Section one: Contracting entity
one.1) Name and addresses
NATIONAL ENERGY SYSTEM OPERATOR LIMITED
St. Catherines Lodge
WOKINGHAM
RG415BN
Contact
Steve Birch
steve.birch@nationalenergyso.com
Country
United Kingdom
Region code
UK - United Kingdom
NATIONAL ENERGY SYSTEM OPERATOR
11014226
Internet address(es)
Main address
https://www.neso.energy/about-neso
Buyer's address
https://www.neso.energy/about-neso
one.3) Communication
Additional information can be obtained from the above-mentioned address
one.6) Main activity
Electricity
Section two: Object
two.1) Scope of the procurement
two.1.1) Title
PENETRATION TESTING SERVICES
two.1.2) Main CPV code
- 48200000 - Networking, Internet and intranet software package
two.1.3) Type of contract
Supplies
two.1.4) Short description
As part of the separation from National Grid Group and transformation into NESO under UK Government ownership, NESO are looking to create their own penetration testing framework to ensure that we can provide assurance over the security of our systems and provide a secure service to Great Britain. To achieve this, NESO requires a penetration testing panel of at least three members who can provide in-depth penetration testing services, covering a range of localised testing, such as web-app or infrastructure testing, as well as simulated attack exercises.
two.1.5) Estimated total value
Value excluding VAT: £750,000
two.1.6) Information about lots
This contract is divided into lots: No
two.2) Description
two.2.2) Additional CPV code(s)
- 48200000 - Networking, Internet and intranet software package
- 48400000 - Business transaction and personal business software package
- 48500000 - Communication and multimedia software package
two.2.3) Place of performance
NUTS codes
- UK - United Kingdom
two.2.4) Description of the procurement
NESO require a penetration testing service provider that can:
Provide Infrastructure, Web Application, API and Web Application security testing.
Provide simulated attack exercising services (Purple/Red Teams).
Provide CHECK accredited penetration testers to complete testing.
Where necessary, provide penetration testers who have achieved UK Gov Security Clearance
Provide highly accurate reporting of vulnerabilities within the in-scope systems.
Provide resource for testing with a no longer than 1 month lead time.
Provide resource with knowledge and experience of testing on Critical National Infrastructure (CNI) environments, and the risk associated, where applicable to the scope of testing.
two.2.14) Additional information
Contract duration
Flexible, agile framework contract that can be scaled-up or down based on business requirements.
Compliance with the Utilities Contracts Regulations 2016
Initial contract duration 3-year contract, with the possibility for 2 one year contract extensions
Participation requirements:
All suppliers wishing to participate in the tender process must register with Achilles via the UVDB code 2.1.23-Cyber security consulting or services for the event by the 31st January 2025.
two.3) Estimated date of publication of contract notice
31 August 2025
Section four. Procedure
four.1) Description
four.1.8) Information about the Government Procurement Agreement (GPA)
The procurement is covered by the Government Procurement Agreement: No
four.2) Administrative information
four.2.2) Time limit for receipt of expressions of interest
Date
31 January 2025
Local time
3:00pm
four.2.4) Languages in which tenders or requests to participate may be submitted
English
Section six. Complementary information
six.3) Additional information
This PIN is not a call for competition. NESO is not obliged to respond to any correspondence related to this notice. Direct or indirect canvassing of NESO (or any person connected with it) by any person concerning this notice, or any attempt to procure information outside of the defined process is discouraged and may (in certain circumstances) require the disqualification of the relevant person(s) from participation in any future competitive procurement process.
All information provided by NESO in this PIN is at an early stage of development and is not intended by NESO to create any contract or other commitment and is not intended by NESO to be otherwise relied on by any person to any extent. NESO shall have no liability for any losses incurred by any person as a result any such reliance.
You must be registered against all Achilles UVDB code: 2.1.23-Cyber security consulting or services.to be invited to the Pre-Qualification Stage, In this PIN all reference to a contract notice should be read as referring to an advertisement on Achilles UVDB and not a find a tender contract notice. You must be registered against all Achilles UVDB codes to be invited to the Pre-Qualification Stage. The required level is UVDB Silver Plus.
You can also reach out to Desta Wheeler desta.wheeler@achilles.com who can support any issues with completion of your registration process on Achilles UVDB ahead of the qualification event commencing in April: provided that it is the sole responsibility of each interested supplier to ensure that it is properly registered on Achilles UVDB Silver Plus on time and NESO accepts no responsibility for any failure to register on time regardless of the reasons for that.