This framework agreement is a service contract aimed at designating a service provider for the establishment of a structure for the prevention, detection, management, and coordination of cybersecurity incident response that may impact the IT services of the contracting authority (SOC service). The main functions of prevention, detection, and response to cybersecurity incidents within the SPW will include several distinct dimensions: • The execution of SOC functions related to SPW systems within the defined scope (covered systems); • Coordination with the SOCs of other operators working for the SPW. This may include but is not limited to: one or more operators hosting SPW assets in a 'Cloud' and/or one or more operators acting as security service providers (known in the cybersecurity sector as 'MSSP') and/or offering a SOC service function ('SOCaaS') for certain 'Cloud' services (e.g., 'SaaS'); • Interaction with other SOC-CERT-CSIRT centers (e.g., the federal CCB). The activities conducted by the SOC are as follows: - Assistance in identifying assets and mapping flows - Assistance in prioritizing assets to monitor - Supervision of the security of SPW Cloud assets - Prevention of security incidents: assistance in vulnerability management - Prevention of security incidents: cyber threat analysis - Detection and analysis of security incidents - Response to security incidents - Compliant collection and secure preservation of formal evidence - Analysis of the behavior of individuals and entities ('EUBA') - Analysis of stored data ('Security Data Lake Analysis') - Assistance in simulating a cybersecurity crisis

LOT-0001
1
2025-S2300042-003_2026M139.
This framework agreement is a service contract aimed at designating a service provider for the establishment of a structure for the prevention, detection, management, and coordination of cybersecurity incident response that may impact the IT services of the contracting authority (SOC service). The main functions of prevention, detection, and response to cybersecurity incidents within the SPW will include several distinct dimensions: • The execution of SOC functions related to SPW systems within the defined scope (covered systems); • Coordination with the SOCs of other operators working for the SPW. This may include but is not limited to: one or more operators hosting SPW assets in a 'Cloud' and/or one or more operators acting as security service providers (known in the cybersecurity sector as 'MSSP') and/or offering a SOC service function ('SOCaaS') for certain 'Cloud' services (e.g., 'SaaS'); • Interaction with other SOC-CERT-CSIRT centers (e.g., the federal CCB). The activities conducted by the SOC are as follows: - Assistance in identifying assets and mapping flows - Assistance in prioritizing assets to monitor - Supervision of the security of SPW Cloud assets - Prevention of security incidents: assistance in vulnerability management - Prevention of security incidents: cyber threat analysis - Detection and analysis of security incidents - Response to security incidents - Compliant collection and secure preservation of formal evidence - Analysis of the behavior of individuals and entities ('EUBA') - Analysis of stored data ('Security Data Lake Analysis') - Assistance in simulating a cybersecurity crisis