Procurement

PROCUREMENT OPPORTUNITIES

Parklane Plowden Tender: Microsoft Copilot Rollout and Data Security Implementation Partner

1. Summary

Plowden Facilities Ltd, on behalf of Parklane Plowden Chambers (PLP), invites proposals for the supply, implementation, and support of a phased Microsoft Copilot rollout together with enhanced data security controls (Microsoft Intune and Data Loss Prevention) for up to 150 users. The programme will be delivered using a structured four-phase approach – Data Review, Copilot Pilot, Data Security Pilot, and Full Rollout – balancing AI-driven productivity with appropriate data governance and protection of sensitive client information. The project start date is Summer 2026.

2. Overview

Parklane Plowden Chambers is a leading UK barristers’ chambers delivering specialist legal services across family, personal injury, and commercial law, with a strong reputation for advocacy, client service, and operational innovation. The selected partner will support PLP through the secure adoption of Microsoft Copilot, Intune, and DLP across the Microsoft 365 (M365) estate, integrating with existing workflows, complying with GDPR, and safeguarding legal professional privilege.

The structure of Chambers consists of a central support function (Plowden Facilities Ltd) employing up to 35 staff, plus up to 115 self-employed barristers. SharePoint has been in place at PLP for some time, and this project will enhance the security controls currently in place and facilitate increased efficiency through the use of AI.

The project submission should include costs for Copilot licences for up to 150 people, details of any other software licences required for DLP and Intune and the costs and approach for implementing the project.

3. Scope of Requirements

The scope of works is structured across four phases. Suppliers are expected to address each phase in their response, including methodology, expected outcomes, indicative timescales, and costs for consultancy and software licences.

Phase 1 – Data Review. A review of business data sources, including SharePoint, Teams, Email, and OneDrive, covering high-usage and dormant data, sensitivity classification, access controls, external sharing practices, data ownership, and archiving/retention. Output: a current-state map of the data landscape and recommendations for ongoing audit and review.
Phase 2 – Copilot Pilot. Rollout of Microsoft Copilot to a representative pilot group of office staff and barristers with varying roles and technical proficiency. Includes targeted training, user guides, and feedback workshops to assess how AI can improve efficiency, capture usability and integration feedback, and identify any data security or privacy concerns to inform the broader rollout.
Phase 3 – Data Security Pilot: Intune and DLP. An assessment of how PLP can improve the security and management of data held within email and SharePoint through data classification labels and Data Loss Prevention controls, including how access via employee-owned devices can be controlled more effectively. Delivered on a test tenant with sample users, sample SharePoint sites, and test devices (Apple iOS, Android, Windows, macOS), demonstrating device compliance, application control, remote wipe, and DLP policies applied to a small sample of data.
Phase 4 – Full Rollout. Leveraging lessons learned from the pilot phases, the successful supplier will deliver organisation-wide deployment of Copilot, Intune, and DLP, with all data controls, access policies, and security measures in place and tested prior to go-live. Includes onboarding sessions tailored to staff and barrister workflows, ongoing training and support, a dedicated post-rollout support channel, monitoring of adoption and compliance, and reporting to PLP business leadership.

4. Methodology

Suppliers are expected to outline a delivery methodology that includes:

Automated scans and manual audits of data repositories to map the current data landscape.
Engagement with department leads, clerks, and Heads of Chambers to validate data usage, ownership, and custodianship.
Review of audit logs and sharing reports to assess external access and identify risks.
Documentation of current data lifecycle procedures and identification of gaps.
Set-up of a test tenant with sample users, test SharePoint sites, and test devices for the security pilot.
Ethical considerations in handling confidential and legally privileged information.
A collaborative approach to training, configuration, testing, and go-live support.
Clear documentation of the implementation plan and contingency measures.

5. Deliverables

Mapping of data repositories and sensitivity classifications.
Documentation of current access controls and external sharing practices, with recommendations for remediation.
Recommendations on tooling and reporting for ongoing management of data.
Clear processes for the creation of new sites, management of permissions and sharing, and archiving of data no longer required.
Provisioned and configured Microsoft Copilot, Intune, and DLP services.
Pilot evaluation reports for Copilot and for Intune/DLP, with recommendations for full rollout.
Data classification framework with defined controls per data type.
Targeted training sessions, user guides, and ongoing support resources.
Full organisation-wide rollout plan with go-live support and post-implementation reviews.
Monitoring, reporting, and review documentation for PLP business leadership.

6. Contract Management

Project start: August 2026.
Contract Manager: Martin Beanland, Head of Service.
Payments will be made on a subscription basis for licensing and as defined within the contract for implementation services.
Additional support and training will be defined within the contract and paid within 30 days of delivery of services.

7. Award Criteria

Minimum requirements before commercial considerations take place will include:

Sufficient security and data protection protocols, for example:
- Role-based access controls.
- Audit logging.
- Data segregation.
- Prompt and output handling (for instance, prompts not used for model training).
Sufficient governance and risk management, including:
- Built-in guardrails.
- The ability to configure acceptable use policies.
Demonstrable experience with Microsoft Copilot, Intune, and Microsoft Purview / DLP deployments, ideally in regulated environments.

The successful tender should be able to demonstrate appropriate internal security certifications.

Commercial award criteria will be based on a range of considerations including:

Solution fit and alignment with the four-phase approach.
Integration quality with the existing M365 estate.
Implementation approach and risk management.
Quality of support, training, and change management.
Value for money across licensing and professional services..

8. Procurement Process

Proposal submission deadline: 25th June 2026.
Clarification meetings: first week in July 2026.
Notification of procurement decision: 31st July 2026.
Submission format: PDF, sent to Martin.Beanland@PlowdenFacilities.co.uk with the subject line “Microsoft Copilot and Data Security Implementation Tender”.

9. Notes to Suppliers

This tender brief outlines our expectations and project scope. Suppliers are advised to submit comprehensive responses addressing all phases, deliverables, timelines, and requirements. Incomplete submissions or deviations from the specified format may result in exclusion from the evaluation process.

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Your Shortlist (0)