Welsh Government Information Assurance Services Framework
The National Procurement Service wishes to establish a Framework Agreement (Agreement) for the supply of Information Assurance Services. Multiple Lots.
United Kingdom-Caerphilly: IT services: consulting, software development, Internet and support
2016/S 089-156412
Contract notice
Services
Directive 2014/24/EU
Section I: Contracting authority
I.1)Name and addresses
T’yr Afon, Bedwas Road
Caerphilly
CF83 8WT
UNITED KINGDOM
Contact person: ICT Category Team
E-mail: npsictcategoryteam@wales.gsi.gov.uk
NUTS code: UKL
Internet address(es):Main address: http://npswales.gov.uk
Address of the buyer profile: http://www.sell2wales.gov.uk/search/Search_AuthProfile.aspx?ID=AA27760
I.2)Joint procurement
I.3)Communication
I.4)Type of the contracting authority
I.5)Main activity
Section II: Object
II.1.1)Title:
NPS — Information Assurance Services Framework.
II.1.2)Main CPV code
II.1.3)Type of contract
II.1.4)Short description:
The National Procurement Service (NPS) wishes to establish a Framework Agreement (Agreement) for the supply of Information Assurance Services.
The NPS will deliver ‘All-Wales’ agreements for NPS Members and the Welsh public sector. The list of NPS Members can be found at:http://npswales.gov.uk This list may be subject to change as members sign-up to use the NPS, or member orgs are replaced during the life of the agreement.
A full list of Organisations that can utilise this Framework is detailed in Section VI.3) and within the ITT.
Under the terms of this contract the successful suppliers will be required to deliver Community Benefits in support of the authority’s economic and social objectives. Accordingly, contract performance conditions may relate in particular to social and environmental considerations.
Community Benefits will be included as Non-Core and not scored as part of the tender process. Full details are provided in the ITT.
II.1.5)Estimated total value
II.1.6)Information about lots
II.2.1)Title:
Lot 1: CESG CHECK accredited IT Health Checks
II.2.2)Additional CPV code(s)
II.2.3)Place of performance
II.2.4)Description of the procurement:
The Supplier must have capability to assess a range of Customers systems and services including;
Network Penetration Test, Network Vulnerability Assessment, Web Application Security Assessment,
Mobile Device Security Assessment, Wireless Security Assessment, Remote Working Assessment.
The Supplier must be identified by CESG as an Accredited Supplier of CHECK services.
Further details can be found in the tender documentation.
II.2.5)Award criteria
II.2.6)Estimated value
II.2.7)Duration of the contract, framework agreement or dynamic purchasing system
The Agreement will be for a maximum period of up to 4 years, comprising of an initial period of 2 years (the Initial Term) with the option to extend for further periods up to maximum of 2 years.
II.2.10)Information about variants
II.2.11)Information about options
II.2.13)Information about European Union funds
II.2.14)Additional information
A Maximum of 6 Suppliers will be awarded to this Lot.
Customers are able to vary the award weightings at the call-off stage. Please refer to the ITT for details.
II.2.1)Title:
Lot 2: TIGER Certified Professional Scheme IT Health Checks
II.2.2)Additional CPV code(s)
II.2.3)Place of performance
II.2.4)Description of the procurement:
The Supplier must have capability to assess a range of Customers systems and services including:
Network Penetration Test, Network Vulnerability Assessment, Web Application Security Assessment,
Mobile Device Security Assessment, Wireless Security Assessment, Remote Working Assessment.
The Supplier must be identified as an Approved and Certified TIGER Supplier.
Further details can be found in the tender documentation.
II.2.5)Award criteria
II.2.6)Estimated value
II.2.7)Duration of the contract, framework agreement or dynamic purchasing system
The Agreement will be for a maximum period of up to 4 years, comprising of an initial period of 2 years (the Initial Term) with the option to extend for further periods up to maximum of 2 years.
II.2.10)Information about variants
II.2.11)Information about options
II.2.13)Information about European Union funds
II.2.14)Additional information
A Maximum of 5 Suppliers will be awarded to this Lot.
Customers are able to vary the award weightings at the call-off stage. Please refer to the ITT for details.
II.2.1)Title:
Lot 3: CREST Certified Professional Scheme IT Health Checks
II.2.2)Additional CPV code(s)
II.2.3)Place of performance
II.2.4)Description of the procurement:
The Supplier must have capability to assess a range of Customers systems and services including:
Network Penetration Test, Network Vulnerability Assessment, Web Application Security Assessment,
Mobile Device Security Assessment, Wireless Security Assessment, Remote Working Assessment.
The Supplier must be identified as an Approved and Certified CREST Supplier.
Further details can be found in the tender documentation.
II.2.5)Award criteria
II.2.6)Estimated value
II.2.7)Duration of the contract, framework agreement or dynamic purchasing system
The Agreement will be for a maximum period of up to 4 years, comprising of an initial period of 2 years (the Initial Term) with the option to extend for further periods up to maximum of 2 years.
II.2.10)Information about variants
II.2.11)Information about options
II.2.13)Information about European Union funds
II.2.14)Additional information
A Maximum of 5 Suppliers will be awarded to this Lot.
Customers are able to vary the award weightings at the call-off stage. Please refer to the ITT for details.
II.2.1)Title:
Lot 4: CESG Certified Professional Scheme Security Assurance (other than Penetration testing)
II.2.2)Additional CPV code(s)
II.2.3)Place of performance
II.2.4)Description of the procurement:
The objective of this Lot is to provide Customers with access to CESG Certified professional Scheme Information Assurance (IA) professionals to provide guidance that is consistent with the latest CESG protocols.
The criticality of the security advice is dependent on the expertise and knowledge of the Supplier’s staff is such that;
— the company and nominated individuals must be listed by a CESG accreditation body.
— at least one member of the Company’s staff must demonstrate that they meet the criteria to be assessed as a Senior/Lead Practitioner in the required discipline.
— all other non-assessed members of the team will be required to be associate CESG members.
II.2.5)Award criteria
II.2.6)Estimated value
II.2.7)Duration of the contract, framework agreement or dynamic purchasing system
1.1.4 The Agreement will be for a maximum period of up to 4 years, comprising of an initial period of 2 years (the Initial Term) with the option to extend for further periods up to maximum of 2 years.
II.2.10)Information about variants
II.2.11)Information about options
II.2.13)Information about European Union funds
II.2.14)Additional information
A Maximum of 6 Suppliers will be awarded to this Lot.
Customers are able to vary the award weightings at the call-off stage. Please refer to the ITT for details.
II.2.1)Title:
Lot 5: Payment Card Industry Approved Scanning Vendors
II.2.2)Additional CPV code(s)
II.2.3)Place of performance
II.2.4)Description of the procurement:
The Supplier must have capability to validate adherence to Data Security Standards by performing vulnerability scans of the external facing environments of customers’ networks.
The Supplier must be identified as an Approved Scanning Vendor (ASV) by the Payment Card Industry Security Standards Council.
The test team must have sufficient experience to undertake the Service and comprise the necessary mix of expertise for the component technologies of the Customer systems.
II.2.5)Award criteria
II.2.6)Estimated value
II.2.7)Duration of the contract, framework agreement or dynamic purchasing system
The Agreement will be for a maximum period of up to 4 years, comprising of an initial period of 2 years (the Initial Term) with the option to extend for further periods up to maximum of 2 years.
II.2.10)Information about variants
II.2.11)Information about options
II.2.13)Information about European Union funds
II.2.14)Additional information
A Maximum of 3 Suppliers will be awarded to this Lot.
Customers are able to vary the award weightings at the call-off stage. Please refer to the ITT for details.
II.2.1)Title:
Lot 6: Payment Card Industry Security Standards Council accredited — Qualified Security Assessor
II.2.2)Additional CPV code(s)
II.2.3)Place of performance
II.2.4)Description of the procurement:
The objective of the Qualified Security Assessor (QSA) Lot is to provide Customer with access to Payment Card Industry Security Standards Council accredited professionals to provide guidance and validate an organisation’s adherence to the Payment Card Industry Data Security Standards (PCI DSS).
Security Assessors must have current certification issued by PCI Security Standards Council and be employees of a Qualified Security Assessor (QSA) company qualified by PCI Security Standards Council.
II.2.5)Award criteria
II.2.6)Estimated value
II.2.7)Duration of the contract, framework agreement or dynamic purchasing system
The Agreement will be for a maximum period of up to 4 years, comprising of an initial period of 2 years (the Initial Term) with the option to extend for further periods up to maximum of 2 years.
II.2.10)Information about variants
II.2.11)Information about options
II.2.13)Information about European Union funds
II.2.14)Additional information
A Maximum of 6 Suppliers will be awarded to this Lot.
Customers are able to vary the award weightings at the call-off stage. Please refer to the ITT for details.
II.2.1)Title:
Lot 7: Cyber Essentials
II.2.2)Additional CPV code(s)
II.2.3)Place of performance
II.2.4)Description of the procurement:
The objective of the LOT is to provide Customers with access to Cyber Essential certifiers to provide guidance and validate an organisation’s adherence to Cyber Essentials and Cyber Essentials Plus requirements.
Assessors must have current certification issued by a CESG approved Accreditation Body.
II.2.5)Award criteria
II.2.6)Estimated value
II.2.7)Duration of the contract, framework agreement or dynamic purchasing system
The Agreement will be for a maximum period of up to 4 years, comprising of an initial period of 2 years (the Initial Term) with the option to extend for further periods up to maximum of 2 years.
II.2.10)Information about variants
II.2.11)Information about options
II.2.13)Information about European Union funds
II.2.14)Additional information
A Maximum of 6 Suppliers will be awarded to this Lot.
Customers are able to vary the award weightings at the call-off stage. Please refer to the ITT for details.
Section III: Legal, economic, financial and technical information
III.1.1)Suitability to pursue the professional activity, including requirements relating to enrolment on professional or trade registers
Lot specific suitability requirements are set within the tender documentation.
III.1.2)Economic and financial standing
As set out in the Tender Documentation.
The awarding authority reserves the right to request parent company and/or other guarantees of performance and financial liability.
III.1.3)Technical and professional ability
Details will be listed in the invitation to tender documentation.
III.2.2)Contract performance conditions:
Refer to tender documentation.
III.2.3)Information about staff responsible for the performance of the contract
Section IV: Procedure
IV.1.1)Type of procedure
IV.1.3)Information about a framework agreement or a dynamic purchasing system
IV.1.8)Information about the Government Procurement Agreement (GPA)
IV.2.1)Previous publication concerning this procedure
IV.2.2)Time limit for receipt of tenders or requests to participate
IV.2.4)Languages in which tenders or requests to participate may be submitted:
IV.2.6)Minimum time frame during which the tenderer must maintain the tender
IV.2.7)Conditions for opening of tenders
Section VI: Complementary information
VI.1)Information about recurrence
VI.3)Additional information:
The Agreement will be open for use by the following Orgs within Wales:
— Welsh Ministers, their agencies, sponsored and statutory bodies and other contracting authorities funded by them, whether or not they operate independently of Welsh Ministers
— The Welsh Assembly Commission
— Any company, limited liability partnership or other corporate entity wholly or partly owned by or controlled (directly or indirectly) by Welsh Government
— UK Government, their agencies, companies and limited liability partnerships or other corporate entities, wholly or partly owned by or controlled by departments of the UK Government and which operate in Wales
— Non-ministerial governmental departments which operate devolved offices in Wales
— Local Authorities in Wales their agencies, companies and limited liability partnerships or other corporate entities wholly or partly owned by or controlled by and any county and county borough, city, community or other council or local authority in Wales
— Contracting authorities established for the provision of culture, media and sport in Wales
— NHS Health Boards in Wales, NHS Trusts in Wales, Special Health Authorities in Wales, Community Health Councils in Wales, the NHS Wales Shared Services Partnership and Board of Community Health Councils and any other contracting authorities operating within or on behalf of the NHS in Wales
— Higher and further education bodies in Wales, including colleges, community colleges and universities, WEA Cymru and Colleges Wales
— Police and crime commissioners and police forces in Wales; national park, and fire and rescue authorities in Wales
— Wales Council for Voluntary Action and those associated charities and voluntary organisations
— Citizen Advice Bureaux in Wales
— Registered social landlords on the register maintained by Welsh Government
— Schools, sixth-form colleges, foundation schools and academies in Wales (but not independent schools)
— HM Inspectorate of Schools in Wales (Estyn)
— One Voice Wales (Town & Community Councils) and town & community councils in Wales
— Tribunals administered by Her Majesty’s Courts and Tribunals Service acting as the Executive Agency of the Ministry of Justice (and which operate in Wales)
— Tribunals listed under the Administrative Justice and Tribunals Council (Listed Tribunals) (Wales) Order 2007 and any other tribunals that deal with devolved subject matter or are sponsored by the Welsh Assembly Government or Welsh Local Authorities
— Where applicable, the above shall include subsidiaries of the contracting authority at any level.
In the event of merger, abolition or change of any of the contracting authorities listed or referred to above, the successors to those authorities or to their functions will also be able to enter into specific contracts under this framework.
ITT documentation can be accessed via: https://etenderwales.bravosolution.co.uk
Etender references:
Project_32718 — NPS — Information Assurance Services.
itt_53078 — Community Benefits Submissions
itt_52911 — Qualification Questionnaire
itt_52914 — Generic Questions
itt_52915 Lot 1,itt_52917 Lot 2,itt_52918 Lot 3,itt_52919 Lot 4,itt_52920 Lot 5,itt_52921 Lot 6,itt_54114 Lot 7.
If you are seeking help on using the etenderwales system please email help@bravosolution.co.uk or call 08003684852.
If you require documentation in an alternative format, please use the ‘Messages’ area to contact NPS, who will be able to provide a more suitable format.
The Welsh Ministers (NPS) will not be liable for any bidder costs arising from the non award of this framework.
Note: the authority is using eTenderwales to carry out this procurement process. To obtain further information record your interest on Sell2Wales athttp://www.sell2wales.gov.wales/search/search_switch.aspx?ID=40493
(WA Ref:40493).
VI.4.1)Review body
T’yr Afon, Bedwas Road
Caerphilly
CF83 8WT
UNITED KINGDOM
Telephone: +44 3007900170Internet address:http://npswales.gov.uk
VI.5)Date of dispatch of this notice:
Related Posts
NIPS Prison Record Information System Market Sounding
Provide Document Control Services to HS2