A state investment bank is procuring a managed security operations centre to meet new resilience rules, echoing a wider turn to outsourced SOCs across sectors.
Follow Tenderlake on LinkedIn for concise insights on public-sector tenders and emerging procurement signals.
The Investment Bank of the State of Brandenburg is procuring a managed security operations centre built on its existing detection platforms, aiming for continuous monitoring and compliance with the Digital Operation Resilience Act. The move sits within a broader shift across public bodies towards outsourced security operations, advanced threat hunting and stricter incident reporting.
On 21st January 2026, Investitionsbank des Landes Brandenburg published a contract notice for a Managed Security Operations Center. The bank is not buying a new technology stack from scratch; instead it wants services to operate a managed security operations centre on top of its existing XDR and SIEM technical platform.
According to the notice, the services include options for threat hunting and purple teaming and are designed to ensure continuous security monitoring and compliance with the Digital Operation Resilience Act (DORA). In other words, the project is about turning existing tools into an integrated, continuously run security function that can stand up to regulatory scrutiny.
Taken together, the bank is looking for:
Threat hunting generally involves proactively searching for potential threats that automated systems might miss, while purple teaming typically brings together offensive and defensive specialists to test and improve defences. Listing these as options suggests that, beyond baseline monitoring, the bank wants the ability to scale up more advanced, proactive security work as required.
The contract notice links the managed SOC explicitly to compliance with the Digital Operation Resilience Act. Its emphasis on continuous security monitoring and structured incident reporting sits alongside the expanding obligations introduced by the NIS 2 Directive.
Together, these frameworks increase expectations that regulated organisations can demonstrate they see what is happening across their systems, detect attacks quickly and handle them according to documented processes. Simply having security tools in place is no longer sufficient; buyers now need an operational capability that turns data from XDR and SIEM platforms into timely detection, investigation and reporting.
The Brandenburg procurement reflects this shift. It centres on ongoing monitoring, but it also builds in options for advanced techniques such as threat hunting and purple teaming, aimed at uncovering stealthy threats and testing defences in a structured way. That combination aligns day-to-day security operations with the language of resilience and oversight that runs through the new legislation.
Across different jurisdictions, recent procurement notices show a strong move towards managed SOC models in various parts of the public and quasi-public sector.
In December 2025, PARAGON ASRA HOUSING LIMITED signalled plans for Security Operations Centre Services, seeking a 24/7 security operations centre and managed detection and response service for continuous monitoring and remediation of security threats. In January 2026, UK Shared Business Services Ltd opened market engagement on a hybrid managed 24/7 SOC through its UKSBS Security Operations Center notice, aiming to enhance security monitoring and incident response for its NEO environments.
Over the same month, The Rehab Group issued a contract notice for Cybersecurity Services for Rehab Group, combining a fully managed security operations centre with wider cyber defence capabilities, 24/7 monitoring and compliance with relevant regulations. Also in January 2026, govdigital eG published a tender for Security Operations Center Services describing cooperative SOC services in both hybrid and managed models, focused on security monitoring, detection, containment and optional threat hunting and consulting to enhance cyber resilience for public administration and companies.
In November 2025, the European Investment Bank set out to establish an off-site SOC for continuous security monitoring and incident response through its IT Security Managed Services notice, intended to safeguard the EIB Group's IT infrastructure. The same month, SID - Slovenska izvozna in razvojna banka, d.d., Ljubljana published a contract for Security Operations Center Services covering SOC operations, SIEM software licences, cyber threat automation, threat hunting and training at the bank's location.
Other authorities and infrastructure operators are following similar paths. In November 2025, Grand Port Maritime Guadeloupe invited tenders for a Managed Security Operations Center to implement advanced tools for continuous security monitoring and incident response management. The same month, Region Dalarna published a contract notice for a Security Operations Center Service to provide a staffed SOC that monitors all endpoints continuously and preventively. In October 2025, Lietuvos Respublikos aplinkos ministerija launched a procurement for SOC Systems Configuration and Maintenance, implementing and maintaining recommended SOC tools for institutions under the ministry as part of a national SOC/CSIRT modular system.
Municipal and regional authorities are also moving in the same direction. The City Council of Granada is procuring Cybersecurity Operations Center Services through a 24x7 SOC focusing on prevention, detection and response, while the Government of La Rioja is creating a Cybersecurity Operations Center for La Rioja to enhance monitoring, detection, analysis and response to cyber threats.
Several other notices show how SOC projects are being tied to architecture refresh, integration work and external expertise. In August 2025, neu-itec GmbH issued a contract notice for a Security Operations Center Service that will be run by an external service provider on a 24/7 basis, with a risk-oriented approach to security monitoring and compliance with recognised standards to protect its IT infrastructure. BARMER, through its Managed Security Services procurement, links managed SOC functions with a modern security and network architecture that connects and monitors diverse systems and centres on centralised security event management. Law enforcement is also investing in this area: Kantonspolizei Bern plans to enhance its SOC by replacing and expanding services for endpoint detection and response, incident response, vulnerability management and SIEM, and by integrating new solutions and support from external partners, as set out in its Security Operations Center Support notice of November 2025.
Many buyers also connect SOC contracts with staff training and formal governance. Wojewódzki Szpital Zespolony im. L. Rydygiera w Toruniu is seeking Security Operations Center Services alongside delivery, implementation, configuration and maintenance of a monitoring system for teleinformation and network infrastructure and employee training. Zespół Zakładów Opieki Zdrowotnej w Ostrowie Wielkopolskim is procuring IT Security System Implementation that combines an IT security monitoring system, an information security management system, cybersecurity training and workshops, and a security audit. At Centrum Onkologii Ziemi Lubelskiej im. św. Jana z Dukli, a contract for Data Security Improvement for Medical Systems focuses on enhancing data security in medical systems through improved workstation and server protection and the establishment of a SOC service at the centre.
Against this backdrop, the Brandenburg bank's managed SOC procurement stands out for linking a managed service explicitly to the Digital Operation Resilience Act and for adding optional threat hunting and purple teaming to core monitoring on an existing XDR and SIEM platform.
Across these notices, managed SOCs are evolving from simple monitoring arrangements into hubs for continuous detection, incident response, training and testing. Frameworks such as the Digital Operation Resilience Act and the NIS 2 Directive are part of that story, pushing organisations to show not only that security tools exist, but that they are being used to manage cyber risks in real time.
For Investitionsbank des Landes Brandenburg, the crucial test will be how the chosen provider turns the existing XDR and SIEM platform into evidence of operational resilience, through continuous monitoring, documented incident handling and the optional, higher-end services of threat hunting and purple teaming. Similar buyers across these jurisdictions face comparable regulatory and operational expectations, and many are turning to managed SOC arrangements of their own.
Follow Tenderlake on LinkedIn for concise insights on public-sector tenders and emerging procurement signals.