IT Penetration Testing for BBC

IT Penetration Testing for BBC

Framework for the provision of Information Technology Penetration Testing to test the security and resilience of various systems.

United Kingdom-London: Computer-related services

2015/S 192-348062

Contract notice

Services

Directive 2004/18/EC

Section I: Contracting authority

I.1)Name, addresses and contact point(s)

The British Broadcasting Corporation (BBC)
Broadcasting House, Portland Place
For the attention of: Paul Hurley
W1A 1AA London
UNITED KINGDOM
E-mail: paul.hurley@bbc.co.uk

Internet address(es):

General address of the contracting authority: http://www.bbc.co.uk/supplying/

Electronic access to information: https://bbc.bravosolution.co.uk

Electronic submission of tenders and requests to participate: https://bbc.bravosolution.co.uk

Further information can be obtained from: The above mentioned contact point(s)

Specifications and additional documents (including documents for competitive dialogue and a dynamic purchasing system) can be obtained from: The above mentioned contact point(s)

Tenders or requests to participate must be sent to: BBC
Internet address: https://bbc.bravosolution.co.uk

I.2)Type of the contracting authority

Body governed by public law

I.3)Main activity

Other: broadcasting

I.4)Contract award on behalf of other contracting authorities

The contracting authority is purchasing on behalf of other contracting authorities: no

Section II: Object of the contract

II.1)Description

II.1.1)Title attributed to the contract by the contracting authority:

IT Penetration Testing.

II.1.2)Type of contract and location of works, place of delivery or of performance

Services
Service category No 7: Computer and related services
Main site or location of works, place of delivery or of performance: BBC sites across the United Kingdom — please refer to a full list of relevant sites contained within the PQQ document.

NUTS code UK

II.1.3)Information about a public contract, a framework agreement or a dynamic purchasing system (DPS)

The notice involves the establishment of a framework agreement

II.1.4)Information on framework agreement

Framework agreement with several operators
maximum number of participants to the framework agreement envisaged: 15

Duration of the framework agreement

Duration in years: 3

Estimated total value of purchases for the entire duration of the framework agreement

Estimated value excluding VAT:
Range: between 388 000 and 517 000 GBP

II.1.5)Short description of the contract or purchase(s)

BBC Information Security is seeking to establish a 3 year framework agreement (with the option to apply extensions to the initial term for a total period of up to 12 months) for the provision of Information Technology Penetration Testing to test the security and resilience of various systems against a variety of different platforms.
The framework agreement will commence on 1.2.2016 and consist of three separate lots:
Lot 1 — Web Applications, Network Infrastructure and Mobile Device.
Lot 2 — Social Engineering.
Lot 3 — Secure Code Testing of Platforms.
The BBC requires provision and delivery of IT Penetration Testing Services across all of the BBC UK sites and is therefore seeking to appoint a number of tenderer’s who can all fulfil its pan-BBC requirements.
The BBC is acting on its own behalf and as agent for BBC World Service Trading Ltd, BBC World Service Holdings Ltd, BBC World Service Television Limited, BBC Studios and Post Production Limited, BBC Children in Need, Children in Need Limited, BBC Media Action and BBC Worldwide Limited.

Procurement documentation can be accessed at https://bbc.bravosolution.co.uk

II.1.6)Common procurement vocabulary (CPV)

72500000, 72820000

II.1.7)Information about Government Procurement Agreement (GPA)

The contract is covered by the Government Procurement Agreement (GPA): yes

II.1.8)Lots

This contract is divided into lots: yes
Tenders may be submitted for all lots

II.1.9)Information about variants

Variants will be accepted: no
II.2)Quantity or scope of the contract

II.2.1)Total quantity or scope:

The BBC is acting on its own behalf and as agent for BBC World Service Trading Ltd, BBC World Service Holdings Ltd, BBC World Service Television Limited, BBC Studios and Post Production Limited, BBC Children in Need, Children in Need Limited, BBC Media Action and BBC Worldwide Limited.

II.2.2)Information about options

Options: yes
Description of these options: The BBC may at its sole discretion extend the framework agreements multiple times up to a maximum of 12 months.
II.2.3)Information about renewals
II.3)Duration of the contract or time limit for completion

Information about lots

Lot No: 1 Lot title: Web Application, Network Infrastructure and Mobile Device Penetration Testing

1)Short description

Reviewing Web Applications, Network Infrastructure, Mobile Device and the operating system, database and web server stack that they sit on, for security vulnerabilities and providing advice on how to fix the issues identified.

2)Common procurement vocabulary (CPV)

72820000

3)Quantity or scope

Estimated value excluding VAT:
Range: between 330 000 and 440 000 GBP
4)Indication about different date for duration of contract or starting/completion

5)Additional information about lots

In the case of technology requirements, the BBC may involve its technology partner (Atos IT Solutions and Services Limited) to assist in the scoping and drafting of invitations to tender and/or the evaluation of tenders. However, the final decision as to which is the most economically advantageous (by reference to the award criteria) will be made by the BBC. The awarding authority reserves the right not to award a contract and to annul the procurement process at any stage. Tenders and all supporting documents must be priced in sterling and all payments will be made in sterling. The contract shall be subject to English law. The awarding authority does not bind itself to accept the lowest, or any tender and reserves the right to accept part of a tender unless the tenderer expressly stipulates otherwise in the tender document. To prevent BBC e-Tendering portal email alerts from being quarantined by your organisation’s fire wall or spam filter, you are advised to instruct your IT team to accept all emails with a .BravoSolution.co.uk extension (our portal provider) or from help@bravosolution.co.uk. If Section II.1.9 shows ‘Yes’, variants will be accepted provided they meet the core requirements of the project.

Lot No: 2 Lot title: Social Engineering

1)Short description

Testing Employee awareness of good security practice, by attempting to gain unauthorised access to systems and networks via misrepresentation.

2)Common procurement vocabulary (CPV)

72820000

3)Quantity or scope

Estimated value excluding VAT:
Range: between 13 000 and 17 000 GBP
4)Indication about different date for duration of contract or starting/completion

5)Additional information about lots

In the case of technology requirements, the BBC may involve its technology partner (Atos IT Solutions and Services Limited) to assist in the scoping and drafting of invitations to tender and/or the evaluation of tenders. However, the final decision as to which is the most economically advantageous (by reference to the award criteria) will be made by the BBC. The awarding authority reserves the right not to award a contract and to annul the procurement process at any stage. Tenders and all supporting documents must be priced in sterling and all payments will be made in sterling. The contract shall be subject to English law. The awarding authority does not bind itself to accept the lowest, or any tender and reserves the right to accept part of a tender unless the tenderer expressly stipulates otherwise in the tender document. To prevent BBC e-Tendering portal email alerts from being quarantined by your organisation’s fire wall or spam filter, you are advised to instruct your IT team to accept all emails with a BravoSolution.co.uk extension (our portal provider) or from help@bravosolution.co.uk. If Section II.1.9 shows ‘Yes’, variants will be accepted provided they meet the core requirements of the project.

Lot No: 3 Lot title: Secure Code Testing of Platforms

1)Short description

Reviewing web application source code for coding errors that may introduce a security weakness.

2)Common procurement vocabulary (CPV)

72820000

3)Quantity or scope

Estimated value excluding VAT:
Range: between 45 000 and 60 000 GBP
4)Indication about different date for duration of contract or starting/completion

5)Additional information about lots

In the case of technology requirements, the BBC may involve its technology partner (Atos IT Solutions and Services Limited) to assist in the scoping and drafting of invitations to tender and/or the evaluation of tenders. However, the final decision as to which is the most economically advantageous (by reference to the award criteria) will be made by the BBC. The awarding authority reserves the right not to award a contract and to annul the procurement process at any stage. Tenders and all supporting documents must be priced in sterling and all payments will be made in sterling. The contract shall be subject to English law. The awarding authority does not bind itself to accept the lowest, or any tender and reserves the right to accept part of a tender unless the tenderer expressly stipulates otherwise in the tender document. To prevent BBC e-Tendering portal email alerts from being quarantined by your organisation’s fire wall or spam filter, you are advised to instruct your IT team to accept all emails with a BravoSolution.co.uk extension (our portal provider) or from help@bravosolution.co.uk. If Section II.1.9 shows ‘Yes’, variants will be accepted provided they meet the core requirements of the project.

Section III: Legal, economic, financial and technical information

III.1)Conditions relating to the contract

III.1.1)Deposits and guarantees required:

Guarantees may be required.
III.1.2)Main financing conditions and payment arrangements and/or reference to the relevant provisions governing them:

III.1.3)Legal form to be taken by the group of economic operators to whom the contract is to be awarded:

Where there is more than one economic operator, the BBC reserves the right to require a grouping of economic operators to take a particular legal form or to require a single economic operator to take primary liability or to require that each party undertakes joint and several liability.
III.1.4)Other particular conditions
III.2)Conditions for participation

III.2.1)Personal situation of economic operators, including requirements relating to enrolment on professional or trade registers

Information and formalities necessary for evaluating if the requirements are met: Suppliers Instructions — How to Express Interest in this Tender:

1. You should first go to the BravoSolution eTendering portal at the following link: https://bbc.bravosolution.co.uk

2. Once in the BravoSolution portal you have 2 possible options:
a) without having to register you can select ‘View tender opportunities’ and click on ‘Current Opportunities’ to view a summary of this project. If you would then like to formally express an interest and view the documentation you should follow the instructions in b) below.
b) Register your company (if not already registered) by clicking on the ‘Register’ button (this is only required once). Next, you should accept the terms and conditions and click continue — Enter your correct business and user details — Note the username you chose and click Save when complete — You will shortly receive an email with your unique password (please keep this secure). You can now formally express an interest in this tender.
3. Express an Interest in the tender — Login to the portal with the username/password — Click the ‘PQQs / ITTs Open To All Suppliers’ link. (These are Pre-Qualification Questionnaires or Invitations to Tender open to any registered supplier) — Click on the relevant PQQ/ ITT to access the content. — Click the ‘Express Interest’ button at the top of the page. — This will move the PQQ /ITT into your ‘My PQQs/ My ITTs’ page. (This is a secure area reserved for your projects only) -You can now access any attachments by clicking ‘Buyer Attachments’ in the ‘PQQ/ ITT Details’ box.

4. Responding to the tender — Click ‘My Response’ under ‘PQQ/ ITT Details’, you can choose to ‘Create Response’ or to ‘Decline to Respond’ (please give a reason if declining) — You can now use the ‘Messages’ function to communicate with the buyer and seek any clarification — Note the deadline for completion, then follow the on-screen instructions to complete the PQQ/ ITT — There may be a mixture of online and offline actions for you to perform (there is detailed online help available) You must then submit your reply using the ‘Submit Response’ button at the top of the page. If you require any further assistance please consult the online help, or contact the e-Tendering help-desk. Submit your reply using the ‘Submit Response’ button in the Actions box on the left-hand side of the page. If you require any further assistance please consult the online help, or contact the e-Tendering help desk (contact details can be found at https://bbc.bravosolution.co.uk).

III.2.2)Economic and financial ability

Information and formalities necessary for evaluating if the requirements are met: The BBC will evaluate technical ability/financial standing of the bidders in accordance with Articles 57-65 of Directive 2014/24/EU and Regulations 57-65 of the Public Contracts Regulations 2015 and detailed explanations of the evaluation methodology and minimum criteria to be satisfied are set out in the Pre-qualification Questionnaire.

III.2.3)Technical capacity

Information and formalities necessary for evaluating if the requirements are met:
The BBC will evaluate technical ability/financial standing of the bidders in accordance with Articles 57-65 of Directive 2014/24/EU and Regulations 57-65 of the Public Contracts Regulations 2015 and detailed explanations of the evaluation methodology and minimum criteria to be satisfied are set out in the Pre-qualification Questionnaire.
Minimum level(s) of standards possibly required:
Please refer to Section C4 of the PQQ document.
III.2.4)Information about reserved contracts
III.3)Conditions specific to services contracts
III.3.1)Information about a particular profession
III.3.2)Staff responsible for the execution of the service

Section IV: Procedure

IV.1)Type of procedure

IV.1.1)Type of procedure

Restricted

IV.1.2)Limitations on the number of operators who will be invited to tender or to participate

Envisaged minimum number 9: and maximum number 15
Objective criteria for choosing the limited number of candidates: The BBC will evaluate technical ability/financial standing of the bidders in accordance with Articles 57-65 of Directive 2014/24/EU and Regulations 57-65 of the Public Contracts Regulations 2015 and detailed explanations of the evaluation methodology and minimum criteria to be satisfied are set out in the Pre-qualification Questionnaire.
IV.1.3)Reduction of the number of operators during the negotiation or dialogue
IV.2)Award criteria

IV.2.1)Award criteria

The most economically advantageous tender in terms of the criteria stated in the specifications, in the invitation to tender or to negotiate or in the descriptive document

IV.2.2)Information about electronic auction

An electronic auction will be used: yes
Additional information about electronic auction: The BBC may carry out a Reverse Electronic Auction if appropriate.
IV.3)Administrative information

IV.3.1)File reference number attributed by the contracting authority:

PROC/2014/87/PH

IV.3.2)Previous publication(s) concerning the same contract

Notice on a buyer profile

Notice number in the OJEU: 2011/S 240-389541 of 14.12.2011

IV.3.3)Conditions for obtaining specifications and additional documents or descriptive document

IV.3.4)Time limit for receipt of tenders or requests to participate

28.10.2015 – 13:00
IV.3.5)Date of dispatch of invitations to tender or to participate to selected candidates

IV.3.6)Language(s) in which tenders or requests to participate may be drawn up

English.
IV.3.7)Minimum time frame during which the tenderer must maintain the tender
IV.3.8)Conditions for opening of tenders

Section VI: Complementary information

VI.1)Information about recurrence

This is a recurrent procurement: no

VI.2)Information about European Union funds

The contract is related to a project and/or programme financed by European Union funds: no

VI.3)Additional information

In the case of technology requirements, the BBC may involve its technology partner (Atos IT Solutions and Services Limited) to assist in the scoping and drafting of invitations to tender and/or the evaluation of tenders. However, the final decision as to which is the most economically advantageous (by reference to the award criteria) will be made by the BBC. The awarding authority reserves the right not to award a contract and to annul the procurement process at any stage. Tenders and all supporting documents must be priced in sterling and all payments will be made in sterling. The contract shall be subject to English law. The awarding authority does not bind itself to accept the lowest, or any tender and reserves the right to accept part of a tender unless the tenderer expressly stipulates otherwise in the tender document. To prevent BBC e-Tendering portal email alerts from being quarantined by your organisation’s fire wall or spam filter, you are advised to instruct your IT team to accept all emails with a BravoSolution.co.uk extension (our portal provider) or from help@bravosolution.co.uk. If Section II.1.9 shows ‘Yes’, variants will be accepted provided they meet the core requirements of the project.

Electronic ordering will be used, and Electronic invoicing will be accepted, and Electronic payment will be used.

VI.4)Procedures for appeal
VI.4.1)Body responsible for appeal procedures
VI.4.2)Lodging of appeals
VI.4.3)Service from which information about the lodging of appeals may be obtained

VI.5)Date of dispatch of this notice:

28.9.2015

Enjoyed this post? Share it!