DfT(c): Specialist Security Practitioners Services Contract

UK-Hastings: Computer support and consultancy services.

Section I: Contracting Authority
   I.1)Name, Addresses and Contact Point(s):
      DFT
      Group Procurement Division, Zone D/06 Ashdown House, Sedlescombe Road North, Hastings, TN37 7GA, United Kingdom
      Tel. +44 02079448422, Fax. +44 02079448440, Email: anthony.moss@dft.gsi.gov.uk, URL: www.dft.gov.uk
      Attn: Tony Moss
      Electronic Access URL: http://tenders.dft.gov.uk/ppro-04-69-04/index.html

      Further information can be obtained at: As Above       
      Specifications and additional documents: As Above       
      Tenders or requests to participate must be sent to: As Above       
   
   I.2)Type of the contracting authority:
      Ministry or any other national or federal authority, including their regional or local sub-divisions

   I.3) Main activity:
      Other: Transport

   I.4) Contract award on behalf of other contracting authorities:
      The contracting authority is purchasing on behalf of other contracting authorities: No

Section II: Object Of The Contract: SERVICES
   II.1)Description
      II.1.1)Title attributed to the contract by the contracting authority: Specialist Security Practitioners Services Contract
      II.1.2)Type of contract and location of works, place of delivery or of performance: SERVICES         
         Service Category: 7

         Region Codes: UK - UNITED KINGDOM         
      II.1.3) Information about a public contract, a framework or a dynamic purchasing system: The notice involves the setting up of a framework agreement                                                        

      II.1.4)Information on framework agreement:      
            Framework agreement with several operators

         Duration of the framework agreement:
            Duration in year(s): 3             
         Estimated total value of purchases for the entire duration of the framework agreement:
                        
            Estimated value excluding VAT: 3,500,000
            Currency: GBP
                              
      II.1.5)Short description of the contract or purchase:
      Computer support and consultancy services. Computer-related services. Computer-related professional services. Computer support services. Technical computer support services. Computer network services. Computer audit and testing services. The DfT is seeking to award a contract for the provision of specialist Security Practitioner Services to support its ongoing compliance with the security outcomes of the HMG SPF and other areas of compliance such as PCI DSS and the Public Services Network.
         
      II.1.6)Common Procurement Vocabulary:
         72600000 - Computer support and consultancy services.
         
         72500000 - Computer-related services.
         
         72590000 - Computer-related professional services.
         
         72610000 - Computer support services.
         
         72611000 - Technical computer support services.
         
         72700000 - Computer network services.
         
         72800000 - Computer audit and testing services.
         

      II.1.7) Information about Government Procurement Agreement (GPA):
         The contract is covered by the Government Procurement Agreement (GPA): Yes       
      II.1.8)Lots:
         This contract is divided into lots: Yes          
         If yes, tenders should be submitted for: One or more lots

      II.1.9)Information about variants:
         Variants will be accepted: No    
   
   II.2)Quantity Or Scope Of The Contract
      II.2.1)Total quantity or scope:
      Not Provided      
      
      II.2.2)Options: Not Provided         
         II.2.3)Information about renewals:
            This contract is subject to renewal: Not Provided         
   II.3)Duration Of The Contract Or Time-Limit For Completion      
         Duration in months: 36 (from the award of the contract)

   Information About Lots
            
      Lot No: 1
      Title: IT Security and Information Assurance

      1)Short Description:      
      In line with current guidelines and standards and the proposed changes by CESG to Information Assurance (IA) consultancy, suppliers must be able to demonstrate and provide a range of experience and skills which relate to CESG Certified Professional (CCP) or equivalent roles i.e. CLAS.
Suppliers will be required to undertake a broad range of IT Security and IA roles of which the key areas are summarised as follows:
•Conduct risk assessments;
•Provide expert advice for the planning, design, setup and implementation of information security relating to security architecture, configurations, risk control regimes and others requirements as specified;
•Develop security documentation in line with CESG and government standards (or as otherwise agreed);

•Develop policies, guidance and procedures relating to information security and information assurance;

•Conduct and document compliance reviews/checks of information systems in line with UKG and international best practice, policies and standards and where required, to carry out document reviews.

      2)Common Procurement Vocabulary:
         72500000 - Computer-related services.
         
      3)Quantity Or Scope: Not Provided
               
      4)Indication About Different Date For Start Of Award Procedures And/Or Duration Of The Contract Not Provided
                        
                  
         5)Additional Information About Lots: Not Provided
               
      Lot No: 2
      Title: IT Health Checks

      1)Short Description:      
      IT Health Checks identify vulnerabilities in IT systems and networks which may compromise the confidentiality, integrity or availability of information held on that IT system.

The CHECK scheme enables penetration testing by CESG approved companies, employing penetration testing personnel qualified to assess HMG and other public sector bodies.

Suppliers must be able to demonstrate and provide a range of experience relating to IT Health Checks including, where appropriate, retain a valid and active registration on the CESG CHECK scheme or be CREST or TIGER accredited from qualified PCI security assessors.

Suppliers will be required to carry out and report on:

•IT security health checks of DfT IT systems;

•Penetration tests of IT systems and services;

•Compliance checks for ISO27000 standards (2005 and 2013) and similar standards such as the CESG IAS1&2 Baseline Control Set; and

•Scanning and compliance checks for PCI-DSS.

For all of the above and where relevant and agreed with the DfT lead, suppliers must be capable of producing reports that include: an impact assessment statement, a summary of the approach taken together with working assumptions, a set of findings, conclusions and recommendations and where relevant, a list of the key risks and issues including any costs relating to rectification

      2)Common Procurement Vocabulary:
         72500000 - Computer-related services.
         
      3)Quantity Or Scope: Not Provided
               
      4)Indication About Different Date For Start Of Award Procedures And/Or Duration Of The Contract Not Provided
                        
                  
         5)Additional Information About Lots: Not Provided
               
      Lot No: 3
      Title: Forensics

      1)Short Description:      
      Suppliers must, at short notice, be capable of conducting internal security investigations to support legal compliance.

Suppliers must be able to demonstrate experience and expertise in the following areas of activity:

•Assessment and advice on the best approaches for preserving data or managing active incidents;

•Isolation and analysis of active IT systems;

•Analysis of disc drives, tapes and solid state memory devices for information that may have been deleted or overwritten;

•Analysis of Trusted Platform Module (TPM) and other hardware alerts;

•Analysis of log files and audit trails and other software indicators to associate actions, times, devices and person-related authentication credentials or tokens;


•Analysis of PCI-DSS transactions and related activity; and

•Physical forensics of equipment, work spaces etc.

      2)Common Procurement Vocabulary:
         72500000 - Computer-related services.
         
      3)Quantity Or Scope: Not Provided
               
      4)Indication About Different Date For Start Of Award Procedures And/Or Duration Of The Contract Not Provided
                        
                  
         5)Additional Information About Lots: Not Provided
               
      Lot No: 4
      Title: Physical Security and Business Continuity

      1)Short Description:      
      The DfT will issue a specification setting out the objectives, scope and expected deliverables for each individual Physical Security and Business Continuity requirement.

Due to the broad and varying nature of the requirements, suppliers should have demonstrable experience and qualifications, where required, to perform the following range of activities:

•Business Continuity
oTo review, amend, design, test and implement existing/new strategies and plans, governance structures including roles and responsibilities, processes, procedures and systems;

•Incident Management
To review, amend, design, test and implement existing/new strategies and plans, governance structures including roles and responsibilities, processes, procedures and systems – relating to both IT and Non-IT systems as required;

•Physical Security
To carry out physical risk assessments and audits in line with HMG policy and develop, where appropriate, remediation plans and new processes and procedures;

To develop policy and guidance relating to the storage of sensitive assets and their environments; and

To assess operational requirements and provide guidance in order to reduce the threat of risk and harm to DfT staff, information and assets.

      2)Common Procurement Vocabulary:
         72500000 - Computer-related services.
         
      3)Quantity Or Scope: Not Provided
               
      4)Indication About Different Date For Start Of Award Procedures And/Or Duration Of The Contract Not Provided
                        
                  
         5)Additional Information About Lots: Not Provided
                  
Section III: Legal, Economic, Financial And Technical Information
   III.1)Conditions relating to the contract
      III.1.1)Deposits and guarantees required:
      Participants will be advised if this is necessary during the procurement. Parent company and/or other guarantees of performance and financial liability may be required by the Agent if considered appropriate
      
      III.1.2)Main financing conditions and payment arrangements and/or reference to the relevant provisions governing them:
      Tenders are to be priced in GBP and payment will only be made in GBP
      
      III.1.3)Legal form to be taken by the group of economic operators to whom the contract is to be awarded:
      The group will be required to nominate a lead partner with whom the Authority can contract, or form themselves into a single legal entity before the contract is awarded.
      
      III.1.4)Other particular conditions:
         The performance of the contract is subject to particular conditions: No       
   III.2)Conditions For Participation
      III.2.1)Personal situation of economic operators, including requirements relating to enrolment on professional or trade registers:

      Please refer to the Invitation to Tender Documents      
      III.2.2)Economic and financial capacity
         Economic and financial capacity - means of proof required:         
         
         Information and formalities necessary for evaluating if requirements are met:
         Please refer to the Invitation to Tender Documents         
         Minimum Level(s) of standards possibly required:
         Please refer to the Invitation to Tender Documents
      
      III.2.3)Technical capacity
         Technical capacity - means of proof required         
         
         Information and formalities necessary for evaluating if requirements are met:
         Please refer to the Invitation to Tender Documents         
         Minimum Level(s) of standards possibly required:
         Please refer to the Invitation to Tender Documents      
      III.2.4)Information about reserved contracts: Not Provided   
   III.3)Conditions Specific To Service Contracts
      III.3.1)Information about a particular profession:
         Execution of the service is reserved to a particular profession: No       
      III.3.2)Staff responsible for the execution of the service:
         Legal persons should indicate the names and professional qualifications of the staff responsible for the execution of the service: No
Section IV: Procedure
   IV.1)Type Of Procedure
      IV.1.1)Type of procedure: Open
   
   IV.2)Award Criteria
      IV.2.1)Award criteria:      
         The most economically advantageous tender in terms of
            The criteria stated in the specifications, in the invitation to tender or to negotiate or in the descriptive document

      IV.2.2)Information about electronic auction:
         An electronic auction will be used: Not Provided
   IV.3)Administrative Information
      IV.3.1)File reference number attributed by the contracting authority: PPRO 04/69/04      
      IV.3.2)Previous publication(s) concerning the same contract: Not Provided
      IV.3.3)Conditions for obtaining specifications and additional documents or descriptive document:

      Date: 04/05/2015
      Time-limit for receipt of requests for documents or for accessing documents: 11:00
         Payable documents: No       
      
      IV.3.4)Time-limit for receipt of tenders or requests to participate
         Date: 06/05/2015
         Time: 11:00      
      IV.3.6)Language(s) in which tenders or requests to participate may be drawn up:         English
         
      IV.3.7)Minimum time frame during which the tenderer must maintain the tender Not Provided      
      IV.3.8)Conditions for opening tenders
         Not Provided

Section VI: Complementary Information

   VI.1)This Is A Recurrent Procurement: Not Provided
   VI.2)Information about European Union funds:
      The contract is related to a project and/or programme financed by European Union funds: Not Provided      
   VI.3)Additional Information: The contracting authority considers that this contract may be suitable for economic operators that are small or medium enterprises (SMEs). However, any selection of tenderers will be based solely on the criteria set out for the procurement, and the contract will be awarded on the basis of the most economically advantageous tender. Potential Providers should note that, in accordance with the UK Government’s policies on transparency, the DfT intends to publish the Selection and Award Questionnaires, Invitation to Tender (ITT) document and the text of any Contract awarded, subject to possible redactions at the discretion of the DfT. Further information on transparency can be found at:
http://gps.cabinetoffice.gov.uk/about-government-procurement-service/transparency-and-accountability/transparency-procurement

The DfT expressly reserves the right not to award the Contract as a result of the procurement process commenced by publication of this notice and in no circumstances will the DfT be liable for any costs incurred by the candidates. If the DfT decides to enter into a Contract with the successful supplier, this does not mean that there is any guarantee of subsequent contracts being awarded. Any expenditure, work or effort undertaken prior to Contract award is accordingly a matter solely for the commercial judgement of potential suppliers.

The duration of the Contract is for an initial 2 years with the option to extend for a further 1 year. Thus the potential duration of the Contract is 3 Years.

The Department for Transport (DfT) is the Contracting Authority for the procurement of a contract to provide the DfT Family comprising of: the central Department and its Executive Agencies (i.e. Driver and Vehicle Standards Agency, Driver and Vehicle Licensing Agency, Highways England, Maritime and Coastguard Agency, Vehicle Certification Agency), Transport Bodies (i.e. Air Accident Investigation Branch, Marine Accident Investigation Branch and Rail Accident Investigation Branch), and Non-Departmental Public Bodies (NDPBs) (including but not limited to HS2 Ltd, British Transport Police Authority, Directly Operated Railways Limited, Northern Lighthouse Board, Passenger Focus, Trinity House) and their successor bodies
The value provided in Section II.1.4 is only an estimate and is based on the initial 2 year duration. As a baseline against the current contract, the DfT has made approximately 90 call-offs and approximately 70% of the call-offs are for values of £20,000 or less

NOTE: There is no appeal as such to a decision on whether or not to award the Contract but if you wish to make representations to the DfT about the conduct or outcome of the procurement you should email the DfT at the address stated in Section I.1.
To view this notice, please click here:
https://www.delta-esourcing.com/delta/viewNotice.html?noticeId=138594551
GO-2015327-PRO-6477578 TKR-2015327-PRO-6477577
   
   VI.4)Procedures For Appeal
      VI.4.1)Body responsible for appeal procedures:
      DFT
      Group Procurement Division, Hastings, TN37 7GA, United Kingdom
      Tel. +44 02079448422

      VI.4.2)Lodging of appeals: The DfT will incorporate a minimum 10 calendar day standstill period at the point information on the award of the contract is communicated to tenderers. Applicants who are unsuccessful shall be informed by the DfT as soon as possible after the decision has been made as to the reasons   
   
      VI.4.3)Service from which information about the lodging of appeals may be obtained:
            Not Provided

   VI.5) Date Of Dispatch Of This Notice: 27/03/2015

ANNEX A