’s / laptops / other portable media (i.e. tablets / smartphones) are available for use, and to proactively manage the PSOW IT infrastructure to minimise downtime and to meet an overall availability target% of 99% (excluding planned outages)Providing 2nd line IT Support to the PSOW IT Team who provide the 1st line helpdesk support service to PSOW staff.Providing 1st line support to PSOW staff working at PSOW offices or at home relating to PSOW hardware and authorised applications and connection to PSOW servers for urgent matters where PSOW internal IT team are not available.Providing proactive monitoring, management and reporting to PSOW of IT security matters including malware risks and up to date virus definitions to provide assurance for security of PSOW servers, network and connected hardware.To manage and monitor in-house server backups and to work with the external cloud backup solution provider to provide assurance for the integrity of the data, and to assist where necessary in the recovery from the cloud of this data (for testing and real events).To liaise with contracted 3rd party application / software providers to assist in fault resolution or upgrades.To provide additional project work at agreed rates in a timely manner.The above is a summary of the main requirements. Full details of the service requirements are provided within the Specification as detailed in Schedule 1. The contract will be for a 3-year term with the option to extend annually up to a maximum of 2 further years by mutual agreement. It is anticipated that the contract will commence no later than 4th January 2021 (to include a maximum of 3 months handover from existing IT support provider if applicable).Payments will be made for 75% of the annual cost in 12 equal monthly instalments (monthly in advance). 25% of the annual contract cost is retained and paid as a month 13 payment after deduction of any penalty incurred during the year (see schedule 3 for KPI performance)An indicative timetable is outlined below. The PSOW reserves the right to amend the dates if required:ItemDeadlineApplication submission5pm 30/10/2020Tender Analysis concluding with invitation to interview for shortlisted applicants31/10/2020 – 13/11/2020Interview with short-listed Service Delivery Reviewers (only if applicable)20/11/2020 – 23/11/2020Award contract subject to agreeing terms and conditions30/11/2020Contract start date04/01/2020Part B: Instruction to SuppliersHow to applyThis ITT is advertised via Sell2Wales under the following Notice Name: ‘Invitation to tender for IT Support Services’. Sell2Wales is an openly accessible website allowing individuals the opportunity to browse Notices without the need to register. However, for a supplier to be considered for the contract they must:Register as a potential supplier on .walesSearch for the appropriate Notice using ‘Buyer Name’ as ‘Public Services Ombudsman for Wales’.Register their interest in being considered for the contractDownload the tender application form via Sell2Wales.Further guidance can also be found on the Ombudsman website in the procurement and service contract section. Those tendering should include in their submission all areas requested as detailed in Schedules 3, 4 and pleted Tender application forms and any additional information must be uploaded to this tender notice on Sell2Wales by 5pm 30th October 2020. Please ensure all relevant information is appended or contained within the application as one document.If further information or assistance in using Sell2Wales is needed in applying for this contract, please email ITC@ombudsman-.ukPlease note that we reserve the right to include any publicly available review / feedback in our assessment of applicationsPSOW invites suppliers to contact us to clarify any aspect of the specification requirements informally before submitting their tender. Please contact via email in the first instance:John YoungIT ManagerPublic Services Ombudsman for Wales email: ITC@ombudsman-.ukAny information provided via direct email and not via the Sell2Wales tender page Q&A will only be on the proviso that unless for the purpose of clarification of the required specifications already stated in the tender documents, any additional information provided to prospective providers will be uploaded to the Sell2Wales tender page Q&A (anonymised).Freedom of Information and transparency The supplier should be aware of the PSOW’s obligations and responsibilities under the Freedom of Information Act 2000 (“FOIA”) and Environmental Information Regulations 2004 (“EIR”). Any information submitted by the supplier in connection with this tender, or with any contract awarded, may need to be disclosed in response to a request under this legislation. If the supplier considers that any of the information included in their tender is commercially sensitive, they should identify it and explain (in broad terms) what harm may result from disclosure if a request is received, and the time period applicable to that sensitivity. The supplier should be aware that, even where they have indicated that information is commercially sensitive, the PSOW may be required to disclose it under FOIA or EIR if a request is received. The PSOW will consult the supplier if it receives a request for disclosure of any of the information the supplier has identified as commercially sensitive.Additional Documents Required Documentation requiredTo aid understanding of the supplier’s:2 years annual accountsAbility to fulfil contract as a going concernYour organisational standard service level agreement / contract terms (if applicable).Please note, PSOW may require changes to your organisational standard agreements to meet our tender requirements.Environmental Policy commitment to understanding sustainability issues and addressing the organisation’s impact on the environment.Equality & Diversity Policy commitment to valuing diversity and the promotion of equality and inclusion within its organisation.Health & Safety Policy commitment to the adoption and promotion of safe working practices.Data protection related policies / procedures, including evidence of valid and current certification and staff competency (e.g. ISO 27001:2013 and Cyber Essentials Plus certification).Commitment to data protection compliance in relation to the organisation and its staff. approach to cyber security. Insurance policy information – copies of Professional Indemnity, Public Liability and Employer Liability insurance documents levels of insurance, indemnity, and liability cover in place.PricingThe tender process will be conducted in a manner that ensures tenders are evaluated fairly as detailed in section Part C. Whilst ability to meet costs within a prescribed budget is essential, it should be noted that cost will not be the decisive factor behind the assessment as ‘value for money’ including level of service expected including reliability and availability of IT infrastructure for Ombudsman staff are the Ombudsman’s priorities.All pricing should be submitted in GBP excluding VAT. VAT rates must be quoted if applicable as PSOW is not registered for VAT and therefore cannot reclaim VAT charged.Prices should include everything required to fully meet our requirements as detailed in the Specification. Prices should be broken down to show all significant cost elements. It must be noted that travel and accommodation costs must be borne by the service provider and cannot be claimed in addition to the quoted budget costs above.Any enhancements or amendments to the requirement shall be agreed in line with specified daily rates included in the proposal. Any services that will attract an additional charge must be clearly indicated. The charges should be at fixed rates for the initial period of the contract (3 years). SustainabilityThe PSOW is committed to minimising the effect of its day-to-day operations on the environment and suppliers are encouraged to adopt a sound proactive sustainable approach, designed to minimise environmental impact.The supplier should consider the following in their proposal:whenever possible we make changes to reduce the impact of the office on the environment and operate in a sustainable manner mindful of any impact on future generations in Wales and our obligations under the Environment (Wales) Act 2016Equality and DiversityThe PSOW is committed to the need to:eliminate unlawful discrimination and other conduct which is prohibited by the Equality Act 2010; advance equality of opportunity between people who share a relevant protected characteristic and those who do notfoster good relations between people wo share protected characteristics and those who do not.Within their proposal the supplier is expected to demonstrate their commitment to equality, diversity and inclusion.Part C: Evaluation and Qualification CriteriaEvaluationSubmitted tenders are evaluated as per the qualification criteria below and will be weighted as indicated?to taking account of the prevailing needs and priorities of the organisation. The PSOW may request clarification if there are questions concerning the proposal. Qualification criteria40%Understanding of the tender and contract service requirements and customer reviews (to include any publicly available review / feedback).30%Contract cost including initial, ongoing and future costs as well as fee rates applicable for non-core maintenance needs.20%Expertise, resource, customer service, support arrangements, and ability to be responsive.5%financial stability/company standing & Image/equality. policies/environmental sustainability/understanding of PSOW.Tender application terms and conditionsConfidentiality: The Supplier will not issue any public statements or otherwise disclose any information concerning this tender document, the process, and its participation in the process without the prior written approval of the PSOW. Legal Disclaimer: This tender document is an invitation to propose and does not in any manner create an offer or other obligation on the part of the PSOW to enter any contract. All expenses and costs incurred by the supplier in completing, submitting, and delivering the bids, together with any costs incurred during the post tender stage, will be to the supplier's account. The PSOW are not bound to accept the lowest or any bid. Use of Information: This tender document and any other information furnished hereunder shall be used solely for the purpose of responding to this invitation. Reproduction of any part of this document is authorised only to the extent necessary for the preparation of the supplier response. The supplier shall ensure that all such copies are destroyed when no longer required in connection with this application. The above shall supersede any confidentiality agreements between the PSOW and the supplier. Schedule 1: IT Support Requirements This section provides further details of the IT support contract requirements and responsibilities as summarised in Part A. Service Level Agreement (SLA) requirements and Monthly ReportingThe IT support provider is responsible for ensuring that the Ombudsman IT systems and IT devices authorised to connect to PSOW on premise servers e.g. individual PSOW Issued PC’s / laptops / other portable media (i.e. tablets / smartphones) are available for use, and to proactively manage the PSOW IT infrastructure to minimise downtime and to meet an overall availability target% of 99% (excluding planned outages)Schedule 3 Details the KPI requirement for any SLA. All applicants are required to complete this schedule as part of the application.Schedule 5 provides the required contents of the monthly report to PSOW which includes monthly reporting on:Core maintenanceNon-Core Maintenance Services2nd line support activity (including completed and outstanding issues)1st line support activity (including completed and outstanding issues)Business continuity (including back-up reporting)Data Access and SecurityPerformance against KPI’sCore Maintenance The PSOW requires continued core maintenance services for all IT infrastructure (including servers, server software architecture, onsite and offsite desktop PCs and software, user profiles and access rights, network infrastructure including switches and firewalls, domain / email / web proxy management etc). This includes the maintenance, monitoring and reporting service for the following.Onsite Server Hardware Server Software (list is not exhaustive)Microsoft Windows Server 2008 R2 / 2012 R2 2016Microsoft SQL Server 2008 / 2014VMWareMicrosoft Sharepoint 2010 / 2013Microsoft Exchange 2010 Servers x 2 (DAG)Mail Marshall Email GatewayWeb Marshall Web ProxySymantec antivirus for workstationsvCenter veeam backup (local NAS and Cloud backups)Routing and Remote Access ServerLansweeper asset managementCAS Workpro application and database or successor Case Management SolutionVirtual machines are hosted on Microsoft Hyper-V platform and VMWareSonic Wall Net ExtenderDesktop workstation hardware (see End User and Business Change section 5.7)Workstation software including the following (list is not exhaustive):Microsoft Windows 7 / 10Microsoft Office 365Browser applications – IE, Edge, Chrome, FirefoxAdobe Acrobat ProSage accounting / HR and payroll Info4CRMEgress encrypted mailTelephony integration softwareVoice recording applicationCircuitJava & ZuluBeyond TrustBodet KelioDomain Management:Creation and support of user accountsGroup policy creation and supportDHCP and DNS managementServer and client patch managementResource monitoringFile and printer servicesPerformance managementPassword resetsEmail Management:Mail gateway and Exchange server monitoringEmail TrackingEmail account access changesWeb Proxy managementNetwork management (firewall configuration management and changes)Daily / weekly / Monthly monitoring and reporting to PSOW of Antivirus definition / malware monitoring for all network connections, and regular reporting to PSOW to provide assurance to PSOW of adequate antivirus / malware and other security issues.Software deployment and updates, including applications such as Flash, Java,Backup services (file management)SQL Server mirroring managementVPN remote worker access supportExternal DNS supportIt will be the responsibility of the IT support provider to ensure maximum operational efficiency of PSOW IT services and to ensure IT availability meets the required standards and thresholds.The supplier proposal should set out how they intend to meet these core requirements. In addition, the supplier should provide details of proposed information management and monitoring reports and the frequency that these would be provided. The supplier is expected to provide examples demonstrating the supplier responsiveness to emergency availability issues.The supplier will be required to immediately notify the PSOW of emergency incidents so that these can be responded to and investigated jointly where necessary. The supplier will also be expected to assist the PSOW with cyber security audits to help us improve our organisational and technical security measures. The supplier is also expected to provide examples of any previous experience in reporting and resolving emergency incidents. They should set out proposals for response times for routine and emergency reporting to the PSOW. The supplier will be expected to implement a secure and robust environment and assist the PSOW in the implementation of additional security policies, applications, software and services, particularly in relation to a transition to a cloud- hosted environment. The supplier proposal should set out how they can help monitor the security of the network and support the PSOW, as Data Controller, to protect its network, data and information. The supplier should highlight how they will keep the PSOW informed about system vulnerabilities and threats and assist in the assessment and treatment of risks posed and issues discovered. The supplier will be expected to advise the PSOW on options for hardware replacement. Destruction of any hardware is not to be included in this contract, as this will remain the responsibility of the PSOW, although we may seek advice on this. All electronic or hard copy data and information must be securely stored, transferred and disposed of with appropriate security measures in place. The new supplier will be responsible for preparing any computers, servers, hard disks for secure disposal. The supplier proposal should therefore define the security controls the supplier will put in place to provide assurance to the PSOW of compliance with GDPR and other legislative and regulatory requirements. Non-Core Maintenance Services and transition to Cloud Environment/InfrastructureThe PSOW also requires the provision of IT infrastructure ‘non-core’ maintenance services such as:New installations (including replacement or updated server or client software and / or hardware) Capacity management and planningAny disaster recovery workMalware or virus incident managementOffice365 account managementSecurity management, monitoring, and adviceSoftware licencing adviceProvision of support and advice re system improvementsProvision of assistance for auditsUser training for customised environmentsOther ad-hoc support requestsThe PSOW is also looking for a supplier who will assist in planning and implementation of a move toward a hosted-cloud solution to replace our current on-site server facilities. The supplier proposal should detail how it will be created, managed, accessed, and supported, including details of the technology that will be employed to achieve this model. The supplier should also detail the control measures that will be employed to ensure the ongoing security of the PSOW data and information during transfer, in use and at rest. The supplier will be expected to regularly recommend other developments that will ensure future proofing of the PSOW service. The PSOW recognises that additional fees rates may be applicable for development work / installation of new or replacement systems. The supplier should therefore detail these within the supplier proposal.Proposals should also set out how current and future technology may support our environmental policy and achievement of a ‘paperless office’. Any creative and innovative proposals that may result in efficiencies across the organisation should also be provided.The supplier will be required to liaise with both the website provider and the current and future Case Management Solution provider(s) where necessary to ensure successful and ongoing access and integration, and system / data recovery arrangements.If any change request relating to any non-core service is to be charged in addition to the support contract terms / fees, the applicant must clearly state what is not covered by the annual support fee and the additional rate fees that will be applied.2nd line support provisionWhilst the PSOW IT Team (which consists of 3 members of staff) provides 1st line helpdesk support to PSOW staff we require a 2nd line IT Support Service to assist the PSOW IT team for:on-site server and all networked connected devices including remote connection (e.g. VPN connections).software applications, for instance in assisting PSOW IT Team liaise with software suppliers to install / implement and manage the availability of applications or for the purpose of application fault resolution.maintenance of all hardware, and software, and homeworker requirementsIt is expected that the 2nd line helpdesk and system monitoring and maintenance work will generally be undertaken remotely and that the provider will use their own facilities and equipment but should be willing to travel to the Pencoed offices especially during any development period of this contract and be available for telephone/video conferencing to discuss individual projects as required by the PSOW. However, the PSOW will provide suitable equipment and office space for the onsite presence visits.The supplier should set out their proposals for managing the 2nd line support to PSOW and give examples of other 2nd line support services they have successfully provided. The supplier should also detail the proposed response times for 2nd line support, which will need to be agreed with the PSOW. 1st line support (Cover)The PSOW IT Team is small and there are times when 1st line helpdesk support may be limited. The supplier is expected to provide occasional backup 1st line helpdesk support during limited availability of the PSOW IT Team.1st line support provision by the IT support provider is to provide support to PSOW staff working at PSOW offices or at home relating to PSOW hardware and authorised applications and connection to PSOW servers for urgent matters where PSOW internal IT team are not available.PSOW IT Team will refer PSOW internal open helpdesk tickets as 2nd line support if PSOW IT are unable to resolve internal 1st line support issues within 3 days. Proposals should provide details about how 1st and 2nd line support will be managed. They should also provide clear explanations about how the supplier and the PSOW IT Team will collaborate to provide an effective IT helpdesk support service for PSOW. PSOW Management Team will expect timely monthly performance monitoring reports about the number of open and resolved helpdesk queries. (refer to Schedule 6)Business continuity and back upsThe It support provider will be responsible for the management and monitoring of the in-house server backupsPSOW has a separate contract with a Cloud backup provider which the new IT Support Service provider will be expected to work with. This will entail the provision of core maintenance of: On site serversOn site UPSServer back-ups The new IT Support Service provider will be expected to work with the external cloud backup solution provider to provide assurance for the integrity of the data and assist where necessary in the recovery from the cloud of this data (for testing and real events). The new IT support provider will also be expected to assist with any business continuity and system / data restoration testing and real events, with requirements to meet KPI’s as proposed in Schedule 3).Data Access and SecurityThe IT support provider is responsible for providing proactive monitoring, management and reporting to PSOW of IT security matters including malware risks and up to date virus definitions to provide assurance for security of PSOW servers, network and connected hardware.In addition to the security requirements listed elsewhere within the specification the supplier must also conform to the following data access and security requirements. The supplier proposal must detail how the supplier will provide assurances to PSOW, as Data Controller, of the appropriate and necessary safeguards the supplier will employ.Applications will only be considered with the applicants’ full acceptance as data processor on behalf of PSOW. The supplier must ensure that the PSOW’s infrastructure is protected by up-to-date virus and malware checking software, ensuring that a server patching regime is in place, and supply details of the same. The supplier must:manage the procurement, implementation, support and deployment of anti-virus and anti-malware software andsupport the PSOW relating to anti-virus / anti-malware troubleshooting, scanning, quarantine and end user queriesThe PSOW’s network must be configured in such a way that access is limited to known, authorised individuals and connections to other networks must be controlled. The default access level to PSOW data will be ‘no access’, the supplier must maintain lists of users who require access which includes a clear audit trail showing:the type of access acquiredthe datethe reason and any data obtained as a result. This may be contained within a ticket/incident management system provided that the data is complete and sufficient. Such lists are to be reviewed at least quarterly and information provided to PSOW in readable format when required and in its entirety at the end of the contract.The successful supplier will ensure that all engineers or staff members with access to our systems and data are sufficiently trained on current Data Protection and GDPR legislation. The supplier will be able to provide relevant records and information to assure PSOW that their staff understand and comply with training provided.The supplier must inform PSOW immediately of any actual or suspected security breaches. Exit Strategy With security in mind, PSOW will need to have assurances about the process for managing the end of the contract with the supplier. The supplier should explain how the hand over to either the PSOW’s IT Team or a new provider will be managed and provide details of end of contract support. This should include reference to document retention requirements and provide assurances around cessation of supplier personnel access rights. Confidentiality of PSOW data The supplier must undertake not to publish or disclose any PSOW information or data it processes for and on behalf of the PSOW with another party. This undertaking continues beyond the life of the contract. Any breach of confidentiality of contract or of restricted information will constitute a material breach of contract and enable the PSOW to terminate the contract. About the supplierThe successful supplier will:Provide evidence of ISO 27001:2013 and Cyber Essentials Plus certification.Provide case studies organisations they have worked with who have similar structures and have faced similar transition challenges.Budgetary ConsiderationsThere is no declared budget for this project. However, tenderers should be aware that PSOW is a small organisation currently with 73 staff and an annual budget of around ?5m, most of which is committed to meet staff costs. The PSOW IT infrastructure and ongoing availability are however key to PSOW's operations.Changes to the Specification It is possible that during the life of the contract changes, for example, in the nature and volume of the work and the timescale or other requirements will arise.Changes to the Specification will be implemented by issuing written amendments to all those affected by the changes.Schedule 2: Current IT Specification PSOW existing IT infrastructureThis part of the ITT provides an overview of PSOW’s existing IT environment. Suppliers should read our current infrastructure and upcoming business changes to ensure they fully understand our requirements.There are currently 73 members of staff, each have specific user accounts and access to the server data via on site desktop PCs or homeworking VPN. Staff numbers and issued hardware etc are subject to change based on business needs. Staff work from any of the following locations:The main office at Pencoed in Bridgend.Office space in North Wales based at Parc Menai, Bangor.Staff working from home (all staff can connect to PSOW servers and work at home at present due to COVIDE 19 pandemic).PSOW currently operates various onsite servers, networked desktop PCs, onsite wi-fi, tablets, laptops, networked scanner/printers, smart phones and remote networked devices via VPN.Our staff use the following main systems. Systems and hardwareWindows 10 OS on Dell desktop PCs (some legacy Windows 7 OS) and laptops 73 staff each with own on premises Windows based Dell PC *73 at home PSOW issued Windows based Dell PC / Laptop - due to be completed by 31/3/2021*Additional 12 windows-based Dell PC’s for spare desks / Interview / meeting rooms etc * 20 (approx.) Microsoft Surface Pro’s / Surface Go’s*20 (approx.) Apple iPads*22 Samsung Smartphones*Windows 2008R2,2012R2,2016 OS on site serversVMWareMicrosoft SQL ServerActive DirectoryMicrosoft Exchange on premises server basedTelephony integration via My Portal / My agent (using SIP)All servers / network switches / backup drives are located on site in temperature controlled secure server room.*Subject to change based on business needOur current software and servicesThe office infrastructure is a Microsoft Windows Domain Environment and uses the following applications:Software and applicationsMicrosoft Office 365 licences for all staff - Outlook, Excel, Word, Teams, PowerPoint Web browser applicationsSharePoint (used for internal PSOW Intranet)Adobe Acrobat Pro DCSAGE Info4CRMJava/ZuluBeyond TrustPapercutSonic Wall NetextenderBodet KelioPSOW has the following separate contracts for the provision of the following, which are therefore outside the scope of this contract. However, it is expected that the new IT Support Service supplier will work together with these suppliers as appropriate to ensure the smooth running of PSOW.Separate contracts already in place for the provision of:Case Management System and the software maintenance and development of it. The software and associated database are held on PSOW servers.Telecoms software and hardware. The software and associated database are held on PSOW servers. Our websites.Printing/Scanning/copying on site multi-function devicesCloud based Backup & Disaster Recovery from cloud (on site / on premises back up routines must be available though and managed by IT support providers)Network and Line RentalPSOW has extensive network cabling on site between the server room and each on site Data point (telecoms and Network data). PSOW has several Wi-Fi access points throughout the building at Pencoed.The Broadband provision is via BT with a current bandwidth of 1GB upload / 1GB download End User Equipment and Business ChangesHardware on site and issued to staff is detailed in section 23Whilst currently there are a number of staff using their own PC equipment at home and using a Remote Desktop Configuration (RDC) through their personal devices to access PSOW systems, there is a current action plan to provide staff with PSOW owned devices by 31/3/2021 to enable them to work from home more effectively and securely.Backup and Disaster RecoveryOn-site on-premise server backups are scheduled and managed by the IT support provider. PSOW has also recently initiated a cloud back up of this on-site back up data, so it is expected that the successful applicant would work closely with the cloud back up provider to provide assurance to PSOW for business continuity purposes.Antivirus and SecurityPSOW currently operate Symantec as the antivirus solution at server and PC level (including PSOW PC issued for home use). The successful applicant will be required to monitor closely the operation of the Symantec provision and report as required to PSOW to enable assurance of the security of the PSOW IT infrastructure.Schedule 3: Key performance indicatorsThe following table is required to be completed by all applicants and is a guide to the service standard we are looking for. Suppliers are requested to specifically detail alternative SLAs on this form. PSOW require that the contract terms include penalty clauses for below standard KPI performance.Whilst SLA performance will be continuously monitored, it is expected a review of the SLAs will be conducted at least annually with regards to penalty clause deductions. It is understandable that there may be a maximum penalty total allowed for any financial year. Please note that 25% of each year’s annual costs will be withheld until end of the year and paid after deduction of annual penalty.Please note that enquiries from PSOW authorised 3rd party providers are to be assessed against the same KPI targets as if the request was made from PSOW.KPIPSOW Proposed requirementsApplicant proposal 1Minimum 99% availability of all IT systems within IT support control. (24/7/365)2Minimum 95% availability of each of the core applications within IT support controlBased on Outage being classed as inability of the whole office to connect / 365 day /24 hrs targeted availability, excluding PSOW agreed planned outages.Connected unavailability instances of core applications will not be double counted. (e.g. server outage affecting all applications)Core applications defined asEmailWorkProOffice 365Internal IntranetSAGEBodet KelioInfo4CRMSonic Wall Net ExtenderConnection to serverConnection to Internet (PSOW infrastructure fault)Penalty clause for failing to meet annual 95% KPI for any of the above: 10% of annual contract costs3Response times for reported fault: System non-operational affecting more than 50% usersRespond within 1 HourResolve 95% within 1 working days of identification*Resolve 100% within 5 working days*Penalty clause 1% of annual contract cost for every additional 5 working days.4Response times for reported fault: System non-operational affecting less than 50% usersRespond within 2 hoursResolve 95% within 2 working days of reporting.Resolve 100% within 10 working days*Penalty clause of 1% of annual contract cost for every additional 10 working days.5Response times for reported fault: Identifiable fault affecting PSOW efficiency, but system still operationalRespond within 4 hoursResolve 50% within 4 working days of reporting*Resolve 100% within working 20 days*Penalty clause of 1% of annual contract cost for every additional 20 working days.6Response times for reported fault: Identifiable fault – cosmetic not affecting PSOW efficiency, system operational Respond within 4 hoursResolve 50% within 8 working days of reporting*Resolve 100% within working 40 days*Penalty clause of 1 % of annual contract cost for every additional 40 working days.7Response times for Enhancements / service change requests (including initial systems review)Implement 100% within agreed deadline (deadline to be agreed by both parties at time of service request agreement).Penalty clause of 1 % of annual contract costs for every additional 10 working days over agreed deadline.8Monthly report presented to PSOW To be completed and submitted to PSOW by 5pm on the 5th working day of each month and containing all the required monthly report information (see schedule 6).Penalty clause of 1% of annual contract costs for every instance of not meeting this KPI9Security and protection:Urgent Notification to PSOW of any known urgent risks.Action taken to eliminate any known out of date virus definitions (older than 7 days).Lack of adequate management and reporting to PSOW in this area will constitute a breach of contract.* Resolved to PSOW satisfaction. Allowance will be made of any delay due to PSOW after the IT support provider communication to PSOW that an issue has been resolved, and time taken until PSOW test and confirm back to IT support provider that it is resolvedSchedule 4: Tender Proposal formThis document constitutes the template for the supplier’s tender proposal. Suppliers can choose to use this form or present the information in another way, however proposals much follow the same structure and headings. Additional headings to those listed below are allowed.Supplier detailsName of CompanyCompany registered address including postcodeLocal Office addressContact details: Please fill in the following details about the person in the supplier organisation who will be the main contact for the supplier application. Contact (Title/full name)Position/Job TitleAddress for correspondence including postcodeEmail addressContact Telephone numberHistory and financial stabilityNumber of years tradingLast 2 years financial accounts included?Further detailsPoliciesPlease provide details of your commitment to PSOW’s equalities duties (section 8 of the Invitation to Tender with reference to any internal Equality Policy or process).Please provide details of your arrangements for environmental sustainability (with reference to any internal Environmental / Sustainability Policy, Process or Statement)Please provide details of your corporate and public image and your understanding of the goodwill and public perception of such.GDPR: Please confirm your understanding of data controller / data processor responsibilities (please note that applications will only be considered upon the applicants’ full acceptance of the data processor responsibilities on behalf of PSOW)Customers and ReferencesPlease provide details of your customer base and provide examples of customers who you provide a similar service for.Please indicate three customer references that the PSOW may contact. These should have experience with your work in the areas you are offering for this invitation. Indicate the name of the organisation, briefly describe which services were provided and the name and contact details for each.Please provide details of how you manage each awarded contract, especially relating to continuity of account contact.ProposalPlease provide details of the skills and expertise available in relation to the services required.ResourcePlease provide details of the size of the supplier organisation and also the resources available to the supplier with respect to fulfilling this contract.Understanding of process/services being requestedPlease provide details of how the supplier company would provide the necessary services required. Cost – Please ensure all costs are quoted excluding VATPlease provide details of the charges that would be applicable for the successful completion of this contract (as listed in the contract requirement section of the tender document: Schedule 1)Please provide details of what would incur additional charges and the relevant fee rates that would apply (e.g. for change requests for project work / non-core services that would not be included in the annual charges for core maintenance and IT support provision)Example contractPlease attach an example of contract of service that the supplier proposes (including the service level KPI’s – please refer to schedule 3 for proposed requirements)The supplier is welcome to attach any further promotional material/presentations, but please note that the initial assessment will be based upon the completion of the above proposal.Attached: <please detail any attachments/enclosures>Signed………………………………………. Name……………………………Job Title………………………………………Date………………………………Schedule 5 - Data Protection QuestionnaireIntroductionThe PSOW is required under the General Data Protection Regulations and the Data Protection Act 2018 to ensure that existing and prospective contractors processing personal data and/or confidential information on behalf of the PSOW are doing so with an appropriate level of security and in accordance with statutory requirements. This questionnaire is to be completed by potential data processors at tender stage or by contractors that have access or are party to confidential information. Please complete and return this questionnaire, signed by an authorised representative for your petent and authorised staffWhat steps will you take to ensure that the people in your organisation understand the duty of confidence required when processing PSOW data? As part of your answer describe what information security and data protection training your staff are required to undertake and the frequency of this.What appropriate measures will you take to ensure the security of PSOW data and infrastructure?Describe what testing you will undertake to provide assurance of the effectiveness of security measures.How do you intend to assess, mitigate and keep under review threats and vulnerabilities to the PSOW data and network? How will you involve PSOW in this?Supply chainsWill you need to engage any third party organisations as part of this contract? For examples, systems, hardware or software suppliers.What controls will be required to ensure the security of the PSOW data and systems? Data subject information rightsDescribe any procedures you have for dealing with requests by individuals to be supplied with access to data held about them or for responding to other information rights e.g. restriction or erasure of processing.Do you have an Information Security Policy? (If yes, please provide a copy)What data protection impact assessments, if any, have you undertaken? Provide details, including whether any consultation was undertaken with another party.Do you have an information security incident management or data breach policy or procedure? If yes, please provide. Do you currently hold any information security certification? For example, ISO27001, Cyber Essentials or CISSP.What steps will you take at the end of the contract to ensure that PSOW data and personal data is returned to the PSOW or deleted unless the law requires its storage?Please confirm that you will only act upon PSOW’s instructions on the handling of our data (unless you are required by law to act otherwise)? Under Article 28, do you understand that you are required to make available to the PSOW all information necessary to demonstrate compliance with GDPR? This includes allowing and contributing to audits and inspections by the PSOW or another auditor PSOW instructs.Schedule 6 – Monthly report to PSOWMonthly report to PSOWThe IT support provider is required to monitor and compile the following data for each calendar month, and provide this information to PSOW in the form of a monthly report by 5pm on the 5th working day of each month:Core maintenanceUnplanned downtime (including explanation and future mitigation actions required)Planned downtime Changes to infrastructurePlanned future changesRecommendations to improves availability / efficiencyNon-Core Maintenance ServicesDetails of non-core maintenance actions2nd line support activity (including completed and outstanding issues)Number of tickets raisedNumber of tickets resolved and resolution timesOutstanding open tickets at month endKPI performance1st line support activity (including completed and outstanding issues)Number of tickets raisedNumber of tickets resolved and resolution timesOutstanding open tickets at month endKPI performanceBusiness continuity (including back-up reporting)Report on success or failure of back up schedulesData Access and SecurityFull Symantec virus definition report including analysis of required actionsPerformance against KPI’sCurrent standing of month and YTD KPI performance as per schedule 3Issues to note Comments on actions required for the upcoming month / upcoming next 6 months. (to include recommendations for future proofing / resilience planning) ................
................

In order to avoid copyright disputes, this page is only a partial summary.

Google Online Preview   Download