Penetration Testing and Information Security Consultancy

Penetration Testing and Information Security Consultancy

Penetration Testing Services – SNH and other agencies have many internal and web-based external applications and external services which need to be tested for security purposes on a regular basis. 


1 Authority Details


Authority Name and Address


Scottish Natural Heritage

Great Glen House, Leachkin Road,




Procurement Section

+44 1463725085

+44 1463725067


Address from which documentation may be obtained

As in 1.1


Completed documents must be returned to:

Scottish Natural Heritage

Knowledge & Information Management,


Kenny MacLean

+44 1313162666

2 Contract Details



Penetration Testing and Information Security Consultancy


Description of the goods or services required

Penetration Testing Services – SNH and other agencies have many internal and web-based external applications and external services which need to be tested for security purposes on a regular basis. This is done to ensure that the application and hardware configurations are secure and prevent unauthorized access to internal systems, and to ensure that data stored in these systems (temporary or long-term) is appropriately protected. We are looking for both a manual testing solution and automated testing that can be run on an ad-hoc/short notice basis.

Information Security Consultancy – SNH and other agencies may have requirement for consultancy relating to their progress against ISO27001 and SPF, along with other consultancy and advice on related subjects (such as Gap analysis, or assistance with policy development, BCP, PCI, DPA) or any other Information Security-related standard or activity.

NOTE: To register your interest in this notice and obtain any additional information please visit the Public Contracts Scotland Web Site at


Notice Coding and Classification

  279999   other Information Communication Technology

  100   All Scotland
  120   Highlands and Islands
  130   Aberdeen & North-East
  140   Tayside, Central & Fife
  150   Glasgow & Strathclyde
  160   Edinburgh & Lothians
  170   Scotland South


Total quantity or scope of tender

At present, SNH takes forward around 15 penetration tests per year, along with around 20 days of consultancy. Information is not available for the other potential users of this contract.

3 Conditions for Participation


Minimum standards and qualification required

Proven skills in:


– Penetration Testing

– Desktop Security Testing

– Multi platform Application Security Testing

– ISO27001 / SPF

– Secure Infrastructure design and consultancy

– Business Continuity Planning

– CHECK Accredited (To be verified via the CESG website)

– CLAS certified (To be verified via the CESG website)

– Confirmation that they have gone through CTC/SC check process

– Possess automated pen testing software and reporting process


4 Administrative Information


Type of Procedure

Dual stage – Candidates must first pass a selection procedure before being invited to tender or negotiate.


Reference number attributed to the notice by the contracting authority



Time Limits


a) Time-limit for obtaining documentation

b) Deadline for requests to participate
    22-09-2014  Time  13:00

c) Dispatch of invitations to tender 29-09-2014

d) Estimated award date 28-10-2014


Language or languages in which tenders or requests to participate can be drawn up



Tender Submission Postbox

5 Other Information


Additional Information

To be considered for this contract opportunity, suppliers must note their interest on the Public Contracts Scotland (PCS) portal – – and submit a completed Pre-Qualification Questionnaire (PQQ) to by the stated deadline of 13:00 hours (1pm) on 22 September 2014.


All PQQs will be assessed, and short-listed suppliers will be invited to submit a competitive tender via the PCS portal. Suppliers who submit a PQQ but are not short-listed to Tender stage will be notified by email.


The Tender stage will also be conducted via the PCS portal.


Collaborative arrangements:

National Records of Scotland, Historic Scotland, Disclosure Scotland, Registers of Scotland, Scottish Qualification Authority, Scottish Courts Service, Scottish Prison Service, Transport Scotland, Highlands and Islands Enterprise, Crown Office & Procurator Fiscal Service, Scottish Enterprise, Scottish Environment Protection Agency, Scottish Legal Aid Board, Scottish Natural Heritage, Visit Scotland , Forestry Commission Scotland

(SC Ref:319273)


Additional Documentation


  Low-value Pre-Qualification Questionnaire


Publication date of this notice