As it delivers a significant agenda of refreshing its tech, the government agency responsible for checking the backgrounds of job applicants is seeking to identify a new specialist IT partner
The Disclosure and Barring Service is planning to put in place a new cybersecurity hub to help ensure new technologies implemented as part of a legacy upgrade are adequately protected.
The agency – which operates as a non-departmental body at arm’s length from the Home Office – has published a tender notice inviting bids from suppliers that could provide “a modern, CREST-accredited security operations centre (SOC) service to protect and monitor its next-generation estate”.
The commercial document indicates that the new cyber facility is needed to better safeguard new systems being put in place as part of a wider transformation programme.
“DBS is progressing a major transformation of its legacy IT estate, moving to modern, software-as-a-service-based applications”, the notice said. “The SOC will be implemented on the next generation estate only, there is no requirement for SOC services on the legacy estate which is mainly greenfield and as such there is no history of security logs, events or incidents for the applications in scope.”
The new IT architecture being deployed by DBS will incorporate technology from various vendors, encompassing “multiple SaaS-based services, a data integration platform, connection to third-party services… and potentially other IaaS/PaaS cloud-based services, for which the service shall be capable of onboarding and monitoring”.
However, “end point, network and other supporting services (email and productivity tools for example) are provided to the [DBS] and monitored by the Home Office and as such are out of scope of the SOC service”.
Related content
- DBS checks to become first service to move to new government-wide login
- Former McKinsey CIO Mike Wright joins DBS boardroom
- DBS staff set for more strikes in stand-off with IT outsourcer
In order to protect everything else, the agency is seeking to enter into contract with an expert supplier that can “design, build and maintain [a] SOC that is compliant with/aligned to the NCSC guide on building a SOC encompassing: the operating model; onboarding; detection; threat intelligence; and Security Incident response and management”.
Once it has been implemented, “the SOC must be available and operate 24 hours a day, seven days a week, at all times”, the notice says.
The document goes on to outline the importance of securing DBS’s systems and the services they support.
“DBS holds information that is highly sensitive and must not be subject to compromise,” it says. “It depends on real-time, accurate transactions, any compromise to the integrity of such data could lead to significant losses. DBS collects, stores and manages personal data – including sensitive personal data – and DBS services provide evidence to legal bodies that require full audit and visibility of data creation, manipulation and access as part of legislative and regulatory requirements.”
Bids for the SOC contract are open until 5pm on 4 February. DBS expects that, next summer, the chosen provider will be appointed to an engagement for an initial four-year term, which can be extended by a further 12 months – up to a potential end date of 2031. The deal is expected to be worth £11.2m.
The DBS carries out pre-employment background checks for citizens applying to work in regulated industries. The agency issues about four million certificates per year, providing details of things such as the recipient’s previous convictions and other interactions with the criminal justice system.
