DfT(c) has published this notice through Delta eSourcing
Notice Summary |
---|
Title: | Specialist Security Practitioners Services Contract |
Notice type: | Contract Notice |
Authority: | DfT(c) |
Nature of contract: | Services |
Procedure: | Open |
Short Description: | The DfT is seeking to award a contract for the provision of specialist Security Practitioner Services to support its ongoing compliance with the security outcomes of the HMG SPF and other areas of compliance such as PCI DSS and the Public Services Network. |
Published: | 27/03/2015 11:26 |
View Full Notice
Section I: Contracting Authority
I.1)Name, Addresses and Contact Point(s):
DFT
Group Procurement Division, Zone D/06 Ashdown House, Sedlescombe Road North, Hastings, TN37 7GA, United Kingdom
Tel. +44 02079448422, Fax. +44 02079448440, Email: anthony.moss@dft.gsi.gov.uk, URL: www.dft.gov.uk
Attn: Tony Moss
Electronic Access URL: http://tenders.dft.gov.uk/ppro-04-69-04/index.html
Further information can be obtained at: As Above
Specifications and additional documents: As Above
Tenders or requests to participate must be sent to: As Above
I.2)Type of the contracting authority:
Ministry or any other national or federal authority, including their regional or local sub-divisions
I.3) Main activity:
Other: Transport
I.4) Contract award on behalf of other contracting authorities:
The contracting authority is purchasing on behalf of other contracting authorities: No
Section II: Object Of The Contract: SERVICES
II.1)Description
II.1.1)Title attributed to the contract by the contracting authority: Specialist Security Practitioners Services Contract
II.1.2)Type of contract and location of works, place of delivery or of performance: SERVICES
Service Category: 7
Region Codes: UK - UNITED KINGDOM
II.1.3) Information about a public contract, a framework or a dynamic purchasing system: The notice involves the setting up of a framework agreement
II.1.4)Information on framework agreement:
Framework agreement with several operators
Duration of the framework agreement:
Duration in year(s): 3
Estimated total value of purchases for the entire duration of the framework agreement:
Estimated value excluding VAT: 3,500,000
Currency: GBP
II.1.5)Short description of the contract or purchase:
Computer support and consultancy services. Computer-related services. Computer-related professional services. Computer support services. Technical computer support services. Computer network services. Computer audit and testing services. The DfT is seeking to award a contract for the provision of specialist Security Practitioner Services to support its ongoing compliance with the security outcomes of the HMG SPF and other areas of compliance such as PCI DSS and the Public Services Network.
II.1.6)Common Procurement Vocabulary:
72600000 - Computer support and consultancy services.
72500000 - Computer-related services.
72590000 - Computer-related professional services.
72610000 - Computer support services.
72611000 - Technical computer support services.
72700000 - Computer network services.
72800000 - Computer audit and testing services.
II.1.7) Information about Government Procurement Agreement (GPA):
The contract is covered by the Government Procurement Agreement (GPA): Yes
II.1.8)Lots:
This contract is divided into lots: Yes
If yes, tenders should be submitted for: One or more lots
II.1.9)Information about variants:
Variants will be accepted: No
II.2)Quantity Or Scope Of The Contract
II.2.1)Total quantity or scope:
Not Provided
II.2.2)Options: Not Provided
II.2.3)Information about renewals:
This contract is subject to renewal: Not Provided
II.3)Duration Of The Contract Or Time-Limit For Completion
Duration in months: 36 (from the award of the contract)
Information About Lots
Lot No: 1
Title: IT Security and Information Assurance
1)Short Description:
In line with current guidelines and standards and the proposed changes by CESG to Information Assurance (IA) consultancy, suppliers must be able to demonstrate and provide a range of experience and skills which relate to CESG Certified Professional (CCP) or equivalent roles i.e. CLAS.
Suppliers will be required to undertake a broad range of IT Security and IA roles of which the key areas are summarised as follows:
•Conduct risk assessments;
•Provide expert advice for the planning, design, setup and implementation of information security relating to security architecture, configurations, risk control regimes and others requirements as specified;
•Develop security documentation in line with CESG and government standards (or as otherwise agreed);
•Develop policies, guidance and procedures relating to information security and information assurance;
•Conduct and document compliance reviews/checks of information systems in line with UKG and international best practice, policies and standards and where required, to carry out document reviews.
2)Common Procurement Vocabulary:
72500000 - Computer-related services.
3)Quantity Or Scope: Not Provided
4)Indication About Different Date For Start Of Award Procedures And/Or Duration Of The Contract Not Provided
5)Additional Information About Lots: Not Provided
Lot No: 2
Title: IT Health Checks
1)Short Description:
IT Health Checks identify vulnerabilities in IT systems and networks which may compromise the confidentiality, integrity or availability of information held on that IT system.
The CHECK scheme enables penetration testing by CESG approved companies, employing penetration testing personnel qualified to assess HMG and other public sector bodies.
Suppliers must be able to demonstrate and provide a range of experience relating to IT Health Checks including, where appropriate, retain a valid and active registration on the CESG CHECK scheme or be CREST or TIGER accredited from qualified PCI security assessors.
Suppliers will be required to carry out and report on:
•IT security health checks of DfT IT systems;
•Penetration tests of IT systems and services;
•Compliance checks for ISO27000 standards (2005 and 2013) and similar standards such as the CESG IAS1&2 Baseline Control Set; and
•Scanning and compliance checks for PCI-DSS.
For all of the above and where relevant and agreed with the DfT lead, suppliers must be capable of producing reports that include: an impact assessment statement, a summary of the approach taken together with working assumptions, a set of findings, conclusions and recommendations and where relevant, a list of the key risks and issues including any costs relating to rectification
2)Common Procurement Vocabulary:
72500000 - Computer-related services.
3)Quantity Or Scope: Not Provided
4)Indication About Different Date For Start Of Award Procedures And/Or Duration Of The Contract Not Provided
5)Additional Information About Lots: Not Provided
Lot No: 3
Title: Forensics
1)Short Description:
Suppliers must, at short notice, be capable of conducting internal security investigations to support legal compliance.
Suppliers must be able to demonstrate experience and expertise in the following areas of activity:
•Assessment and advice on the best approaches for preserving data or managing active incidents;
•Isolation and analysis of active IT systems;
•Analysis of disc drives, tapes and solid state memory devices for information that may have been deleted or overwritten;
•Analysis of Trusted Platform Module (TPM) and other hardware alerts;
•Analysis of log files and audit trails and other software indicators to associate actions, times, devices and person-related authentication credentials or tokens;
•Analysis of PCI-DSS transactions and related activity; and
•Physical forensics of equipment, work spaces etc.
2)Common Procurement Vocabulary:
72500000 - Computer-related services.
3)Quantity Or Scope: Not Provided
4)Indication About Different Date For Start Of Award Procedures And/Or Duration Of The Contract Not Provided
5)Additional Information About Lots: Not Provided
Lot No: 4
Title: Physical Security and Business Continuity
1)Short Description:
The DfT will issue a specification setting out the objectives, scope and expected deliverables for each individual Physical Security and Business Continuity requirement.
Due to the broad and varying nature of the requirements, suppliers should have demonstrable experience and qualifications, where required, to perform the following range of activities:
•Business Continuity
oTo review, amend, design, test and implement existing/new strategies and plans, governance structures including roles and responsibilities, processes, procedures and systems;
•Incident Management
To review, amend, design, test and implement existing/new strategies and plans, governance structures including roles and responsibilities, processes, procedures and systems – relating to both IT and Non-IT systems as required;
•Physical Security
To carry out physical risk assessments and audits in line with HMG policy and develop, where appropriate, remediation plans and new processes and procedures;
To develop policy and guidance relating to the storage of sensitive assets and their environments; and
To assess operational requirements and provide guidance in order to reduce the threat of risk and harm to DfT staff, information and assets.
2)Common Procurement Vocabulary:
72500000 - Computer-related services.
3)Quantity Or Scope: Not Provided
4)Indication About Different Date For Start Of Award Procedures And/Or Duration Of The Contract Not Provided
5)Additional Information About Lots: Not Provided
Section III: Legal, Economic, Financial And Technical Information
III.1)Conditions relating to the contract
III.1.1)Deposits and guarantees required:
Participants will be advised if this is necessary during the procurement. Parent company and/or other guarantees of performance and financial liability may be required by the Agent if considered appropriate
III.1.2)Main financing conditions and payment arrangements and/or reference to the relevant provisions governing them:
Tenders are to be priced in GBP and payment will only be made in GBP
III.1.3)Legal form to be taken by the group of economic operators to whom the contract is to be awarded:
The group will be required to nominate a lead partner with whom the Authority can contract, or form themselves into a single legal entity before the contract is awarded.
III.1.4)Other particular conditions:
The performance of the contract is subject to particular conditions: No
III.2)Conditions For Participation
III.2.1)Personal situation of economic operators, including requirements relating to enrolment on professional or trade registers:
Please refer to the Invitation to Tender Documents
III.2.2)Economic and financial capacity
Economic and financial capacity - means of proof required:
Information and formalities necessary for evaluating if requirements are met:
Please refer to the Invitation to Tender Documents
Minimum Level(s) of standards possibly required:
Please refer to the Invitation to Tender Documents
III.2.3)Technical capacity
Technical capacity - means of proof required
Information and formalities necessary for evaluating if requirements are met:
Please refer to the Invitation to Tender Documents
Minimum Level(s) of standards possibly required:
Please refer to the Invitation to Tender Documents
III.2.4)Information about reserved contracts: Not Provided
III.3)Conditions Specific To Service Contracts
III.3.1)Information about a particular profession:
Execution of the service is reserved to a particular profession: No
III.3.2)Staff responsible for the execution of the service:
Legal persons should indicate the names and professional qualifications of the staff responsible for the execution of the service: No
Section IV: Procedure
IV.1)Type Of Procedure
IV.1.1)Type of procedure: Open
IV.2)Award Criteria
IV.2.1)Award criteria:
The most economically advantageous tender in terms of
The criteria stated in the specifications, in the invitation to tender or to negotiate or in the descriptive document
IV.2.2)Information about electronic auction:
An electronic auction will be used: Not Provided
IV.3)Administrative Information
IV.3.1)File reference number attributed by the contracting authority: PPRO 04/69/04
IV.3.2)Previous publication(s) concerning the same contract: Not Provided
IV.3.3)Conditions for obtaining specifications and additional documents or descriptive document:
Date: 04/05/2015
Time-limit for receipt of requests for documents or for accessing documents: 11:00
Payable documents: No
IV.3.4)Time-limit for receipt of tenders or requests to participate
Date: 06/05/2015
Time: 11:00
IV.3.6)Language(s) in which tenders or requests to participate may be drawn up: English
IV.3.7)Minimum time frame during which the tenderer must maintain the tender Not Provided
IV.3.8)Conditions for opening tenders
Not Provided
Section VI: Complementary Information
VI.1)This Is A Recurrent Procurement: Not Provided
VI.2)Information about European Union funds:
The contract is related to a project and/or programme financed by European Union funds: Not Provided
VI.3)Additional Information: The contracting authority considers that this contract may be suitable for economic operators that are small or medium enterprises (SMEs). However, any selection of tenderers will be based solely on the criteria set out for the procurement, and the contract will be awarded on the basis of the most economically advantageous tender. Potential Providers should note that, in accordance with the UK Government’s policies on transparency, the DfT intends to publish the Selection and Award Questionnaires, Invitation to Tender (ITT) document and the text of any Contract awarded, subject to possible redactions at the discretion of the DfT. Further information on transparency can be found at:
http://gps.cabinetoffice.gov.uk/about-government-procurement-service/transparency-and-accountability/transparency-procurement
The DfT expressly reserves the right not to award the Contract as a result of the procurement process commenced by publication of this notice and in no circumstances will the DfT be liable for any costs incurred by the candidates. If the DfT decides to enter into a Contract with the successful supplier, this does not mean that there is any guarantee of subsequent contracts being awarded. Any expenditure, work or effort undertaken prior to Contract award is accordingly a matter solely for the commercial judgement of potential suppliers.
The duration of the Contract is for an initial 2 years with the option to extend for a further 1 year. Thus the potential duration of the Contract is 3 Years.
The Department for Transport (DfT) is the Contracting Authority for the procurement of a contract to provide the DfT Family comprising of: the central Department and its Executive Agencies (i.e. Driver and Vehicle Standards Agency, Driver and Vehicle Licensing Agency, Highways England, Maritime and Coastguard Agency, Vehicle Certification Agency), Transport Bodies (i.e. Air Accident Investigation Branch, Marine Accident Investigation Branch and Rail Accident Investigation Branch), and Non-Departmental Public Bodies (NDPBs) (including but not limited to HS2 Ltd, British Transport Police Authority, Directly Operated Railways Limited, Northern Lighthouse Board, Passenger Focus, Trinity House) and their successor bodies
The value provided in Section II.1.4 is only an estimate and is based on the initial 2 year duration. As a baseline against the current contract, the DfT has made approximately 90 call-offs and approximately 70% of the call-offs are for values of £20,000 or less
NOTE: There is no appeal as such to a decision on whether or not to award the Contract but if you wish to make representations to the DfT about the conduct or outcome of the procurement you should email the DfT at the address stated in Section I.1.
To view this notice, please click here:
https://www.delta-esourcing.com/delta/viewNotice.html?noticeId=138594551
GO-2015327-PRO-6477578 TKR-2015327-PRO-6477577
VI.4)Procedures For Appeal
VI.4.1)Body responsible for appeal procedures:
DFT
Group Procurement Division, Hastings, TN37 7GA, United Kingdom
Tel. +44 02079448422
VI.4.2)Lodging of appeals: The DfT will incorporate a minimum 10 calendar day standstill period at the point information on the award of the contract is communicated to tenderers. Applicants who are unsuccessful shall be informed by the DfT as soon as possible after the decision has been made as to the reasons
VI.4.3)Service from which information about the lodging of appeals may be obtained:
Not Provided
VI.5) Date Of Dispatch Of This Notice: 27/03/2015
ANNEX A
View any Notice Addenda
Section I: Contracting Authority
Title: UK-Hastings: Computer support and consultancy services.
I.1)Name, Addresses And Contact Point(s)
DFT
Group Procurement Division, Zone D/06 Ashdown House, Sedlescombe Road North, Hastings, TN37 7GA, United Kingdom
Tel. +44 02079448422, Fax. +44 02079448440, Email: anthony.moss@dft.gsi.gov.uk, URL: www.dft.gov.uk
Attn: Tony Moss
I.2)Type Of Purchasing Body
Contracting authority
Section II: Object Of The Contract
II.1)Description
II.1.1)Title attributed to the contract by the contracting authority/entity: Specialist Security Practitioners Services Contract
II.1.2)Short description of the contract or purchase:
Computer support and consultancy services. Computer-related services. Computer-related professional services. Computer support services. Technical computer support services. Computer network services. Computer audit and testing services. The DfT is seeking to award a contract for the provision of specialist Security Practitioner Services to support its ongoing compliance with the security outcomes of the HMG SPF and other areas of compliance such as PCI DSS and the Public Services Network.
II.1.3)Common procurement vocabulary:
72600000 - Computer support and consultancy services.
72500000 - Computer-related services.
72590000 - Computer-related professional services.
72610000 - Computer support services.
72611000 - Technical computer support services.
72700000 - Computer network services.
72800000 - Computer audit and testing services.
Section IV: Procedure
IV.1) Type of Procedure
IV.1.1)Type of procedure (as stated in the original notice): Open
IV.2)Administrative Information
IV.2.1)File reference number attributed by the contracting authority/entity: PPRO 04/69/04
IV.2.2)Notice reference for electronically submitted notice
Original Notice sent via: OJS eSender
Notice Reference: 2015 - 155480
IV.2.3)Notice to which this publication refers: Not Provided
IV.2.4)Date of dispatch of the original Notice: 27/03/2015
Section VI: Complementary Information
1: Complementary Information
VI.1)This notice involves: Incomplete Procedure
VI.2)Information on incomplete awarding procedure
The awarding procedure has been discontinued.
VI.4)Other additional information:
To view this notice, please click here:
https://www.delta-esourcing.com/delta/viewNotice.html?noticeId=154588491
GO-201586-PRO-6897320 TKR-201586-PRO-6897319
VI.5)Date of dispatch: 06/08/2015