- Scope of the procurement
- Lot 4. Threat Intelligence
- Lot 5. Vulnerability Assessments
- Lot 1. Essential Services: Penetration Testing, Security Assurance & Reporting, Advice & Consultation
- Lot 2. Incident Response, Digital Forensics, Data Breach Assessment & Recovery
- Lot 3. Security Audit – PCI, Security Architecture/Design Review, Compliance & Regulatory Services.
- Lot 6. Data & Hardware Sanitisation
Section one: Contracting authority
one.1) Name and addresses
City of Edinburgh Council
Waverley Court
Edinburgh
EH8 8BG
Contact
Jonathan Livingstone
jonathan.livingstone@edinburgh.gov.uk
Country
United Kingdom
NUTS code
UKM75 - Edinburgh, City of
Internet address(es)
Main address
Buyer's address
https://www.publiccontractsscotland.gov.uk/search/Search_AuthProfile.aspxD=AA00290
one.3) Communication
The procurement documents are available for unrestricted and full direct access, free of charge, at
https://www.publictendersscotland.publiccontractsscotland.gov.uk
Additional information can be obtained from the above-mentioned address
Tenders or requests to participate must be submitted electronically via
https://www.publictendersscotland.publiccontractsscotland.gov.uk
one.4) Type of the contracting authority
Regional or local authority
one.5) Main activity
General public services
Section two: Object
two.1) Scope of the procurement
two.1.1) Title
Cyber Security Assurance Services Framework
Reference number
CT1218
two.1.2) Main CPV code
- 72000000 - IT services: consulting, software development, Internet and support
two.1.3) Type of contract
Services
two.1.4) Short description
The City of Edinburgh Council is focused on establishing a robust Framework for the procurement of secure digital services. It aims to enhance the Councils ability to assess and select IT service providers that meet stringent security requirements, ensuring the delivery of secure and reliable digital services.
two.1.5) Estimated total value
Value excluding VAT: £750,000
two.1.6) Information about lots
This contract is divided into lots: Yes
Tenders may be submitted for all lots
two.2) Description
two.2.1) Title
Threat Intelligence
Lot No
4
two.2.2) Additional CPV code(s)
- 72000000 - IT services: consulting, software development, Internet and support
two.2.3) Place of performance
NUTS codes
- UKM75 - Edinburgh, City of
two.2.4) Description of the procurement
The City of Edinburgh Council intends to establish a Framework Agreement that will provide the Council with a range of ICT information and system security assessments.
These include:
- Threat Intelligence
two.2.5) Award criteria
Quality criterion - Name: Quality from Lot 1 / Weighting: 50
Price - Weighting: 50
two.2.6) Estimated value
Value excluding VAT: £15,000
two.2.7) Duration of the contract, framework agreement or dynamic purchasing system
Duration in months
24
This contract is subject to renewal
Yes
Description of renewals
Possible extension up to 24 months.
two.2.9) Information about the limits on the number of candidates to be invited
Envisaged minimum number: 5
two.2.10) Information about variants
Variants will be accepted: No
two.2.11) Information about options
Options: No
two.2.13) Information about European Union Funds
The procurement is related to a project and/or programme financed by European Union funds: No
two.2) Description
two.2.1) Title
Vulnerability Assessments
Lot No
5
two.2.2) Additional CPV code(s)
- 72000000 - IT services: consulting, software development, Internet and support
two.2.3) Place of performance
NUTS codes
- UKM75 - Edinburgh, City of
two.2.4) Description of the procurement
The City of Edinburgh Council intends to establish a Framework Agreement that will provide the Council with a range of ICT information and system security assessments.
These include:
- Vulnerability Assessments
two.2.5) Award criteria
Quality criterion - Name: Quality from Lot 1 / Weighting: 50
Price - Weighting: 50
two.2.6) Estimated value
Value excluding VAT: £15,000
two.2.7) Duration of the contract, framework agreement or dynamic purchasing system
Duration in months
24
This contract is subject to renewal
Yes
Description of renewals
Possible extension up to 24 months.
two.2.9) Information about the limits on the number of candidates to be invited
Envisaged minimum number: 5
two.2.10) Information about variants
Variants will be accepted: No
two.2.11) Information about options
Options: No
two.2.13) Information about European Union Funds
The procurement is related to a project and/or programme financed by European Union funds: No
two.2) Description
two.2.1) Title
Essential Services: Penetration Testing, Security Assurance & Reporting, Advice & Consultation
Lot No
1
two.2.2) Additional CPV code(s)
- 72000000 - IT services: consulting, software development, Internet and support
two.2.3) Place of performance
NUTS codes
- UKM75 - Edinburgh, City of
two.2.4) Description of the procurement
The City of Edinburgh Council intends to establish a Framework Agreement that will provide the Council with a range of ICT information and system security assessments.
These include:
- Penetration testing and vulnerability assessments against industry standards at application, component, and full stack levels, and
- Security assurance and reporting of proposed new technologies and services.
Suppliers must also provide:
- Advice and consultation on proposed and existing cloud developments,
- Advice and consultation on proposed and existing cloud infrastructure configurations, and
- Advice and consultation on cloud technologies to support ongoing management of our cloud operations.
two.2.5) Award criteria
Quality criterion - Name: Delivery of Services / Weighting: 30
Quality criterion - Name: Advice and Consultancy / Weighting: 30
Quality criterion - Name: Account Management and Staffing / Weighting: 15
Quality criterion - Name: Business continuity / Weighting: 10
Quality criterion - Name: The Environment / Weighting: 5
Quality criterion - Name: Fair Work Practices / Weighting: 5
Quality criterion - Name: Community Benefits / Weighting: 5
Price - Weighting: 50
two.2.6) Estimated value
Value excluding VAT: £675,000
two.2.7) Duration of the contract, framework agreement or dynamic purchasing system
Duration in months
24
This contract is subject to renewal
Yes
Description of renewals
Possible extension up to 24 months.
two.2.9) Information about the limits on the number of candidates to be invited
Envisaged minimum number: 5
two.2.10) Information about variants
Variants will be accepted: No
two.2.11) Information about options
Options: No
two.2.13) Information about European Union Funds
The procurement is related to a project and/or programme financed by European Union funds: No
two.2) Description
two.2.1) Title
Incident Response, Digital Forensics, Data Breach Assessment & Recovery
Lot No
2
two.2.2) Additional CPV code(s)
- 72000000 - IT services: consulting, software development, Internet and support
two.2.3) Place of performance
NUTS codes
- UKM75 - Edinburgh, City of
two.2.4) Description of the procurement
The City of Edinburgh Council intends to establish a Framework Agreement that will provide the Council with a range of ICT information and system security assessments.
These include:
- Incident Response,
- Digital Forensics,
- Data Breach Assessment and Recovery.
two.2.5) Award criteria
Quality criterion - Name: Quality from Lot 1 / Weighting: 50
Price - Weighting: 50
two.2.6) Estimated value
Value excluding VAT: £15,000
two.2.7) Duration of the contract, framework agreement or dynamic purchasing system
Duration in months
24
This contract is subject to renewal
Yes
Description of renewals
Possible extension up to 24 months.
two.2.9) Information about the limits on the number of candidates to be invited
Envisaged minimum number: 5
two.2.10) Information about variants
Variants will be accepted: No
two.2.11) Information about options
Options: No
two.2.13) Information about European Union Funds
The procurement is related to a project and/or programme financed by European Union funds: No
two.2) Description
two.2.1) Title
Security Audit – PCI, Security Architecture/Design Review, Compliance & Regulatory Services.
Lot No
3
two.2.2) Additional CPV code(s)
- 72000000 - IT services: consulting, software development, Internet and support
two.2.3) Place of performance
NUTS codes
- UKM75 - Edinburgh, City of
two.2.4) Description of the procurement
The City of Edinburgh Council intends to establish a Framework Agreement that will provide the Council with a range of ICT information and system security assessments.
These include:
- Security Audit – PCI,
- Security Architecture/Design Review,
- Compliance and Regulatory Services.
two.2.5) Award criteria
Quality criterion - Name: Quality from Lot 1 / Weighting: 50
Price - Weighting: 50
two.2.6) Estimated value
Value excluding VAT: £15,000
two.2.7) Duration of the contract, framework agreement or dynamic purchasing system
Duration in months
24
This contract is subject to renewal
Yes
Description of renewals
Possible extension up to 24 months.
two.2.9) Information about the limits on the number of candidates to be invited
Envisaged minimum number: 5
two.2.10) Information about variants
Variants will be accepted: No
two.2.11) Information about options
Options: No
two.2.13) Information about European Union Funds
The procurement is related to a project and/or programme financed by European Union funds: No
two.2) Description
two.2.1) Title
Data & Hardware Sanitisation
Lot No
6
two.2.2) Additional CPV code(s)
- 72000000 - IT services: consulting, software development, Internet and support
two.2.3) Place of performance
NUTS codes
- UKM75 - Edinburgh, City of
two.2.4) Description of the procurement
The City of Edinburgh Council intends to establish a Framework Agreement that will provide the Council with a range of ICT information and system security assessments.
These include:
- Data and Hardware Sanitisation
two.2.5) Award criteria
Quality criterion - Name: Quality from Lot 1 / Weighting: 50
Price - Weighting: 50
two.2.6) Estimated value
Value excluding VAT: £15,000
two.2.7) Duration of the contract, framework agreement or dynamic purchasing system
Duration in months
24
This contract is subject to renewal
Yes
Description of renewals
Possible extension up to 24 months.
two.2.9) Information about the limits on the number of candidates to be invited
Envisaged minimum number: 5
two.2.10) Information about variants
Variants will be accepted: No
two.2.11) Information about options
Options: No
two.2.13) Information about European Union Funds
The procurement is related to a project and/or programme financed by European Union funds: No
Section three. Legal, economic, financial and technical information
three.1) Conditions for participation
three.1.1) Suitability to pursue the professional activity, including requirements relating to enrolment on professional or trade registers
List and brief description of conditions
Suppliers are required to comply with the following qualification and accreditation requirements:
1. CREST or CHECK accredited, evidence of accreditation will be required.
2. Assessments carried out by your organisation are conducted by appropriately qualified individuals, for example (CISSP, CISM, CEH, CCSP, OSCP, CCT INF) or equivalent.
3. Accredited Microsoft, AWS Partner or equivalent.
three.1.2) Economic and financial standing
List and brief description of selection criteria
Tenderers are required to have a minimum “general” annual turnover as detailed below for the last two financial years. Where a Tenderer does not have an annual turnover of this value, the Council may exclude the Tenderer from the competition or may apply discretion, seeking supporting evidence to determine the Tenderer’s suitability to proceed in the competition.
The formula for calculating a Tenderer’s current ratio is current assets divided by current liabilities. The acceptable range for each financial ratio is greater than the ratio as detailed below. Where a Tenderer’s current ratio is less than the acceptable value, the Council may exclude the Tenderer from the competition or may apply discretion, seeking supporting evidence to determine the Tenderer’s suitability to proceed in the competition.
Minimum level(s) of standards possibly required
Estimated Value pa Minimum “General” Annual Turnover Ratio
Cyber Assurance Framework 250,000 GBP 1.10
It is a mandatory requirement that service providers appointed to this Framework Agreement have the following insurance in place:
- Professional Indemnity Insurance (minimum of 5 Million GBP)
- Employer’s Liability Insurance (minimum of 5 Million GBP)
- Public Liability Insurance (minimum of 5 Million GBP)
three.1.3) Technical and professional ability
Selection criteria as stated in the procurement documents
Section four. Procedure
four.1) Description
four.1.1) Type of procedure
Restricted procedure
four.1.3) Information about a framework agreement or a dynamic purchasing system
The procurement involves the establishment of a framework agreement
Framework agreement with several operators
Envisaged maximum number of participants to the framework agreement: 6
four.1.8) Information about the Government Procurement Agreement (GPA)
The procurement is covered by the Government Procurement Agreement: Yes
four.2) Administrative information
four.2.2) Time limit for receipt of tenders or requests to participate
Date
31 July 2024
Local time
12:00pm
four.2.3) Estimated date of dispatch of invitations to tender or to participate to selected candidates
2 September 2024
four.2.4) Languages in which tenders or requests to participate may be submitted
English
four.2.6) Minimum time frame during which the tenderer must maintain the tender
Duration in months: 6 (from the date stated for receipt of tender)
Section six. Complementary information
six.1) Information about recurrence
This is a recurrent procurement: No
six.3) Additional information
The buyer is using PCS-Tender to conduct this PQQ exercise. The Project code is 26662. For more information see: http://www.publiccontractsscotland.gov.uk/info/InfoCentre.aspx?ID=2343
Community benefits are included in this requirement. For more information see: https://www.gov.scot/policies/public-sector-procurement/community-benefits-in-procurement/
A summary of the expected community benefits has been provided as follows:
Community Benefits requirements will be published as part of the ITT stage.
(SC Ref:767446)
six.4) Procedures for review
six.4.1) Review body
Sheriff Court
Sheriff Court House, 27 Chambers Street
Edinburgh
EH1 1LB
Country
United Kingdom
six.4.3) Review procedure
Precise information on deadline(s) for review procedures
An economic operator that suffers or risks suffering loss or damage attributable to a breach of duty under Public Contracts (Scotland) Regulations 2015 may bring proceedings in the Sheriff Court or Court of Session. A claim for an ineffectiveness order must be made within 30 days of the Contract Award Notice being published in the Find a Tender Service within 30 days of the date those who expressed an interest in or otherwise bid for the contract were informed of the conclusion of the contract or in any other case within 6 months from the date on which the contract was entered into.