The demand for cyber security products and services has significantly increased in recent years, and it is no different for public sector bodies. In the four years from 2018 to 2021, the number of tenders in cyber security increased 5-fold alone, and the value of these grew exponentially from €5m to €125m. Public procurement in cyber security provides a market for many companies to increase their sales and to win steady business.
Cyber Ireland representatives recently met with the Office of Government Procurement (OGP) to discuss both the opportunity and the challenges related to public procurement in industry. Following the meeting, we have collated OGPs feedback in a top tips guide for tendering.
OGP’s role is primarily focused on leveraging the State’s purchasing power to achieve cost savings while procuring goods and services. OGP provides expertise and advises public sector clients on tendering. The tenderee drives the technical requirements for cyber security tenders as they are not specified by OGP. They also work with the business community to promote procurement opportunities for SMEs.
A new eTenders platform will go-live in Q2 2023, where all existing organisations must register a new profile. The existing eTenders platform will continue for another 12 months (see the recent February 2023 update). Also keep an eye on their Twitter and LinkedIn pages for updates.
eTender Top Tips for Cyber Security
1. A Tender is Like the Leaving Certificate
A tender is just like the Leaving Certificate, answer the question you are asked! Give examples and be descriptive, one liners don’t score points. Pictures (screen grabs) speak a thousand words, so use them wisely.
2. You Must Give to Receive
OGP typically runs frameworks, and you can exert influence on a framework through the Request for Information (RFI) process, which occurs prior to the Request for Proposals (RFP) process.
As a community, we have an opportunity to influence the tendering process through RFIs, particularly with regard to challenges related to turnover and cyber insurance requirements. If we fail to respond to RFIs, it may reflect poorly on the cyber security community’s ability to effectively engage with this process and improve it. To improve the status quo, we must actively participate in responding to RFIs.
Please, please respond to RFIs and share your thoughts with the tenderering parties. Once a framework is established EU law prevents any organisations joining a framework mid contract.
3. The Quality of Tenders Must be Improved
During the discussions with OGP, it became apparent that there has been a decline in the quality of tender response documents. The old copy and paste tool is being used excessively without proper verification and editing. It is crucial to recognise that a tender response document should not solely rely on one person’s contribution. It requires a collaborative effort from a team, even if it’s only two people, to ensure that the final product is comprehensive, concise, and professionally presented.
4. Share Confidently
When asked for references, particularly cyber security ones, where it can be highly sensitive, share as much as possible. There is a confidentiality agreement in place for all tenders via eTenders and you can also highlight information not to be shared under Freedom of Information (FOI) requests…but please don’t highlight the whole tender content! This is not acceptable and can result in a tender being disqualified.
5. Raise Concerns
If you have concerns about a live tender, the Tender Advisory Board (TAS) run by OGP can be consulted with your concerns. This was specifically set-up to address the concerns of SMEs regarding perceived barriers in competing for tender opportunities. This is a service to be used, don’t be afraid if you have concerns. TAS is available at only one point in the open tendering process, which is after the clarification process has been utilised and not less than six days before the closing date for receipt of tenders.
6. Seek Feedback
If you fail in a tender (as we all do) read the feedback and act. You can seek clarity from OGP on any aspects of the feedback. Use this to make the next pitch the winning bid
This blog post was contributed by Colin Reid, Commercial Director, Threatscape.