CONTRACT NOTICE – NATIONAL
|
| SERVICES |
1 Authority Details
|
1.1
|
Authority Name and Address
|
|
Estyn |
Information Services, Anchor Court, Keen Road, |
Cardiff |
CF24 5JW |
UK |
Ben Thomas |
+44 2920446513 |
contracts@estyn.gov.uk |
|
| www.estyn.gov.wales |
|
1.2
|
Address from which documentation may be obtained
Estyn |
Information Services, Anchor Court, Keen Road, |
Cardiff |
CF24 5JW |
UK |
Ben Thomas |
+44 2920446513 |
contracts@estyn.gov.uk |
|
| www.estyn.gov.wales |
|
1.3
|
Completed documents must be returned to:
Estyn |
Procurement, Anchor Court, Keen Road, |
Cardiff |
CF24 5JW |
UK |
Jonathan Cooper |
+44 2920446513 |
contracts@estyn.gov.uk |
|
| www.estyn.gov.wales |
|
2 Contract Details
|
2.1
|
Title
Provision of Penetration Testing Services to Estyn
|
2.2
|
Description of the goods or services required
We are looking for a Potential Provider to work in partnership with us to provide penetration testing services. The Potential Provider must be experts in their field, who can work with us to ensure our IT systems are safe from threat, and who can identify/make informed recommendations for improvement. In general terms we would expect such tests to consider the following, but suppliers are encouraged to suggest their own methodology/processes.
Web Application (written in .NET) Penetration Test
O365 Audit\Azure Penetration Test
Network infrastructure – LAN/Wi-Fi Penetration Test
|
2.3
|
Notice Coding and Classification
|
|
|
|
|
72810000 |
|
Computer audit services |
|
72820000 |
|
Computer testing services |
|
|
|
|
|
1022 |
|
Cardiff and Vale of Glamorgan |
|
2.4
|
Total quantity or scope of tender
It is envisaged that the initial contract will be for a period of one year with the option to extend for up to a further two years, subject to satisfactory performance by the Potential Provider. We anticipate that the contract will start on 1st October 2022.
Potential Providers should note that the maximum budget for provision of the required services is £15,000 (net) for each financial year – please note that this includes any days for consultation, remediation/ad hoc work and inbuilt contingency should it so be required. However, we would encourage Potential Providers to submit tenders at their ‘best possible price’ rather than aligning any submission with the maximum budget available (as the budget may be subject to change).
|
3 Conditions for Participation
|
3.1
|
Minimum standards and qualification required
It is a mandatory requirement that Potential Providers hold the necessary accreditation below (i.e. they must be certified to one of the accreditations, whilst also being part of one of the penetration testing certification schemes):
ISO 27001 certified (Information Security Management);
Cyber Essentials certified;
Cyber Exchange member;
CHECK certification scheme;
CREST certification scheme;
Tiger certification scheme; and/or
Cyber certification scheme.
|
4 Administrative Information
|
4.1
|
Type of Procedure
Single stage
|
4.2
|
Reference number attributed to the notice by the contracting authority
CON04 2022-23
|
4.3
|
Time LimitsTime-limit for receipt of completed tenders
12-09-2022
Time 09:00
Estimated award date
26-09-2022 |
4.5
|
Language or languages in which tenders or requests to participate can be drawn upEN
|
4.6
|
Tender Submission Postbox
|
5 Other Information
|
5.1
|
Additional Information
The following indicative timetable is provided for Potential Providers’ benefit. Please be aware that these are indicative timescales (except for the deadlines in bold) and may be subject to change at our absolute discretion.
ACTIVITY EXPECTED DATE
ITT Launch 24th August 2022
Submission deadline for clarification questions 31st August 2022
Response deadline for clarification questions 5th September 2022
ITT closing date (Tender Submission Deadline) 12th September 2022
Desktop Evaluation w/c 12th September 2022
Contract Award w/c 26th September 2022
Contract Commencement 1st October 2022
(WA Ref:124253)
|
5.2
|
Additional Documentation
|
5.3
|
Publication date of this notice 24-08-2022 |