The Financial Ombudsman Service intends to place a contract for the provision of a managed Security Operations Centre (SOC) service to provide the following:
1) Provision of a modern and fit-for-purpose SOC capability operating 24 hours a day, 7 days a week, 365 days a year (working in concert with the Financial Ombudsman Service's cyber security team);
2) Undertake standard security operations functions including:
a. Performing triage of security incidents, core security incident response, and escalation activities (we refer to these as level 1 and 2 activities);
b. Tuning/configuration of the Security Information & Event Management (SIEM) solution and associated Security Orchestration, Automation & Response (SOAR) capabilities;
c. Responding to threat intelligence and performing proactive threat hunting;
d. Management, investigation, and resolution of critical/major security incidents including digital forensics as required; and
e. Conducting process improvement activities to improve the effectiveness of the SOC.
3) Provision of cyber security resources on demand to augment the Financial Ombudsman Service's team on an ad-hoc basis. These resources maybe involved in project or business as usual activities.