Specialist ICT Security Services Contract

Specialist ICT Security Services Contract

The DfT is seeking to award a contract for the provision of specialist Security Practitioner Services to support its ongoing compliance with the security outcomes of the HMG SPF.

United Kingdom-Hastings: Computer support and consultancy services

2015/S 064-113109

Contract notice

Services

Directive 2004/18/EC

Section I: Contracting authority

I.1)Name, addresses and contact point(s)

DFT
Group Procurement Division, Zone D/06 Ashdown House, Sedlescombe Road North
For the attention of: Tony Moss
TN37 7GA Hastings
UNITED KINGDOM
Telephone: +44 2079448422
E-mail: anthony.moss@dft.gsi.gov.uk
Fax: +44 2079448440

Internet address(es):

General address of the contracting authority: www.dft.gov.uk

Electronic access to information: http://tenders.dft.gov.uk/ppro-04-69-04/index.html

Further information can be obtained from: The above mentioned contact point(s)

Specifications and additional documents (including documents for competitive dialogue and a dynamic purchasing system) can be obtained from: The above mentioned contact point(s)

Tenders or requests to participate must be sent to: The above mentioned contact point(s)

I.2)Type of the contracting authority

Ministry or any other national or federal authority, including their regional or local sub-divisions

I.3)Main activity

Other: transport

I.4)Contract award on behalf of other contracting authorities

The contracting authority is purchasing on behalf of other contracting authorities: no

Section II: Object of the contract

II.1)Description

II.1.1)Title attributed to the contract by the contracting authority:

Specialist Security Practitioners Services Contract.

II.1.2)Type of contract and location of works, place of delivery or of performance

Services
Service category No 7: Computer and related services

NUTS code UK

II.1.3)Information about a public contract, a framework agreement or a dynamic purchasing system (DPS)

The notice involves the establishment of a framework agreement

II.1.4)Information on framework agreement

Framework agreement with several operators

Duration of the framework agreement

Duration in years: 3

Estimated total value of purchases for the entire duration of the framework agreement

Estimated value excluding VAT: 3 500 000 GBP

II.1.5)Short description of the contract or purchase(s)

Computer support and consultancy services. Computer-related services. Computer-related professional services. Computer support services. Technical computer support services. Computer network services. Computer audit and testing services. The DfT is seeking to award a contract for the provision of specialist Security Practitioner Services to support its ongoing compliance with the security outcomes of the HMG SPF and other areas of compliance such as PCI DSS and the Public Services Network.

II.1.6)Common procurement vocabulary (CPV)

72600000, 72500000, 72590000, 72610000, 72611000, 72700000, 72800000

II.1.7)Information about Government Procurement Agreement (GPA)

The contract is covered by the Government Procurement Agreement (GPA): yes

II.1.8)Lots

This contract is divided into lots: yes
Tenders may be submitted for one or more lots

II.1.9)Information about variants

Variants will be accepted: no
II.2)Quantity or scope of the contract
II.2.1)Total quantity or scope:
II.2.2)Information about options
II.2.3)Information about renewals

II.3)Duration of the contract or time limit for completion

Duration in months: 36 (from the award of the contract)

Information about lots

Lot No: 1Lot title: IT Security and Information Assurance

1)Short description

In line with current guidelines and standards and the proposed changes by CESG to Information Assurance (IA) consultancy, suppliers must be able to demonstrate and provide a range of experience and skills which relate to CESG Certified Professional (CCP) or equivalent roles i.e. CLAS.
Suppliers will be required to undertake a broad range of IT Security and IA roles of which the key areas are summarised as follows:
— Conduct risk assessments;
— Provide expert advice for the planning, design, set-up and implementation of information security relating to security architecture, configurations, risk control regimes and others requirements as specified;
— Develop security documentation in line with CESG and government standards (or as otherwise agreed);
— Develop policies, guidance and procedures relating to information security and information assurance;
— Conduct and document compliance reviews/checks of information systems in line with UKG and international best practice, policies and standards and where required, to carry out document reviews.

2)Common procurement vocabulary (CPV)

72500000

3)Quantity or scope
4)Indication about different date for duration of contract or starting/completion
5)Additional information about lots

Lot No: 2Lot title: IT Health Checks

1)Short description

IT Health Checks identify vulnerabilities in IT systems and networks which may compromise the confidentiality, integrity or availability of information held on that IT system.
The CHECK scheme enables penetration testing by CESG approved companies, employing penetration testing personnel qualified to assess HMG and other public sector bodies.
Suppliers must be able to demonstrate and provide a range of experience relating to IT Health Checks including, where appropriate, retain a valid and active registration on the CESG CHECK scheme or be CREST or TIGER accredited from qualified PCI security assessors.
Suppliers will be required to carry out and report on:
— IT security health checks of DfT IT systems;
— Penetration tests of IT systems and services;
— Compliance checks for ISO27000 standards (2005 and 2013) and similar standards such as the CESG IAS1&2 Baseline Control Set; and
— Scanning and compliance checks for PCI-DSS.
For all of the above and where relevant and agreed with the DfT lead, suppliers must be capable of producing reports that include: an impact assessment statement, a summary of the approach taken together with working assumptions, a set of findings, conclusions and recommendations and where relevant, a list of the key risks and issues including any costs relating to rectification.

2)Common procurement vocabulary (CPV)

72500000

3)Quantity or scope
4)Indication about different date for duration of contract or starting/completion
5)Additional information about lots

Lot No: 3Lot title: Forensics

1)Short description

Suppliers must, at short notice, be capable of conducting internal security investigations to support legal compliance.
Suppliers must be able to demonstrate experience and expertise in the following areas of activity:
— Assessment and advice on the best approaches for preserving data or managing active incidents;
— Isolation and analysis of active IT systems;
— Analysis of disc drives, tapes and solid state memory devices for information that may have been deleted or overwritten;
— Analysis of Trusted Platform Module (TPM) and other hardware alerts;
— Analysis of log files and audit trails and other software indicators to associate actions, times, devices and person-related authentication credentials or tokens;
— Analysis of PCI-DSS transactions and related activity; and
— Physical forensics of equipment, work spaces etc.

2)Common procurement vocabulary (CPV)

72500000

3)Quantity or scope
4)Indication about different date for duration of contract or starting/completion
5)Additional information about lots

Lot No: 4Lot title: Physical Security and Business Continuity

1)Short description

The DfT will issue a specification setting out the objectives, scope and expected deliverables for each individual Physical Security and Business Continuity requirement.
Due to the broad and varying nature of the requirements, suppliers should have demonstrable experience and qualifications, where required, to perform the following range of activities:
— Business Continuity
To review, amend, design, test and implement existing/new strategies and plans, governance structures including roles and responsibilities, processes, procedures and systems;
— Incident Management
To review, amend, design, test and implement existing/new strategies and plans, governance structures including roles and responsibilities, processes, procedures and systems – relating to both IT and Non-IT systems as required;
— Physical Security
To carry out physical risk assessments and audits in line with HMG policy and develop, where appropriate, remediation plans and new processes and procedures;
To develop policy and guidance relating to the storage of sensitive assets and their environments; and
To assess operational requirements and provide guidance in order to reduce the threat of risk and harm to DfT staff, information and assets.

2)Common procurement vocabulary (CPV)

72500000

3)Quantity or scope
4)Indication about different date for duration of contract or starting/completion
5)Additional information about lots

Section III: Legal, economic, financial and technical information

III.1)Conditions relating to the contract

III.1.1)Deposits and guarantees required:

Participants will be advised if this is necessary during the procurement. Parent company and/or other guarantees of performance and financial liability may be required by the Agent if considered appropriate.

III.1.2)Main financing conditions and payment arrangements and/or reference to the relevant provisions governing them:

Tenders are to be priced in GBP and payment will only be made in GBP.

III.1.3)Legal form to be taken by the group of economic operators to whom the contract is to be awarded:

The group will be required to nominate a lead partner with whom the Authority can contract, or form themselves into a single legal entity before the contract is awarded.

III.1.4)Other particular conditions

The performance of the contract is subject to particular conditions: no
III.2)Conditions for participation

III.2.1)Personal situation of economic operators, including requirements relating to enrolment on professional or trade registers

Information and formalities necessary for evaluating if the requirements are met: Please refer to the Invitation to Tender Documents.

III.2.2)Economic and financial ability

Information and formalities necessary for evaluating if the requirements are met: Please refer to the Invitation to Tender Documents.
Minimum level(s) of standards possibly required: Please refer to the Invitation to Tender Documents.

III.2.3)Technical capacity

Information and formalities necessary for evaluating if the requirements are met:
Please refer to the Invitation to Tender Documents.
Minimum level(s) of standards possibly required:
Please refer to the Invitation to Tender Documents.
III.2.4)Information about reserved contracts
III.3)Conditions specific to services contracts

III.3.1)Information about a particular profession

Execution of the service is reserved to a particular profession: no

III.3.2)Staff responsible for the execution of the service

Legal persons should indicate the names and professional qualifications of the staff responsible for the execution of the service: no

Section IV: Procedure

IV.1)Type of procedure

IV.1.1)Type of procedure

Open
IV.1.2)Limitations on the number of operators who will be invited to tender or to participate
IV.1.3)Reduction of the number of operators during the negotiation or dialogue
IV.2)Award criteria

IV.2.1)Award criteria

The most economically advantageous tender in terms of the criteria stated in the specifications, in the invitation to tender or to negotiate or in the descriptive document
IV.2.2)Information about electronic auction
IV.3)Administrative information

IV.3.1)File reference number attributed by the contracting authority:

PPRO 04/69/04
IV.3.2)Previous publication(s) concerning the same contract

IV.3.3)Conditions for obtaining specifications and additional documents or descriptive document

Time limit for receipt of requests for documents or for accessing documents: 4.5.2015 – 11:00
Payable documents: no

IV.3.4)Time limit for receipt of tenders or requests to participate

6.5.2015 – 11:00
IV.3.5)Date of dispatch of invitations to tender or to participate to selected candidates

IV.3.6)Language(s) in which tenders or requests to participate may be drawn up

English.
IV.3.7)Minimum time frame during which the tenderer must maintain the tender
IV.3.8)Conditions for opening of tenders

Section VI: Complementary information

VI.1)Information about recurrence
VI.2)Information about European Union funds

VI.3)Additional information

The contracting authority considers that this contract may be suitable for economic operators that are small or medium enterprises (SMEs). However, any selection of tenderers will be based solely on the criteria set out for the procurement, and the contract will be awarded on the basis of the most economically advantageous tender. Potential Providers should note that, in accordance with the UK Government’s policies on transparency, the DfT intends to publish the Selection and Award Questionnaires, Invitation to Tender (ITT) document and the text of any Contract awarded, subject to possible redactions at the discretion of the DfT. Further information on transparency can be found at:

http://gps.cabinetoffice.gov.uk/about-government-procurement-service/transparency-and-accountability/transparency-procurement

The DfT expressly reserves the right not to award the Contract as a result of the procurement process commenced by publication of this notice and in no circumstances will the DfT be liable for any costs incurred by the candidates. If the DfT decides to enter into a Contract with the successful supplier, this does not mean that there is any guarantee of subsequent contracts being awarded. Any expenditure, work or effort undertaken prior to Contract award is accordingly a matter solely for the commercial judgement of potential suppliers.
The duration of the Contract is for an initial 2 years with the option to extend for a further 1 year. Thus the potential duration of the Contract is 3 years.
The Department for Transport (DfT) is the Contracting Authority for the procurement of a contract to provide the DfT Family comprising of: the central Department and its Executive Agencies (i.e. Driver and Vehicle Standards Agency, Driver and Vehicle Licensing Agency, Highways England, Maritime and Coastguard Agency, Vehicle Certification Agency), Transport Bodies (i.e. Air Accident Investigation Branch, Marine Accident Investigation Branch and Rail Accident Investigation Branch), and Non-Departmental Public Bodies (NDPBs) (including but not limited to HS2 Ltd, British Transport Police Authority, Directly Operated Railways Limited, Northern Lighthouse Board, Passenger Focus, Trinity House) and their successor bodies
The value provided in Section II.1.4 is only an estimate and is based on the initial 2 year duration. As a baseline against the current contract, the DfT has made approximately 90 call-offs and approximately 70 % of the call-offs are for values of 20 000 GBP or less
Note: There is no appeal as such to a decision on whether or not to award the Contract but if you wish to make representations to the DfT about the conduct or outcome of the procurement you should email the DfT at the address stated in Section I.1.
To view this notice, please click here:

https://www.delta-esourcing.com/delta/viewNotice.html?noticeId=138594551

GO Reference: GO-2015327-PRO-6477578.

VI.4)Procedures for appeal

VI.4.1)Body responsible for appeal procedures

DFT
Group Procurement Division
TN37 7GA Hastings
UNITED KINGDOM
Telephone: +44 2079448422

VI.4.2)Lodging of appeals

Precise information on deadline(s) for lodging appeals: The DfT will incorporate a minimum 10 calendar day standstill period at the point information on the award of the contract is communicated to tenderers. Applicants who are unsuccessful shall be informed by the DfT as soon as possible after the decision has been made as to the reasons.
VI.4.3)Service from which information about the lodging of appeals may be obtained

VI.5)Date of dispatch of this notice:

27.3.2015

Enjoyed this post? Share it!