Long Term Agreement (LTA) for the provision of a Cybersecurity Operations Platform

New clarification added: Question: In relation to the third party products requested in the tender documents, bearing in mind that the bidders are not the manufacturers themselves and that they merely resell such products, please confirm that the said products and their delivery will be subject to availability and to the terms, conditions and warranties conveyed by each manufacturer and which will be attached to the bid for the express knowledge of UNOPS.UNOPS' reply: The Long-Term Agreement (LTA) resulting from this RFP will be established with the selected bidder according to the published evaluation criteria, irrespective of whether the bidder is the OEM or a partner. UNOPS cannot govern the relationship between the OEM and its partners, and both the OEM and Partners are required to align on these considerations to ensure that the bidder submitting a proposal to UNOPS is able to enter into a contract with UNOPS if their proposal is selected and respond satisfactorily to UNOPS requirements, terms and conditions.

New clarification added: Question: In order to size the logs being ingested to the SIEM, we need to know the estimated amount of logs coming from the Firewall and Network devices.UNOPS' reply: As indicated in the document "RFP_2025_58669 - LTA for Cybersecurity Operations Platform - Total Cost of Ownership (TCO)", please consider the following ingested logs volume for the SIEM:    - GCP IaaS: An average of 250 GB of logs ingested per day.    - 3,500 Endpoints: An average of 60 MB of logs ingested per day per endpoints.

New clarification added: Question: Since the clarification deadline has been extended, Would you consider to extend the deadline for submission accordingly or possible by 1 week?UNOPS' reply: Deadline has been extended by a week, until Sept 8th.

New amendment added #4: Amendment to:Extend the tender deadline by one week, to September 8th

New amendment added #3: Amendment to:Extend the tender deadline by one week, to September 8th

New clarification added: Question : Reference: In the file RFP_2025_58669 - LTA for Cybersecurity Operations Platform - Total Cost of Ownership (TCO) - Version 2.xlsx, Pane "TCO" , Section C. Operating and Maintanance, Line 12,  Annual License Renewal - Included in Acquisition (A)Will UNOPS please confirm, what is expected in this delivery?UNOPS' reply: This line is for bidders to fill the annual license renewal cost. Depending on the pricing model of the bidder, it might be thatthere is no annual license renewal cost, as you pay for the licenses only once when you acquire themit is the same as the initial acquisition cost (same annual license cost every year)it is a reduced license cost for renewalit might be that it is an increased license cost for renewal. Basically, after the initial acquisition, what is the annual cost to maintain the licenses. 

New clarification added: Question: Need to understand the network devices ingestion rate per day (Firewall and routers)UNOPS' reply: There is no question. Please rephrase so we understand what you are asking.

New clarification added: Please find UNOPS' replies below in Bold.Regarding Form G: Technical Proposal FormAccording to the instructions, we are required to submit the following:• Vendor Profile (Document name: 03-Vendor Profile – as per Form G instructions)• Executive Summary (Document name: 14-EXECUTIVE SUMMARY, max. 2 pages – as per Form G instructions)• Supplemental Information (optional) (Document name: 15-SUPPLEMENTAL INFORMATION – as per Form G instructions)We would like clarification on the following points:Mandatory DocumentWhat exactly are we expected to upload under Document name: 09-Form G: Technical Proposal Form? Should this be the completed Form G itself (in Word/PDF format), in addition to the separate Vendor Profile, Executive Summary, and Supplemental Information documents? Please fill in the sections highlighted in blue as per the instructions and submit Form G signed and stamped, with the required attachments (please upload each attachment in its specific location).Excel File RequirementWe understand that Document name: 13 – RFP/2025/58669 – LTA for Cybersecurity Operations Platform – Technical Requirements must be submitted in Excel format (with any supporting documents). Could you confirm that this is separate from Form G and its required components? Please look under the Document section in the tender in eSourcing, there are specific locations where to upload each document. There is a space where to upload Form G, and another space where to upload the document "RFP/2025/58669 – LTA for Cybersecurity Operations Platform – Technical Requirements" in Excel format. Each document has its distinct designated space for upload, so please make sure you upload each document in its corresponding space. For more details, please look at page 26 of the eSourcing user guide, chapter "4.3 Submit a response to a tender".Sub-contractors/SuppliersForm G requires us to outline any sub-contractors or suppliers. Where in the submission should this be uploaded? Should it be part of the Vendor Profile or included in Form G (Document 09)? In form G as indicated in the instructions on the form. Signature AuthorizationForm G also contains a section regarding authorization to sign the proposal. Where should this signed section be uploaded—within Document 09 – Form G: Technical Proposal Form or separately? Please do not modify the forms, complete them as per the instructions and upload them in their specific location on eSourcing. The section with the signature, as it is clearly mentioned on the document, is there to make sure that the person who signs the documents is authorized by the bidder's company to commit the bidder to the proposal. This means only a person legally authorized to sign for the company can sign the forms. 

New clarification added: Question: In Form E: Proposal Submission Form, the following clause appears:a.We have examined and have no reservations to the Bidding documents, including amendments No.: [Insert the number and issuing date of each amendment]What exactly should we enter under [Insert the number and issuing date of each amendment]?UNOPS' reply: Exactly as mentioned in the instructions between brackets "[Insert the number and issuing date of each amendment]", you should insert the number and issuing date of each amendment to the tender, to confirm your agreement to the tender terms including all its amendments.

New clarification added: Please note the amendment that has been issued.

New clarification added: Question: On August 25th 2025 in one answer about the form RFP_2025_58669 - LTA for Cybersecurity Operations Platform - Financial Proposal you stated that: "We will issue an amendment to correct the financial form to let you specify the day rate based on volume brackets"  As of today we cannot find any new/updated form for this document under tender documents section, currently there is still just the same initial financial form. do you provide updated form? UNOPS's reply: The amendment has been uploaded on eSourcing, you should have received an automatic notification if you expressed interest in the tender. The updated documents can be found under the Documents section of the tender in eSourcing. 

New amendment added #2: Amendment to clarify:Volume brackets for consultancy rates in the RFP_2025_58669 - LTA for Cybersecurity Operations Platform - Financial Proposal document, tab Financial Proposal, cells G21, H21, I21.EDR scope in the RFP_2025_58669 - LTA for Cybersecurity Operations Platform - Total Cost of Ownership (TCO) document, tab TCO, cell D6.Extension of the deadline for clarifications by 2 days.All changes appear in red.

New clarification added: Question:"The proposed platform must be cloud-native and capable of being hosted on the organization’s preferred cloud service provider". Because our solution of central management and is based on AWS and can not be hosted in any private cloud. 1. Question: Is it  acceptable that to have in public cloud of AWS?2. Question: Siem solution does it need to be in cloud or it can be on premise?UNOPS's reply: 1) Please note that UNOPS’ preferred hosting is SaaS, in addition to the option of hosting through our own cloud solution to meet any future requirements. If hosting in the public AWS Cloud would be considered a SaaS model, then it would be fine.2) The SIEM solution needs to be cloud-native and capable of being hosted on UNOPS's preferred cloud service provider. 

New clarification added: Question: What is the preferred deployment option:1. Product should be deployed to UNOPS' own Google Cloud as a self-managed solution2. UNOPS expects it as a managed solution deployed to the vendor Google CloudThe question is related to the fact that pricing models might be different for different options, so we want to make sure we have a common understanding, regardless of the fact that the vendor offers one, another, or both options. Clarifying this also assures that vendors are making offers to a similar deployment setup, making the price evaluation more comparable.  Otherwise UNOPS might end up having prices on the evaluation form from one vendor as onprem self managed and from another vendor as managed offers, that might not be comparable).UNOPS' reply: The preferred hosting model for UNOPS is SaaS, and all costing must therefore be prepared for a SaaS deployment.The other hosting and deployment models listed under the sheet "1. General Platform Attributes" in the RFP_2025_58669 - LTA for Cybersecurity Operations Platform - Technical Requirements - Version 2 document are not costed but are included to assess whether the proposed platform is technically capable of supporting these models, should UNOPS require them in the future.

New clarification added: Please find below UNOPS' replies in Bold.In reference to the following dokument: RFP_2025_58669 - LTA for a Cybersecurity Operations Platform - Sections I II III IV and V, Section III page 16, Qualification Criteria. Financial capability. Liquidity: the ratio Current assets / Current liabilities over each of the last 3 years must be equal or greater than 1. Offerors must include in their Proposal audited financial statements for the last three years. Question: Is each company involved in a joint venture, or acting as a subcontractor or product vendor, also required to submit audited financial statements and maintain a liquidity ratio greater than one? All Joint Venture members are required to submit their audited financial statements. Financial statements of sub-contractors are not required. Regarding the rules for Joint Ventures, please refer to the Particulars section under Tender Information on eSourcing, section "Additional information", "In case of Joint Venture,all joint venture members combined must meet the qualification and technical criteria. Each joint venture partner individually must meet the eligibility criteria. "  The UN stated during the pre-bid meeting and in the UNOPS eSourcing 'Revisions and Clarifications' section that bidders may submit proposals with two separate products (rather than a single platform), despite the RFP materials stating that the UN is seeking a single platform with the specified capabilities (Ref: Page 19, Section 2 – Objectives). Please refer to the tender amendment issued on August 18th 2025 which updates the document "RFP_2025_58669 - LTA for a Cybersecurity Operations Platform - Sections I, II, III, IV and V" with a  "Version 2".  If you look at page 19, section 2 - Objectives, the mention "single" has now been removed. Please make sure you are looking always at the latest version of the tender documents. 

New clarification added: Question: Would the UN consider changing the liquidity ratio from 1.00 to 0.90?UNOPS' reply: Unfortunately, this is not possible. 

New clarification added: Question: 1.3 Deployment Model SupportSupport for various deployment models is required.Question: How many certified cybersecurity staff do you currently have at each of your minimum two sites?UNOPS' reply: The UNOPS Cybersecurity team is centralized at HQ in Copenhagen, Denmark, and currently consists of four (4) senior experienced members. While IT Support staff are present at each of our 80+ locations, they cannot be considered certified cybersecurity professionals.The immediate requirement for UNOPS is a centralized, single-tenant, single-site deployment in a SaaS model. Therefore, all cost estimates must be prepared based on a SaaS deployment, taking into account that the Cybersecurity team is centralized at HQ.The other hosting and deployment models listed under the sheet "1. General Platform Attributes" in the RFP_2025_58669 - LTA for Cybersecurity Operations Platform - Technical Requirements document are not costed but are included to assess whether the proposed platform is technically capable of supporting these models, should UNOPS require them in the future.

New clarification added: Question: "2.4 Use Case Alignment and Continuous Value Delivery", What does this term specifically mean in your context?UNOPS' reply: Use Case Alignment and Continuous Value Delivery" refers to a strategic approach where the development and deployment of a Cybersecurity Operations Platform are directly tied to solving specific, high-impact business problems (use cases) and ensuring that the system consistently provides tangible benefits over time.

New clarification added: Please find UNOPS' replies below in Bold.4. Consultancy and Advisory ServicesGeneral RequirementProvide sample CVs or profile summaries of proposed technical consultantsQuestions:Are you expecting a hybrid operation with vendor support transitioning to UNOPS staff? No, the implementation will be led by the UNOPS team, the vendor support is limited to advisory services.Do you want all staff trained and certified before rollout begins? The cybersecurity team (4 people) should be trained and have access to resources and support to immediately start operation before roll-out. Certification can be finalized a little later after the roll-out.Is an org chart with skills per role acceptable? No, please provide sample CVs or profile summaries for the proposed technical consultants as required.Would you like to see a vendor-supported SOC onboarding phase, transitioning to self-managed over 1–2 years? No, implementation will be managed by UNOPS, with advisory support from the vendor.

New clarification added: Question: Could you kindly confirm the appropriate location or format for specifying implementation charges in the pricing schedule, to ensure alignment with UNOPS’ expectations?UNOPS' reply: Section B "Implementation & Integration" of the RFP/2025/58669 - LTA for Cybersecurity Operations Platform - Total Cost of Ownership (TCO).

New clarification added: Question: Could you kindly confirm whether UNOPS expects the SIEM to ingest only security logs, or if telemetry data is also required as part of the ingestion scope?UNOPS' reply: UNOPS expects the SIEM to ingest security logs and telemetry data.

New clarification added: Question: As this RFP is for a multi-year LTA, could you provide an estimated annual growth rate for endpoints (both workstations and servers) and data ingestion volume over the next 3 to 5 years? This will allow us to propose a commercially predictable model that scales with your needs.UNOPS' reply: For the purpose of this RFP, please consider a 5% annual growth rate for endpoints and data ingestion over the next 3 to 5 years.

New clarification added: Question: Regarding the license brackets for smaller quantities, is our understanding correct that the main purpose is to establish a clear, predictable price for any new users or servers you might add during the contract term?UNOPS' reply: UNOPS is a project based agency with no core funding. This means that the size of the organization and its needs are directly correlated to the volume of projects UNOPS is engaged to implement. From one year to the next, this may vary. UNOPS is asking for different quantities brackets to be able to cater to any change in the international context and therefore UNOPS size and needs.

New clarification added: Question: Which all languages Tech Support is expected?UNOPS' reply: Customer support is required in English.

New clarification added: Question: Does the RFP scope includes Security Incident Monitoring and Triaging?UNOPS' reply: No, security incident monitoring and triage are not in scope.

New clarification added: Question: Which countries the solution needs to be deployed. As UN operations are in more than 80 countries (as mentioned in the document)? This will help us hosting the solution in specific countries to meet data resdiency requirements and also may impact pricing. UNOPS' reply: The solution will be managed by the centralized UNOPS Cybersecurity Team based in Copenhagen, Denmark. Our Google Cloud Platform (GCP) hosts the majority of our IT systems in the EU-West region.

New clarification added: Please find UNOPS' replies in Bold below. In the document: RFP_2025_58669 - LTA for Cybersecurity Operations Platform - Financial Proposal, Financial Proposal tab. Section 5, consultancy and advisory services.  1. Do we understand correctly that you are asking a daily rate for each specialist type? Yes, we asking for a day rate for each specialist type. 2. What is the purpose of asking the daily rate for the 1-year model, 3-year model, and 5-year model, as the estimated amount of potential consultancy effort has not been defined anywhere, or we misunderstood something? Logic states that for different periods, the model price could be different only if the estimated consultancy amounts needed are defined. Example: if you plan to buy 1 day of consultancy each year, then the price per day is the same everywhere, but if you estimate that you would buy example, 80 days of consultancy per year, then volume comes into play, and in such cases, the daily unit pricing for a longer contract could be cheaper? Please provide only the day rates. We will issue an amendment to correct the financial form to let you specify the day rate based on volume brackets. 3. Is there some estimated yearly consultancy effort available from your side or you expect the vendor to define itself the estimated yearly effort and, based on that effort, define the daily rate itself? In the financial form, we expect the bidders to provide only the day rate. In the TCO form, we expect the vendor to define the estimated effort based on their experience, the terms of reference and the technical requirements. 4. As the detailed scope of work is not defined, it is fairly difficult to estimate the total effort of consultancy work for the whole contract period, so what is UNOPS' expectation on this? In the financial form, we expect the bidders to provide only the day rate. We will issue an amendment to correct the financial form to let you specify the day rate based on volume brackets. In the TCO form, we expect the vendor to define the estimated effort based on their experience, the terms of reference and the technical requirements. You have the possibility in the comment section of the TCO form to detail your assumptions and your calculations, so that we can understand how you estimated the level of effort.

New clarification added: Question: Regarding requirements 1.2 and 2.5 of section '2. Endpoint Detection and Response', we would like to confirm whether an international EDR provider, widely recognized in the market and recommended in other forums, but not listed in 'AV-TEST' or 'AV-Comparatives', could still be considered and evaluated with the highest score for these requirements.UNOPS' reply: Please submit your response in the Technical Requirements sheet, using the provided sections: Vendor's Response, Vendor's Comment or Justification, and Supporting Document.For now, we will only provide clarifications on any unclear, incorrect, or missing information in our Terms of Reference to support bidders in submitting their best proposals. We cannot through clarifications evaluate the bidder's proposed solutions. Please propose your solution and it will be evaluated against the tender criteria.

New clarification added: Please find below UNOPS' replies in Bold. 1. We understand you are looking to replace your current EDR and SIEMvendors. To help us propose the most impactful solution, could you share theprimary business drivers behind this change? Are you facing challenges withhigh costs, performance issues, or the operational burden of managing twoseparate tools?UNOPS is conducting this RFP from a general industry best-practice standpoint, where technology solutions should be benchmarked at least once every 3, 4, or 5 years. Considering how mature, dynamic, and fast-growing the Cybersecurity Operations Platform industry is, it is important for the organization to carry out such due diligence to maximize the benefits of what the market has to offer in alignment with its long-term strategic goals.2. When you are evaluating proposals from different vendors, how will you scoreand compare a single, integrated platform against a proposal thatmight bundle two separate products for EDR and SIEM?The offers will be evaluated against the stated evaluation criteria of this tender.5. Regarding your request for the two different pricing models—Pay-As-You-Govs. a Committed Subscription—what is the primary goal UNOPS are trying toachieve by exploring both options? Are you dealing with a highly fluctuatingbusiness environment, or is this more to compare flexibility against budgetpredictability?Both options are included to cater to the two major pricing models on the market, allowing bidders to submit proposals according to their model. As clarified earlier, if a bidder supports both models, please provide both.6. Regards the TCO analysis. It shows UNOPS are looking beyond the sticker price.What are some of the youre hidden perational costs with your current setup thatyou are hoping to eliminate with a new solution?UNOPS is conducting this RFP from a general industry best-practice standpoint, where technology solutions should be benchmarked at least once every 3, 4, or 5 years. Considering how mature, dynamic, and fast-growing the Cybersecurity Operations Platform industry is, it is important for the organization to carry out such due diligence to maximize the benefits of what the market has to offer in alignment with its long-term strategic goals.7. We understand UNOPS are evaluating new solutions. To help us build the bestpossible commercial model, could you share some of your experiences withyour current vendors; billing and licensing? For example, is your current modelproviding you with predictable, easy-to-budget costs year-over-year, or areyou facing challenges with things like surprise true-up; bills or unpredictabledata overage charges?UNOPS is conducting this RFP from a general industry best-practice standpoint, where technology solutions should be benchmarked at least once every 3, 4, or 5 years. Considering how mature, dynamic, and fast-growing the Cybersecurity Operations Platform industry is, it is important for the organization to carry out such due diligence to maximize the benefits of what the market has to offer in alignment with its long-term strategic goals.

New clarification added: Please find UNOPS' replies in Bold below.1    Please confirm whether UNOPS currently operates an existing SIEM and/or EDR solution that will require migration of configurations, data, or historical logs to the new platform, or it is a greenfield implementation?Yes, UNOPS currently operates an existing SIEM and a very limited number of EDR licenses. The level of support expected from the vendor to facilitate the migration is advisory only; the hands-on implementation will be carried out by the internal UNOPS team (Cybersecurity + IT Infrastructure and Operations).2    Please advise if UNOPS has a preferred or mandated SIEM vendor/technology, or if respondents are free to propose any platform that meets the stated requirements.The offers will be evaluated against the stated evaluation criteria of this tender.3    Could you kindly clarify the required duration of log retention for the SIEM platform? Additionally, please specify if there are distinct requirements for hot/warm storage versus cold/archival storage.In the document RFP_2025_58669 - LTA for a Cybersecurity Operations Platform - Sections I, II, III, IV, and V, under Form F: Financial Proposal, the following guidance is provided regarding data retention and tiering, which should help clarify this question: "For the SIEM, consider one (1) year of data retention, following the supplier’s recommended best practices for availability zones and data tiering, where applicable."5    Please advise if UNOPS expects the deployment and implementation activities to be carried out on-site at designated UNOPS premises, or whether delivery from offshore/remote locations would also be acceptable.Delivery from offshore/remote is preferred.6    "In the document RFP_2025_58669 - LTA for Cybersecurity Operations Platform - Total Cost of Ownership (TCO). The line item for “EDR – Licenses for Servers, Qty 350” appears to be omitted. Kindly confirm our understanding that the required scope covers only 3,500 endpoints and not 350 servers for EDR implementation."The scope includes both 3,500 laptops and workstations and 350 servers, as listed in the Scope section of the “1. General Platform Attributes” sheet in the RFP_2025_58669 - LTA for Cybersecurity Operations Platform - Technical Requirements document. We will amend the TCO file to reflect this.7    "As per the RFP, we calculate the SIEM ingestion requirements as:- GCP IaaS logs: 250 GB/day- Endpoint logs: 60 MB/day × 3,500 = ~205 GB/dayTotaling  ~455 GB/day. Kindly confirm if this aligns with UNOPS expectations or if a different volume estimate should be used for sizing and cost modeling."Confirmed, this calculation is correct.8    Could you kindly confirm whether UNOPS’ current Microsoft license agreement is based on Microsoft 365 E3 or Microsoft 365 E5 (or an alternate licensing model)?UNOPS does not use Microsoft 365; instead, we use Google Workspace, which includes Gmail, Google Drive, Google Meet, Google Chat, Google Calendar, Google Docs, Google Sheets, and Google Slides.9    "In the document RFP_2025_58669 - LTA for Cybersecurity Operations Platform - Total Cost of Ownership (TCO)Could you kindly provide further clarity on Option 1 – Usage-based pricing model and Option 2 – Commit-based pricing model, specifically with respect to the expectations from respondents and the details that should be reflected under each model?"Both options are included to cater to the two major pricing models on the market, allowing bidders to submit proposals according to their model. As clarified during the prebid meeting, if a bidder supports both models, we ask that bidders provide both in the form.10    As per the RFP, technical support must include 24/7/365 availability and support via phone and web, among other requirements. Could you kindly clarify whether UNOPS expects such support services (e.g., break/fix, troubleshooting, upgrades, and related activities) to be delivered directly by the platform’s Original Equipment Manufacturer (OEM), or whether it would be acceptable for these services to be provided through an authorized partner/reseller?Either option, or both, is acceptable.12   Could you kindly clarify if there are any limitations or preferences regarding the selection of the underlying Cloud Service Provider (CSP)? For example, would a Microsoft-based solution be acceptable under this RFP?The preferred hosting model for UNOPS is SaaS, and all costing must therefore be prepared for a SaaS deployment.The other hosting and deployment models listed under the sheet "1. General Platform Attributes" in the RFP_2025_58669 - LTA for Cybersecurity Operations Platform - Technical Requirements document are not costed but are included to assess whether the proposed platform is technically capable of supporting these models, should UNOPS require them in the future. 

New clarification added: Please find below UNOPS' replies in Bold.3. Professional Training and Enablement3.2 Cybersecurity Analysts and CSOC TeamsQuestions:How many users and where are they located?Do they require entry-level training (Cyber Awareness, GDPR/Data Protection, Anti-Phishing)?What certifications do current Analysts and SOC team members hold?What is the expected total number of training days across all locations?Will you use one global standard (e.g., ISC2, COMPTIA, CREST, EC Council)?Can multiple online training providers be used for different certifications?What training vendors and certifications are acceptable?How many exam attempts should be included, and for how many individuals?This Training and Enablement section covers only training and certification for the proposed Cybersecurity Operations Platform.Please indicate in your response what training and certifications you offer for the proposed Cybersecurity Operations Platform in the Technical Requirements sheet, using the provided sections: Vendor's Response, Vendor's Comment or Justification, and Supporting Document.3.3 Administrators and System IntegratorsQuestions:What certifications do current team members hold?What is the expected total number of training days across all locations?How many exam attempts should be included, and for how many individuals?This Training and Enablement section covers only training and certification for the proposed Cybersecurity Operations Platform.Please indicate in your response what training and certifications you offer for the proposed Cybersecurity Operations Platform in the Technical Requirements sheet, using the provided sections: Vendor's Response, Vendor's Comment or Justification, and Supporting Document. 3.5 Instructor-Led Virtual or In-Person TrainingQuestions:Where should in-person training be conducted?How many students and locations?Will you use one global standard (e.g., ISC2, COMPTIA, CREST, EC Council)?What training vendors and certifications are acceptable?For non-certification courses, do you require certificates of attendance?This Training and Enablement section covers only training and certification for the proposed Cybersecurity Operations Platform. The UNOPS Cybersecurity Team is located in Copenhagen, Denmark. The preferred delivery method for the initial training is remote, and for the annual ongoing trainings is self-paced through an online portal. However, bidders are required to confirm all available training delivery methods in Section 3 of the sheet “4. Technical Support & CSM” in the RFP_2025_58669 - LTA for Cybersecurity Operations Platform - Technical Requirements - Version 2 document.In the RFP_2025_58669 - LTA for Cybersecurity Operations Platform - Total Cost of Ownership (TCO) document, it is suggested to price for:1) Initial training for the Cybersecurity Team of four, and2) Annual budget for advanced certifications and training per analyst per year.Please indicate in your response what training and certifications you offer for the proposed Cybersecurity Operations Platform in the Technical Requirements sheet, using the provided sections: Vendor's Response, Vendor's Comment or Justification, and Supporting Document.3.6 Self-Paced E-Learning Modules or Video LibrariesQuestions:Who will monitor student progress against the training plan?Will this be managed by our Customer Success Manager or a UNOPS Online Training Manager?This Training and Enablement section covers only training and certification for the proposed Cybersecurity Operations Platform.Please indicate in your response what training and certifications you offer for the proposed Cybersecurity Operations Platform in the Technical Requirements sheet, using the provided sections: Vendor's Response, Vendor's Comment or Justification, and Supporting Document.3.8 Language Options and LocalizationQuestion: What languages are required? Note: English is the default for cybersecurity documentation, alerting, and reporting.This Training and Enablement section covers only training and certification for the proposed Cybersecurity Operations Platform.Please indicate in your response what training and certifications you offer and in which languages you offer them for the proposed Cybersecurity Operations Platform in the Technical Requirements sheet, using the provided sections: Vendor's Response, Vendor's Comment or Justification, and Supporting Document.4.1 Proactive Consulting ServicesQuestions:Where are the consultants located?How many decision-makers are involved?We don’t quite understand this question. Could you please rephrase and resubmit it?5. Knowledge Resources and Community5.2 Subscription to AlertsRequirement: Subscription to updates on product changes, vulnerabilities, and threat intelligenceQuestion: Do you currently subscribe to any paid services? If so, which ones?This Knowledge Resources and Community section covers only the proposed Cybersecurity Operations Platform.Please submit your response indicating what knowledge resources and community you offer for the proposed Cybersecurity Operations Platform in the Technical Requirements sheet, using the provided sections: Vendor's Response, Vendor's Comment or Justification, and Supporting Document.

New clarification added: Question: Could you please confirm that the renewal option requires mutual agreement from both parties?Thank you,UNOPS' reply: The LTA will be issued for three (3) years. An extension for an additional period of up to two (2) years (1+ 1) may be granted subject to satisfactory supplier performance, the continued requirement of the services, reasonability of price and other factors determined by the UNOPS Procurement Authority. The extensions require mutual agreement from both parties. 

New clarification added: Please find below UNOPS' replies in Bold.Tab 3 - SIEM Requirements and Clarifications1. Data Collection and Integration1.1.2 Out-of-the-Box ConnectorsRequirement: Support for major enterprise platforms and security tools.Question: What or who do you consider to be "major" platforms/tools?Considering the UNOPS scope provided in Section 3 of the “1. General Platform Attributes” sheet in the RFP_2025_58669 - LTA for Cybersecurity Operations Platform - Technical Requirements document, major platform and security tools can be considered as:Cloud (IaaS): GCP, AWS, AzureCollaboration: Google WorkspaceNetwork Devices: Cisco Edge Firewall and RoutersWe also kindly request that you provide a full overview of all out-of-the-box connectors available for the proposed SIEM solution.1.1.3 Agent-Based and Agentless CollectionRequirement: Support both agent-based and agentless data collection.Clarification: Agent-based for Windows; agentless for switches.It is not clear what the question is. Please rephrase and resubmit the question.2. Log Management and Storage2.1 Lifecycle SupportRequirement: Vendor must describe how log management capabilities are implemented, supported, and maintained.2.1.1 Long-Term Log StorageRequirement: Configurable retention policies.Question: You have stated expected daily log volume, but what is the required retention period?In the document RFP_2025_58669 - LTA for a Cybersecurity Operations Platform - Sections I, II, III, IV, and V , under Form F: Financial Proposal, the following guidance is provided regarding data retention and tiering, which should help clarify this question:"For the SIEM, consider one (1) year of data retention, following the supplier’s recommended best practices for availability zones and data tiering, where applicable."2.1.3 Storage TieringRequirement: Optimize performance vs. cost using tiered storage.Clarification: Default retention is 7 days at core; older logs are moved to a slower/cheaper archive.Question: What is your desired retention period?Please refer to our previous answer.4. Integrated Case Management4.1 Case Creation and AutomationRequirement: Support automated and manual case creation with customizable fields.4.1.3 Manual Case CreationAnalysts should be able to manually create cases with customizable fields.Question: What types of fields are needed, and what is the expected data size for each?Please submit your response in the Technical Requirements sheet, using the provided sections: Vendor's Response, Vendor's Comment or Justification, and Supporting Document.For now, we will only provide clarifications on any unclear, incorrect, or missing information in our Terms of Reference to support bidders in submitting their best proposals. We cannot through clarifications evaluate the bidder's proposed solutions. Please propose your solution and it will be evaluated against the tender criteria.4.1.4 Automatic Case AssignmentAllow configuration based on severity, asset type, region, etc.Clarification: Should the x.y header reflect the lowest subordinate value?It is not clear what the question is. Please rephrase and resubmit the question.5. Search and Investigation Tools5.1.1 High-Speed Indexed SearchRequirement: Search across all ingested data.Question: How do you define "high-speed"?Clarification: Default is 7 days of detailed logs and open tickets retained at SOC; older data moved to slower storage to reduce costs.In the document RFP_2025_58669 - LTA for a Cybersecurity Operations Platform - Sections I, II, III, IV, and V , under Form F: Financial Proposal, the following guidance is provided regarding data retention and tiering, which should help clarify this question:"For the SIEM, consider one (1) year of data retention, following the supplier’s recommended best practices for availability zones and data tiering, where applicable." Tab 4 - Technical Support and Customer Success Management Requirements and Clarifications1. Technical Support and SLAs1.1 Support Availability and SLA RequirementsMinimum support requirements:24/7/365 availabilitySupport via phone and webResponse times:Critical/Urgent: 30 minutesHigh: 4 hoursNormal: 1 business dayClarifications:English is the primary support language SLA responses are based on asset criticality and ticket impact level1.5 Multi-Channel Support AvailabilityRequirement: Support via multiple channels (e.g., web portal, phone, email, etc.)Clarification: Define "etc." — acceptable channels include Web Portal, Email, and Phone for registered users. Viber and WhatsApp are discouraged due to lack of end-to-end encryption.Please submit your response in the Technical Requirements sheet, using the provided sections: Vendor's Response, Vendor's Comment or Justification, and Supporting Document.For now, we will only provide clarifications on any unclear, incorrect, or missing information in our Terms of Reference to support bidders in submitting their best proposals. We cannot through clarifications evaluate the bidder's proposed solutions. Please propose your solution and it will be evaluated against the tender criteria.1.6 Regional and Language-Specific SupportRequirement: Support tailored to specific regions and languagesQuestion: What regions and languages are expected? Refer to comment in cell C7 of 1.1.Technical support is required in English per requirement 1.1.Requirement 1.6. Regional and language-specific support capabilities" will be deleted from the sheet “4. Technical Support & CSM” in the RFP_2025_58669 - LTA for Cybersecurity Operations Platform - Technical Requirements document.2. Customer Success Management2.2 Onboarding and Implementation PlanningRequirement: Support for onboarding and rollout planningQuestions:Where will internal UNOPS coordination staff be located?What is the proposed rollout schedule?The UNOPS Cybersecurity Team is located in Copenhagen, Denmark. Customer Success Management is generally part of the technical support offering, aimed at building a strategic, long-term value delivery partnership, in addition to the operational, day-to-day “break and fix” support.Please submit your response with your specific CSM offering for the proposed Cybersecurity Operations Platform in the Technical Requirements sheet, using the provided sections: Vendor's Response, Vendor's Comment or Justification, and Supporting Document.2.4 Use Case Alignment and Continuous Value DeliveryQuestion: What does this term specifically mean in your context?We are not sure what you mean. Could you please rephrase the question and resubmit?

New clarification added: Please find UNOPS' replies below in Bold.Cybersecurity Operations Platform Scope:3.1.8 Mobile DevicesTotal count of mobile devices (iOS, Android): 200Note: ChromeOS is not available, which conflicts with item 3.2.3.1.Chrome OS is assumed to be limited to Chromebooks and therefore falls outside the mobile devices category. In Section 3.2.3.1, please confirm whether Chrome OS on Chromebooks is supported, and kindly include any relevant comments.3.2.3.1 ChromeOS DevicesChromeOS versions: 126, 132, 134Note: This conflicts with item 3.1.8.Chrome OS is assumed to be limited to Chromebooks and therefore falls outside the mobile devices category. In Section 3.2.3.1, please confirm whether Chrome OS on Chromebooks is supported, and kindly include any relevant comments.3.2.4 Linux DistributionsQuestion: What is the oldest version of each Linux distribution in use? This is needed to make a definitive statement similar to 3.1.2 for Windows Server.In Section 3.2.4, we kindly request that you:1) Confirm whether Ubuntu as distribution is supported (Yes/No). If yes, please specify which versions are supported.2) Provide, in the comment column, the full list of all Linux distributions and associated versions supported by the proposed Cybersecurity Operations Platform.This information will be sufficient and helpful for UNOPS to evaluate the response.Certifications and Compliance6.1 Industry CertificationsThe platform must comply with at least one of the following:ISO/IEC 27001SOC 2 Type IICSA STAR Certification (Level 1 or 2)Clarification: The vendor and applications meet ISO requirements. The selected data center provider must demonstrate SOC 2 and CSA STAR certifications.It is not clear what the question is. Please rephrase and resubmit the question. Tab 2 - Endpoint Detection and Response (EDR) Requirements and Clarifications1. General Criteria for EDR1.2 Minimal or No False Positives During Blocking OperationsThe solution must:Demonstrate low false-positive rates validated by independent third-party testing (e.g., AV-TEST, AV-Comparatives)Provide preconfigured allow lists/templates for common OS, enterprise apps, and baseline configurationsSupport behavioral engine tuning via learning mode and safe testing through “log-only” or non-blocking modeQuestions/Clarifications:Is PASSMARK an acceptable benchmark?Attach image from Daniel showing performance vs competitorsLink to latest independent evaluation showing top rankingNote: ESET lacks SIEM and AI capabilitiesAV-TEST and AV-Comparatives are provided as examples only. Please provide details of all independent third-party testing and benchmarking in which your solution has participated. Kindly note that this requirement applies specifically to the EDR capability.1.11 Language Support in Agent UIMust support: English, French, SpanishNote: Contradiction with comment in TS & CSM sheet, cell C6Requirement 1.11 concerns language support for the EDR agent user interface (UI) on end-user devices, specifically for pop-up messages that require user action or provide information.The technical support language requirement refers to the language UNOPS engineers will use to interact with the vendor (e.g., via email, raising support cases, or speaking with the support team) when an issue arises or a feature is not functioning correctly.2. Pre-Execution Protection2.7 Static File Analysis Using Machine LearningMust include ML-based predictive engine running on the endpointClarification: Is the ML model fused with cloud-based LLM for endpoint protection? The ML itself does not run locally?Please submit your response in the Technical Requirements sheet, using the provided sections: Vendor's Response, Vendor's Comment or Justification, and Supporting Document.For now, we will only provide clarifications on any unclear, incorrect, or missing information in our Terms of Reference to support bidders in submitting their best proposals. We cannot through clarifications evaluate the bidder's proposed solutions. Please propose your solution and it will be evaluated against the tender criteria.4. Remediation and Data Handling4.14 Remediation and RollbackMust support:Kill processRestore to pre-infection stateBlock list file hashDelete/quarantine fileDeprivilege userRoll back registryClarifications:EPDR can roll back registry changes, but what if infection predates platform deployment?Can Microsoft Shadow Copy be used?Deprivileging user is an AD-level action, not endpoint-specificPlease submit your response in the Technical Requirements sheet, using the provided sections: Vendor's Response, Vendor's Comment or Justification, and Supporting Document.For now, we will only provide clarifications on any unclear, incorrect, or missing information in our Terms of Reference to support bidders in submitting their best proposals. We cannot through clarifications evaluate the bidder's proposed solutions. Please propose your solution and it will be evaluated against the tender criteria.4.16 Export of Full-Detail Activity DataMust support export of full EDR agent activity logsClarification: Export via SIEM feeder API; need to know desired log formatsThe log formats for exporting EDR activity records to the SIEM can be assumed to be those deemed most suitable and recommended by the provider for the proposed SIEM solution.

New clarification added: Please find below UNOPS' replies in Bold.Platform Requirements and ClarificationsTab 1 - Architecture and Deployment:1.2 Cloud-Native HostingThe proposed platform must be cloud-native and capable of being hosted on the organization’s preferred cloud service provider.Question: Do you have a preference for which GCP, AWS, or Azure zones the primary and backup should be located in, considering pricing differences? The preferred hosting model for UNOPS is SaaS, and all costing must therefore be prepared for a SaaS deployment.The other hosting and deployment models listed under the sheet "1. General Platform Attributes" in the RFP_2025_58669 - LTA for Cybersecurity Operations Platform - Technical Requirements - Version 2 document are not costed but are included to assess whether the proposed platform is technically capable of supporting these models, should UNOPS require them in the future.1.3 Deployment Model SupportSupport for various deployment models is required.Question: How many certified cybersecurity staff do you currently have at each of your minimum two sites?The preferred hosting model for UNOPS is SaaS, and all costing must therefore be prepared for a SaaS deployment.The other hosting and deployment models listed under the sheet "1. General Platform Attributes" in the RFP_2025_58669 - LTA for Cybersecurity Operations Platform - Technical Requirements - Version 2 document are not costed but are included to assess whether the proposed platform is technically capable of supporting these models, should UNOPS require them in the future.1.3.3 Fully On-Premises DeploymentThis model requires 100% of activities to be performed by UNOPS Cybersecurity staff.Question: Can you staff 20 positions from scratch?Follow-up: Would you consider a phased approach to enable the SOC, roll out Endpoint and SIEM feeders, and manage operations while your team is trained and certified using real data in a test environment? The preferred hosting model for UNOPS is SaaS, and all costing must therefore be prepared for a SaaS deployment. The other hosting and deployment models listed under the sheet "1. General Platform Attributes" in the RFP_2025_58669 - LTA for Cybersecurity Operations Platform - Technical Requirements - Version 2 document are not costed but are included to assess whether the proposed platform is technically capable of supporting these models, should UNOPS require them in the future. 1.3.4 Offline or Air-Gapped EnvironmentsLogs can be manually transferred via USB or external drive at an agreed frequency to a location where they can be ingested by the core system.Question: Is this method acceptable? Please submit your response in the Technical Requirements sheet, using the provided sections: Vendor's Response, Vendor's Comment or Justification, and Supporting Document.For now, we will only provide clarifications on any unclear, incorrect, or missing information in our Terms of Reference to support bidders in submitting their best proposals. We cannot through clarifications evaluate the bidder's proposed solutions. Please propose your solution and it will be evaluated against the tender criteria.1.4 Multi-Tenancy and Multi-Site SupportThe platform must support centralized or federated management across regions.Question: How many tenants are expected? Would each tenant require SOC data and alerts specific to their tenancy or region? The immediate requirement is for a centralized, single-tenant, single-site deployment in a SaaS model. However, UNOPS would like to validate whether the proposed Cybersecurity Operations Platform supports multi-tenancy and multi-site deployment, along with centralized and/or federated management. The response should allow UNOPS to assess how the proposed platform can accommodate future expansion, particularly in terms of data and alert handling across tenants or regions, should the need arise in the long term.Therefore, please provide a detailed response describing how the proposed platform supports multi-tenancy and multi-site capabilities.1.5 Ease of Deployment and Time to ValueDeployment can be completed in 3–4 weeks, assuming playbooks and escalation paths are selected within 2 weeks. Each site rollout would depend on user count, averaging 2 sites per week once initial configurations are agreed.Question: Is this implementation timeline acceptable? Please submit your response in the Technical Requirements sheet, using the provided sections: Vendor's Response, Vendor's Comment or Justification, and Supporting Document.For now, we will only provide clarifications on any unclear, incorrect, or missing information in our Terms of Reference to support bidders in submitting their best proposals. We cannot through clarifications evaluate the bidder's proposed solutions. Please propose your solution and it will be evaluated against the tender criteria.Endpoint Agent Deployment and Security:2.1.1 Initial Agent DeploymentCentralized mechanism for remote deployment at scale, supporting automated and manual workflows.Questions:How many locations and devices are involved?Does each location have its own Active Directory or are all under UNOPS.ORG?Does each location have an AD server?Does each location have IT support services?If yes, how many sites and users are supported?UNOPS supports projects in over 80 countries. Please refer to the Prebid Meeting presentation (slide 4) for a high-level overview. The scope of end-user devices is stated as 3,500 devices across these locations.UNOPS does not use Active Directory (AD).Yes, we have local IT support at each location.2.1.4 Anti-Tampering FeaturesRobust features to prevent unauthorized changes, with secure, auditable methods for IT-authorized actions.Question: Is password security layered on top of AD OU and administrator-level credentials acceptable? Can passwords be standardized by location, region, device type, or AD OU group?Please submit your response in the Technical Requirements sheet, using the provided sections: Vendor's Response, Vendor's Comment or Justification, and Supporting Document.For now, we will only provide clarifications on any unclear, incorrect, or missing information in our Terms of Reference to support bidders in submitting their best proposals. We cannot through clarifications evaluate the bidder's proposed solutions. Please propose your solution and it will be evaluated against the tender criteria.

New clarification added: Question: Migration Support.Please confirm what level of support is expected from the vendor to facilitate the migration (e.g., advisory, hands-on implementation, full managed service).UNOPS's reply: For advisory purposes only; the hands-on implementation will be carried out by the internal UNOPS team (Cybersecurity + IT Infrastructure and Operations).

New clarification added: Question:The RFP refers to sandboxing. Please confirm if the offered solution is expected to be integrated within an existing sandboxing environment or provided in addition to the core solution.UNOPS' reply: UNOPS does not have any existing sandboxing solution. To provide further clarification, please see below:Sheet “2. Endpoint Detection and Response” – Section 2: Pre-execution Protection2.9: This refers to the availability of an in-built sandbox for malware analysis that is already provided out-of-the-box within the proposed Cybersecurity Operations Platform.2.10: This refers to the possibility of integrating with any third-party sandbox for malware analysis, should UNOPS require this in the future. This is not to be proposed with the RFP, but rather to confirm whether integration is supported and, if so, which sandbox solutions.Sheet “4. Technical Support & CSM” – Section 3: Professional Training and Enablement3.9: This refers to a test environment of the proposed Cybersecurity Operations Platform, allowing the UNOPS Cybersecurity team to perform hands-on practice and testing, rather than directly working on the production setup.

New clarification added: Question:Please confirm which GCP region(s) the Cybersecurity Operations Platform is preferred to be deployed in, and clarify whether the deployment will use a customer-provided account or an offeror-provided account. If both are acceptable, please indicate the preferred option.UNOPS' reply: The preferred UNOPS deployment model for the Cybersecurity Operations Platform is Software as a Service (SaaS), and all costing must therefore be prepared for a SaaS deployment. UNOPS will not provide a GCP account for deployment; instead, the proposed platform must support GCP integration to ingest logs and data from our current GCP accounts, which are primarily located in the EU West Region.

New clarification added: Question: Training Requirements.The financial proposal section references specific training courses (Platform Administrator, Cybersecurity Analyst). Please confirm the required delivery method (on-site, remote, or self-paced) and the frequency of these courses throughout the contract term.UNOPS' reply: The preferred delivery method for the initial training is remote, and for the annual ongoing trainings is self-paced through an online portal. However, bidders are required to confirm all available training delivery methods in Section 3 of the sheet “4. Technical Support & CSM” in the RFP_2025_58669 - LTA for Cybersecurity Operations Platform - Technical Requirements - Version 2 document.In the RFP_2025_58669 - LTA for Cybersecurity Operations Platform - Total Cost of Ownership (TCO) document, it is suggested to price for:Initial training for the Cybersecurity Team of four, andAnnual budget for advanced certifications and training per analyst per year.

New clarification added: Question: Storage.Should the proposal include associated storage costs for the retained data, or will storage/infrastructure be customer-provided? If both options are acceptable, please indicate which is preferred.UNOPS's reply: The proposal should include the associated storage costs, taking into account a 1 year data retention period and the estimated data volume, in order to calculate the TCO for the proposed platform. UNOPS will not provide any storage/infrastructure.

New clarification added: Question: Data RetentionIf different retention schedules and requirements apply, please list them in detail.UNOPS' reply: In the document RFP_2025_58669 - LTA for a Cybersecurity Operations Platform - Sections I, II, III, IV, and V, under Form F: Financial Proposal, the following guidance is provided regarding data retention and tiering, which should help clarify this question: "For the SIEM, consider one (1) year of data retention, following the supplier’s recommended best practices for availability zones and data tiering, where applicable."

New clarification added: Question: Infrastructure Ownership and CostPlease confirm whether the underlying infrastructure (hardware, cloud hosting, storage, etc.) for the Cybersecurity Operations Platform will be provided, managed, and controlled by the customer, or whether the vendor’s scope should include its provision, management, and associated costs.UNOPS' reply: The preferred hosting model for UNOPS is SaaS, and all costing must therefore be prepared for a SaaS deployment.The other hosting and deployment models listed under the sheet "1. General Platform Attributes" in the RFP_2025_58669 - LTA for Cybersecurity Operations Platform - Technical Requirements document are not costed but are included to assess whether the proposed platform is technically capable of supporting these models, should UNOPS require them in the future.

New clarification added: Question:In Form D, under JV / Consortium / Association Information, the first row is labeled “Name [complete]”. Please confirm what information is required here (e.g., legal registered name, trade name, or other).UNOPS' reply: Name is the legal registered name of the company (it should be the same as the one in the company registration certificate or certificate of incorporation).

New amendment added #1: Amendment to :Add the prebid meeting presentation and meeting minutes.Remind bidders that offers from multiple vendors, offering as a Joint Venture (where the leading partner is the one bidding on eSourcing and the one able to sign the contract) are accepted. Please refer to the Particulars / Additional information section of this tender for more details on how evaluation criteria apply to Joint Ventures. Clarify under the Particulars / Evaluation method details section on eSourcing and in the "RFP/2025/58669 - LTA for a Cybersecurity Operations Platform - Sections I, II, III, IV and V" (changes appear in red), how contract terms negotiations (if applicable) will happen.Clarify under the Particulars / Evaluation method details section on eSourcing and in the "RFP/2025/58669 - LTA for a Cybersecurity Operations Platform - Sections I, II, III, IV and V" (changes appear in red), how the demo / POC will be evaluated.Add under the Financial Proposal check-list a specifc space for Offerors to submit their official price list.Clarify in the document "RFP_2025_58669 - LTA for Cybersecurity Operations Platform - Technical Requirements" under Sheet "4. Technical Support & CSM" that technical support is required to be in English (changes appear in red).

New clarification added: Question: Can you please confirm the location of all services, is it all in Copenhagen? Is it required to do anyting outside the HQ anywhere else?UNOPS' reply: Services would be requested only for Copenhagen. 

New clarification added: Question:For regulatory requirements from our vendors we are not allowed to sell to entities outside Jordan, so is it an option that UNOPS signs using your entity in Jordan, we can cover the full scope and also provide services anywhere in the world, however, this is mandatory from some of our vendors. UNOPS's reply: The contract will be signed with our HQ in Copenhagen.  

New clarification added: Question: Would an RFP response receive a higher score if both EDR and SIEM solutions come from the same vendor?UNOPS's reply: The offers will be evaluated against the stated evaluation criteria of this tender.

New clarification added: Question : I am writing to inquire about the supported operating system requirements for version 3.2.2.2 as detailed in the technical requirements file, RFP_2025_58669. A review of the current list suggests that several of the specified operating systems are now end-of-life. We therefore require clarification on the current and officially supported requirements for this version.UNOPS's reply: Requirements 3.2.2.1 and 3.2.2.2 from the Technical Requirements document, sheet ‘1. General Platform Attributes’, mention specific OS versions as a snapshot of our asset list, but also include any later versions (i.e., macOS 10, 11, 12, 13, and above). Please indicate in the vendor response section which versions are supported by the proposed solution. If end-of-life versions are not supported, please mention that as well in the comments section.

New clarification added: UNOPS's replies are indicated below in bold, after the questions: ​Are you looking for a platform that provides both SIEM and EDR by the same vendor? Or are you open to evaluating solutions from different vendors where the SIEM acts as the main platform? UNOPS is open to evaluating offers that include SIEM and EDR solutions from the same vendor or from different vendors.If the offered solution is the same as what you have right now, is any missing implementation or integration required? The Technical Requirements document outlines all UNOPS technical requirements for this RFP process, which represent our current needs and will also be used for the evaluation.Is integration with a ticketing system (e.g., ServiceNow, Remedy) required, or is it already in place? Please refer to the Technical Requirements document, sheet ‘3. SIEM’, section 4.5.1. The proposed solution is required to support API access for integration with external ticketing systems (e.g., Jira). UNOPS currently uses Jira Service Management for ticketing; hence, the requirement to support ticketing integration.Technical support from the partner or reseller: Is this for 24x7x365? No, the technical support service relates to break/fix, troubleshooting, upgrades, etc., and the associated SLAs used to evaluate the quality of the support service.Customer Success Manager (CSM): Is this a full-time Dedicated Customer Success Manager or required only for any specific hours per month/year? Please refer to the Technical Requirements document, sheet ‘4. Technical Support & CSM’, section 2.5. Bidders are required to provide a description of their offering related to Customer Success Management responsibilities and the proposed engagement frequency.Professional Training: Please confirm the number of expected training days. Training refers to the standard training and certification programs offered by the OEM for the technical team, including Cybersecurity Analysts/CSOC teams and Platform Administrators. Please refer to the Technical Requirements document, sheet ‘4. Technical Support & CSM’, section 3.4, where bidders are required to confirm the availability of training and certification programs and provide related details.Do you currently have a SOAR for automation? If so, are playbooks already defined? Considering our current maturity level, is it fair to assume, for the purpose of this RFP, that playbooks are not yet defined.It was mentioned that no marketplace will be used. Nevertheless, some vendors have explicitly mentioned they have a direct contract with you. Could you please confirm that, for the financial aspect and this RFP, vendors are not allowed to sell directly to UNOPS? We are not sure what you mean by "some vendors have explicitly mentioned they have a direct contract with you", this was never mentioned during the prebid meeting. Having an existing contract with UNOPS does not mean that products or services can be purchased via a cloud marketplace; these two aspects are entirely different. As confirmed during the prebid meeting, the cloud marketplace is NOT an option. The Long-Term Agreement (LTA) resulting from this RFP will be established with the selected bidder according to the published evaluation criteria, irrespective of whether the bidder is the OEM or a partner. UNOPS cannot govern the relationship between the OEM and its partners, and both the OEM and Partners are required to align on these considerations to ensure that a bidder submitting a proposal to UNOPS is able to enter into a contract with UNOPS if their proposal is selected.

New clarification added: Question: We would ask if an extension af deadline until 15th of September is possible?As staff hast just returned from summer vacation.UNOPS' reply: Unfortunately, it is not possible due to operational constraints. There are still almost 2 weeks left to offer for this tender. The tender is also designed in a way that makes it easy for offerors to respond (drop-down menus, ...etc) and limited information to fill. Therefore, we consider that there is sufficient time to propose an offer.

New clarification added: Question: We have the same question as the below, we still coulnt get the proper information for the " Section I: RFP Particulars " even after reading your response, could you please provide a write up or attached the Section I as an ammendment to the documents ?UNOPS's reply: Please look at page 23 of the eSourcing guide, top of the page. It indicates that the Tenders Particulars can be found under the menu Tender Information on eSourcing. If you look at page 25 (top of the page), you also have a printscreen of what is available under the Tender Information menu on eSourcing and can see the sub-menu Tender Particulars (2nd sub-menu under Tender Information). That is the "Section I: Particulars" of this RFP. 

New clarification added: Question: We transact commercially via Reseller (Partner). The Reseller we will partner with on this RFP, is not invited by UN to the tender. Is it possible, to have the partner being invited by UN, or can they sign up/create their own account at UNOPS, and via this submit our joint RFP response - or can we add the partner, to the existing (my profile).UNOPS's reply: You should submit as a Joint Venture, both partners need to be registered on UNGM and the UNGM numbers of both partners need to be indicated in the Joint Venture Form. The leading partner of the joint venture should be the one who will sign the contract. The leading partner should be the bidding supplier. In your case, if you plan for the contract to be signed between the Reseller and UNOPS, then the Reseller needs to register on UNGM and bid. They can indicate you as a Joint Venture member. 

New clarification added: Question:can you confirm that you are not requested some managed services (Managed SIEM and Manged EDR) but only the subscription for the platform and the technical support on it ?UNOPS' reply:UNOPS is not requesting a Managed Service, but only the license, implementation services, and technical support.

New clarification added: Question: In the document RFP_2025_58669 - LTA for a Cybersecurity Operations Platform - Sections I, II, III, IV and V, the section “Section I: RFP Particulars” is frequently referenced.However, we could not find that section or the corresponding document in the information provided.Could you please kindly clarify where we can access that section or document?UNOPS's reply:The particulars section is directly embedded on the eSourcing platform. Please refer to page 22 and 23 of the eSourcing user guide to navigate the platform to the Particulars section.