Outsourcing your Security Operations Centre (SOC) is a strategic move that can strengthen cyber resilience, free internal teams to focus on core business, and deliver better security outcomes.

Many organisations follow a formal Request for Information (RFI) or Request for Proposal (RFP) process when selecting a managed SOC provider. While you're not actually required to take this route, it's worth considering, especially if outsouring SOC is a new choice for the business. The key is to find an approach that works for your operation - and ensures you select the right partner for your needs.

This guide lays out simple, practical steps to help you navigate SOC procurement with confidence - whether or not you choose to issue an RFI or RFP. Based on proven best practices, it will help you define your requirements, assess potential partners and structure a strong, lasting relationship with your chosen provider.

We’ll walk you through the process in straightforward language — so you can focus on what matters: improving your security posture and getting the best value from your SOC investment.

Looking for a ready-made RFP template to streamline your SOC procurement process? Download our editable SOC RFP Template and customise it to match your needs.

If you're still weighing up whether to build in-house or outsource, it’s worth considering the strategic and operational benefits of outsourcing your SOC before starting the procurement process.

Navigating the SOC Procurement Landscape

This guide is suitable for organisations of all sizes - from fast-growing scaleups to large enterprises looking to modernise their security operations.

What is SOC Procurement and Why Does it Matter?

A SOC procurement process involves a structured approach to selecting and onboarding a third-party provider for managed Security Operations Centre services. This typically involves issuing an RFI, RFP or RFQ to evaluate potential partners against your specific security requirements.

Many organisations today rely on managed service providers (MSPs), managed security services (MSS), or managed security service providers (MSSP) to achieve continuous protection without overloading internal teams. Don't over concern yourself with these industry aconisms. All of them are essentially Secure Operations Centeres (SOC). Partnering with any of these should give your business access to advanced security expertise.

Given the SOC’s critical role in threat detection, incident response and regulatory compliance, it’s essential to align your SOC procurement process with your business goals, risk appetite and operational needs.

What’s the Difference Between an RFI, RFP and RFQ?

• RFI (Request for Information): Market research to understand vendor capabilities.

• RFP (Request for Proposal): Invites detailed solutions for defined needs.

• RFQ (Request for Quotation): Focuses on pricing for clearly defined services.

Understanding the SOC Procurement Process

Partnering with a SOC provider can simplify the procurement process and give your business access to advanced security expertise.

Typically there are five main stages:

1. Define Requirements: Work out what you need based on your current environment, risk profile and business goals.

2. RFI (Request for Information): Gather basic market intelligence and narrow down potential vendors.template

3. RFP (Request for Proposal): Send detailed specifications to shortlisted providers.

4. Evaluation and Selection: Score proposals, shortlist, check references, meet finalists and choose a provider.

5. Contract, Onboard and Orient:  Finalise the contract details, prepare your internal team and orient the SOC provider.

Step 1: Define Your SOC Requirements

The first and most critical step is defining your security objectives and success metrics.

Involve key stakeholders (IT, risk, compliance, leadership) to align on goals.
A cost-effective MSSP can help optimise your cybersecurity budget while protecting sensitive data.

Key questions include:

• What are our top cybersecurity risks and compliance requirements?

• What incident response, escalation and remediation capabilities do we expect from the SOC provider?

• Do we need 24/7 coverage, and how will this impact our internal teams?

• Should the SOC use our SIEM platform or provide their own?

• Can the SOC service scale with our business as we grow?

• Do we require UK-based SOC services, or are offshore options acceptable?

• What SLAs, KPIs and reporting do we need to measure performance and value?

PRO TIP: You can engage the services of a professional CISO on a fractional basis, a virtual CISO or vCISO, who has experience defining SOC requirements and evaluating vendors. They may even have their own little black book of vendors whom they know can successfully deliver the service who you can evaluate as part of the process.

Step 2: Issue a SOC RFI

An RFI helps you understand the managed SOC market before committing to a full RFP.

Include details such as:

• Current security setup and objectives

• SOC capabilities — including threat detection, incident response, vulnerability management, and optional services (e.g. Dark Web monitoring, patch management, third-party risk management)

• Technology stack and integration — SIEM platforms, security tools, and ability to connect to all data sources to minimise blind spots

• Team structure, expertise, and 24/7 coverage model

• Credentials and compliance — certifications (e.g. CREST SOC, ISO 27001, ISO 9001, SOC 2, GDPR, DORA), case studies and references

• Delivery model, escalation process, and account management approach

Research external benchmarks:

As part of your vendor identification strategy, research potential SOC providers through multiple chann

Using multiple sources will help validate your vendor shortlist, provide benchmarks for negotiation and ensure your approach aligns with cybersecurity procurement best practices.els to build a strong shortlist of potential providers.

• Analyst reports or peer reviews (Gartner Peer Reviews, Forrester, IDC)

• Cybersecurity network groups

• Industry frameworks (ISO 27001, NIST CSF v2, CIS Controls)

• Reputation and word-of-mouth from trusted partners, such as a vCISO

Step 3: Build a Strong RFP

A strong RFP is critical to the success of your SOC procurement process. Your RFP should evaluate total value, not just price, including:

• Technical and engineering capabilities

• Service delivery approach

• Compliance experience

• Innovation and cultural fit

• Contractual flexibility and exit terms

Before issuing an RFP, it's essential to understand how SOC pricing works - from subscription models to hidden costs. Our guide on SOC outsourcing costs breaks down what to expect and how to avoid budget surprises.

A cost-effective MSSP optimises cybersecurity budgets while protecting sensitive data and critical systems. Invest time in creating a comprehensive but focused document. Clear requirements, submission guidelines, evaluation criteria and response timelines make it easier for vendors to respond consistently and for you to compare proposals objectively. This structured approach ultimately leads to better vendor selection and stronger partnerships.

What to Include in Your SOC RFP

• Service scope: monitoring, response, escalation and coverage

• Technical integration: SIEM/EDR platforms, service desk integration, multi-cloud, on-premise and scalability needs

• Compliance requirements: e.g. CREST SOC, GDPR, NIST CSF v2, ISO 27001, DORA, regulatory reporting

• SLAs & KPIs: response times, resolution targets, reporting frequency

• Data governance: data residency and privacy policies

• Commercial terms: pricing model, contract duration, exit terms and transition assistance

Include both quantitative (easier to score) and qualitative questions that show the vendors’ expertise and approach. 

Step 4: Evaluate and Select Your SOC Provider

Assemble a cross-functional evaluation team from IT, procurement, finance and operations, to ensure an objective assessment aligned with SOC procurement best practices. Assess proposals using predefined scoring criteria.

• Technical capability: ability to support your technology stack, accommodate changes, and automate for fast containment

• Cost awareness; focus on optimising costs and maximising ROI from existing security tools and processes

• Industry expertise: proven experience with similar organisations, strong references, and use of actionable threat intelligence

• Service delivery & SLAs:  quality of SLAs, reporting, integration with your team, and validation of SOC effectiveness

• Project delivery: clear rollout plan, realistic timelines, and understanding of customer dependencies

•  Financial stability: transparent, scalable pricing and sound financial footing

• Cultural fit: ability to work effectively with your team and organisational culture

• Innovation potential: use of advanced technologies and commitment to continuous improvement in security resilience

Evaluating Proposals: A Scoring Matrix Approach

Use a weighted scoring matrix to compare vendors across these critical areas, like this:

For a more detailed exploration on how to vet providers beyond the RFP - such as cultural fit, transparency, and SLAs- read our guide to choosing the right SOC outsourcing partner. 

Getting Beyond the RFP: Steps After Proposal Submission

While the RFP is a crucial stage in the SOC procurement process, the journey doesn't end there. After receiving and evaluating proposals, there are more key things you can do to help refine your selection and ensure a strong partnership.

Post-RFP, further steps include: Finalist interviews, Cultural alignment, Scenario discussions, Team introductions and Onboarding conversations

When to use an RFQ in SOC Procurement

While RFIs and RFPs are common in managed SOC procurement, a Request for Quotation (RFQ) can be useful when: 

• You already know your exact requirements 

• You're comparing pricing models between a small, pre-qualified shortlist of providers

• You're at the final decision stage and need to clarify commercial terms

An RFQ is typically shorter and more transactional than an RFP, focusing primarily on cost, licensing models, billing schedules and any additional setup fees, rather than detailed technical solutions or service delivery approaches.

Do be wary of vendors who respond to RFQs without asking detailed questions. They typically offer a low cost, commoditised service that might check the box of an “outsourced SOC” but it suffers to integrate fully with the organisation’s specific technologies and processes, often relying on the customer’s own IT staff to contain incidents off the back of tickets that the SOC raises.

Interview or Meet Potential SOC Partners

After narrowing down the providers to a select few based on their RFP submissions, it's essential to interview and meet your shortlisted vendors. This critical phase of SOC vendor evaluation allows you to assess cultural fit, clarify proposal details, and test their understanding of your cybersecurity and business goals.

Cybersecurity procurement best practices recommend using finalist interviews to:

• Ask how they'd handle specific security scenarios or incidents

• Meet the actual SOC team who would deliver your service

• Explore their approach to onboarding and continuous improvement

• Discuss their measurement and reporting methodologies for SOC outsourcing

This step helps ensure alignment—not just on paper, but in real-world collaboration with your chosen security partner, who you will trust to keep you and your business safe.

Step 5: Contract, Onboard and Orient

Once you have selected your preferred SOC service provider, negotiate contractual terms that will protect the business, including total costs, SLA penalties, and RASCI agreements.

Having agreed terms, the selected provider will likely have presented their project plan which includes onboarding its SOC staff, gaining access to IT resources and running workshops that will orient its staff (and the customer’s staff) on the business goals and technical requirements of the SOC. 

Contract Checklist

• Total cost, including setup, integration and ongoing maintenance costs (the IT environment is constantly changing and the SOC provider should work as a partner to the business to accommodate that change without introducing additional fees)

• SLA terms, penalties and remediation

• Agree a shared RASCI (Responsibility, Accountability, Support, Consulted, Informed) matrix across the incident response process - making sure to select a partner that will contain incidents on your behalf to maximise value.

• Exit strategy, including notice periods, termination conditions and data return

• Scope boundaries (service inclusions/exclusions) and change management processes

Ensure your legal team reviews all terms before signing, confirming compliance with your organisational policies and regulatory requirements. DORA has specific contractual recommendations for ICT Suppliers that support critical processes of financial services organisations (such as Outsourced SOC) in the EU. Even if your organisation doesn’t need to comply with DORA, we still recommend incorporating these clauses into your SOC contracts as a good practice in building organisational resilience. 

Onboarding and Orientation

The SOC provider should have provided a structured transition plan covering:

• Structured customer document and architecture review to orient SOC staff

• Technical integration schedule and testing

• Risk management and business context workshops

• Service management and disaster recovery design 

• Knowledge transfer sessions and shared incident response workshops

• Performance monitoring and review checkpoints in the form of regular service reviews

• Total cost

• SLAs and penalties

• RASCI matrix

• Exit strategy

• Change management

• Legal and compliance reviews

Onboarding and Orientation

Ensure the SOC (MSSP or MSS / MSP) provides:

• Technical and architecture review

• Integration and testing

• Risk and business context workshops

• Service and DR design

• Incident response workshops

• Performance reviews

SOC Procurement Checklist

Use this SOC procurement checklist to help with your internal planning and ensure adherence to SOC procurement process best practice:

✅ Define requirements
✅ Align stakeholders
✅ Issue RFI
✅ Build and send RFP
✅ Score proposals
✅ Interview finalists
✅ Finalise contract
✅ Plan onboarding

Your SOC Strategy Starts Here

SOC procurement is the start of a strategic partnership.

A trusted MSSP helps optimise costs, strengthen security measures and improve resilience.

Invest time in:

• Defining clear requirements

• Validating vendors

• Using structured evaluations

• Understanding dependencies

Ready to take the next step?
Download our SOC RFP template, or speak to a cybersecurity advisor.