Tender

Cyber Security Assurance Services Framework

  • City of Edinburgh Council

F02: Contract notice

Notice identifier: 2024/S 000-020020

Procurement identifier (OCID): ocds-h6vhtk-0478f3

Published 2 July 2024, 8:47am



Section one: Contracting authority

one.1) Name and addresses

City of Edinburgh Council

Waverley Court

Edinburgh

EH8 8BG

Contact

Jonathan Livingstone

Email

jonathan.livingstone@edinburgh.gov.uk

Country

United Kingdom

NUTS code

UKM75 - Edinburgh, City of

Internet address(es)

Main address

http://www.edinburgh.gov.uk

Buyer's address

https://www.publiccontractsscotland.gov.uk/search/Search_AuthProfile.aspxD=AA00290

one.3) Communication

The procurement documents are available for unrestricted and full direct access, free of charge, at

https://www.publictendersscotland.publiccontractsscotland.gov.uk

Additional information can be obtained from the above-mentioned address

Tenders or requests to participate must be submitted electronically via

https://www.publictendersscotland.publiccontractsscotland.gov.uk

one.4) Type of the contracting authority

Regional or local authority

one.5) Main activity

General public services


Section two: Object

two.1) Scope of the procurement

two.1.1) Title

Cyber Security Assurance Services Framework

Reference number

CT1218

two.1.2) Main CPV code

  • 72000000 - IT services: consulting, software development, Internet and support

two.1.3) Type of contract

Services

two.1.4) Short description

The City of Edinburgh Council is focused on establishing a robust Framework for the procurement of secure digital services. It aims to enhance the Councils ability to assess and select IT service providers that meet stringent security requirements, ensuring the delivery of secure and reliable digital services.

two.1.5) Estimated total value

Value excluding VAT: £750,000

two.1.6) Information about lots

This contract is divided into lots: Yes

Tenders may be submitted for all lots

two.2) Description

two.2.1) Title

Threat Intelligence

Lot No

4

two.2.2) Additional CPV code(s)

  • 72000000 - IT services: consulting, software development, Internet and support

two.2.3) Place of performance

NUTS codes
  • UKM75 - Edinburgh, City of

two.2.4) Description of the procurement

The City of Edinburgh Council intends to establish a Framework Agreement that will provide the Council with a range of ICT information and system security assessments.

These include:

- Threat Intelligence

two.2.5) Award criteria

Quality criterion - Name: Quality from Lot 1 / Weighting: 50

Price - Weighting: 50

two.2.6) Estimated value

Value excluding VAT: £15,000

two.2.7) Duration of the contract, framework agreement or dynamic purchasing system

Duration in months

24

This contract is subject to renewal

Yes

Description of renewals

Possible extension up to 24 months.

two.2.9) Information about the limits on the number of candidates to be invited

Envisaged minimum number: 5

two.2.10) Information about variants

Variants will be accepted: No

two.2.11) Information about options

Options: No

two.2.13) Information about European Union Funds

The procurement is related to a project and/or programme financed by European Union funds: No

two.2) Description

two.2.1) Title

Vulnerability Assessments

Lot No

5

two.2.2) Additional CPV code(s)

  • 72000000 - IT services: consulting, software development, Internet and support

two.2.3) Place of performance

NUTS codes
  • UKM75 - Edinburgh, City of

two.2.4) Description of the procurement

The City of Edinburgh Council intends to establish a Framework Agreement that will provide the Council with a range of ICT information and system security assessments.

These include:

- Vulnerability Assessments

two.2.5) Award criteria

Quality criterion - Name: Quality from Lot 1 / Weighting: 50

Price - Weighting: 50

two.2.6) Estimated value

Value excluding VAT: £15,000

two.2.7) Duration of the contract, framework agreement or dynamic purchasing system

Duration in months

24

This contract is subject to renewal

Yes

Description of renewals

Possible extension up to 24 months.

two.2.9) Information about the limits on the number of candidates to be invited

Envisaged minimum number: 5

two.2.10) Information about variants

Variants will be accepted: No

two.2.11) Information about options

Options: No

two.2.13) Information about European Union Funds

The procurement is related to a project and/or programme financed by European Union funds: No

two.2) Description

two.2.1) Title

Essential Services: Penetration Testing, Security Assurance & Reporting, Advice & Consultation

Lot No

1

two.2.2) Additional CPV code(s)

  • 72000000 - IT services: consulting, software development, Internet and support

two.2.3) Place of performance

NUTS codes
  • UKM75 - Edinburgh, City of

two.2.4) Description of the procurement

The City of Edinburgh Council intends to establish a Framework Agreement that will provide the Council with a range of ICT information and system security assessments.

These include:

- Penetration testing and vulnerability assessments against industry standards at application, component, and full stack levels, and

- Security assurance and reporting of proposed new technologies and services.

Suppliers must also provide:

- Advice and consultation on proposed and existing cloud developments,

- Advice and consultation on proposed and existing cloud infrastructure configurations, and

- Advice and consultation on cloud technologies to support ongoing management of our cloud operations.

two.2.5) Award criteria

Quality criterion - Name: Delivery of Services / Weighting: 30

Quality criterion - Name: Advice and Consultancy / Weighting: 30

Quality criterion - Name: Account Management and Staffing / Weighting: 15

Quality criterion - Name: Business continuity / Weighting: 10

Quality criterion - Name: The Environment / Weighting: 5

Quality criterion - Name: Fair Work Practices / Weighting: 5

Quality criterion - Name: Community Benefits / Weighting: 5

Price - Weighting: 50

two.2.6) Estimated value

Value excluding VAT: £675,000

two.2.7) Duration of the contract, framework agreement or dynamic purchasing system

Duration in months

24

This contract is subject to renewal

Yes

Description of renewals

Possible extension up to 24 months.

two.2.9) Information about the limits on the number of candidates to be invited

Envisaged minimum number: 5

two.2.10) Information about variants

Variants will be accepted: No

two.2.11) Information about options

Options: No

two.2.13) Information about European Union Funds

The procurement is related to a project and/or programme financed by European Union funds: No

two.2) Description

two.2.1) Title

Incident Response, Digital Forensics, Data Breach Assessment & Recovery

Lot No

2

two.2.2) Additional CPV code(s)

  • 72000000 - IT services: consulting, software development, Internet and support

two.2.3) Place of performance

NUTS codes
  • UKM75 - Edinburgh, City of

two.2.4) Description of the procurement

The City of Edinburgh Council intends to establish a Framework Agreement that will provide the Council with a range of ICT information and system security assessments.

These include:

- Incident Response,

- Digital Forensics,

- Data Breach Assessment and Recovery.

two.2.5) Award criteria

Quality criterion - Name: Quality from Lot 1 / Weighting: 50

Price - Weighting: 50

two.2.6) Estimated value

Value excluding VAT: £15,000

two.2.7) Duration of the contract, framework agreement or dynamic purchasing system

Duration in months

24

This contract is subject to renewal

Yes

Description of renewals

Possible extension up to 24 months.

two.2.9) Information about the limits on the number of candidates to be invited

Envisaged minimum number: 5

two.2.10) Information about variants

Variants will be accepted: No

two.2.11) Information about options

Options: No

two.2.13) Information about European Union Funds

The procurement is related to a project and/or programme financed by European Union funds: No

two.2) Description

two.2.1) Title

Security Audit – PCI, Security Architecture/Design Review, Compliance & Regulatory Services.

Lot No

3

two.2.2) Additional CPV code(s)

  • 72000000 - IT services: consulting, software development, Internet and support

two.2.3) Place of performance

NUTS codes
  • UKM75 - Edinburgh, City of

two.2.4) Description of the procurement

The City of Edinburgh Council intends to establish a Framework Agreement that will provide the Council with a range of ICT information and system security assessments.

These include:

- Security Audit – PCI,

- Security Architecture/Design Review,

- Compliance and Regulatory Services.

two.2.5) Award criteria

Quality criterion - Name: Quality from Lot 1 / Weighting: 50

Price - Weighting: 50

two.2.6) Estimated value

Value excluding VAT: £15,000

two.2.7) Duration of the contract, framework agreement or dynamic purchasing system

Duration in months

24

This contract is subject to renewal

Yes

Description of renewals

Possible extension up to 24 months.

two.2.9) Information about the limits on the number of candidates to be invited

Envisaged minimum number: 5

two.2.10) Information about variants

Variants will be accepted: No

two.2.11) Information about options

Options: No

two.2.13) Information about European Union Funds

The procurement is related to a project and/or programme financed by European Union funds: No

two.2) Description

two.2.1) Title

Data & Hardware Sanitisation

Lot No

6

two.2.2) Additional CPV code(s)

  • 72000000 - IT services: consulting, software development, Internet and support

two.2.3) Place of performance

NUTS codes
  • UKM75 - Edinburgh, City of

two.2.4) Description of the procurement

The City of Edinburgh Council intends to establish a Framework Agreement that will provide the Council with a range of ICT information and system security assessments.

These include:

- Data and Hardware Sanitisation

two.2.5) Award criteria

Quality criterion - Name: Quality from Lot 1 / Weighting: 50

Price - Weighting: 50

two.2.6) Estimated value

Value excluding VAT: £15,000

two.2.7) Duration of the contract, framework agreement or dynamic purchasing system

Duration in months

24

This contract is subject to renewal

Yes

Description of renewals

Possible extension up to 24 months.

two.2.9) Information about the limits on the number of candidates to be invited

Envisaged minimum number: 5

two.2.10) Information about variants

Variants will be accepted: No

two.2.11) Information about options

Options: No

two.2.13) Information about European Union Funds

The procurement is related to a project and/or programme financed by European Union funds: No


Section three. Legal, economic, financial and technical information

three.1) Conditions for participation

three.1.1) Suitability to pursue the professional activity, including requirements relating to enrolment on professional or trade registers

List and brief description of conditions

Suppliers are required to comply with the following qualification and accreditation requirements:

1. CREST or CHECK accredited, evidence of accreditation will be required.

2. Assessments carried out by your organisation are conducted by appropriately qualified individuals, for example (CISSP, CISM, CEH, CCSP, OSCP, CCT INF) or equivalent.

3. Accredited Microsoft, AWS Partner or equivalent.

three.1.2) Economic and financial standing

List and brief description of selection criteria

Tenderers are required to have a minimum “general” annual turnover as detailed below for the last two financial years. Where a Tenderer does not have an annual turnover of this value, the Council may exclude the Tenderer from the competition or may apply discretion, seeking supporting evidence to determine the Tenderer’s suitability to proceed in the competition.

The formula for calculating a Tenderer’s current ratio is current assets divided by current liabilities. The acceptable range for each financial ratio is greater than the ratio as detailed below. Where a Tenderer’s current ratio is less than the acceptable value, the Council may exclude the Tenderer from the competition or may apply discretion, seeking supporting evidence to determine the Tenderer’s suitability to proceed in the competition.

Minimum level(s) of standards possibly required

Estimated Value pa Minimum “General” Annual Turnover Ratio

Cyber Assurance Framework 250,000 GBP 1.10

It is a mandatory requirement that service providers appointed to this Framework Agreement have the following insurance in place:

- Professional Indemnity Insurance (minimum of 5 Million GBP)

- Employer’s Liability Insurance (minimum of 5 Million GBP)

- Public Liability Insurance (minimum of 5 Million GBP)

three.1.3) Technical and professional ability

Selection criteria as stated in the procurement documents


Section four. Procedure

four.1) Description

four.1.1) Type of procedure

Restricted procedure

four.1.3) Information about a framework agreement or a dynamic purchasing system

The procurement involves the establishment of a framework agreement

Framework agreement with several operators

Envisaged maximum number of participants to the framework agreement: 6

four.1.8) Information about the Government Procurement Agreement (GPA)

The procurement is covered by the Government Procurement Agreement: Yes

four.2) Administrative information

four.2.2) Time limit for receipt of tenders or requests to participate

Date

31 July 2024

Local time

12:00pm

four.2.3) Estimated date of dispatch of invitations to tender or to participate to selected candidates

2 September 2024

four.2.4) Languages in which tenders or requests to participate may be submitted

English

four.2.6) Minimum time frame during which the tenderer must maintain the tender

Duration in months: 6 (from the date stated for receipt of tender)


Section six. Complementary information

six.1) Information about recurrence

This is a recurrent procurement: No

six.3) Additional information

The buyer is using PCS-Tender to conduct this PQQ exercise. The Project code is 26662. For more information see: http://www.publiccontractsscotland.gov.uk/info/InfoCentre.aspx?ID=2343

Community benefits are included in this requirement. For more information see: https://www.gov.scot/policies/public-sector-procurement/community-benefits-in-procurement/

A summary of the expected community benefits has been provided as follows:

Community Benefits requirements will be published as part of the ITT stage.

(SC Ref:767446)

six.4) Procedures for review

six.4.1) Review body

Sheriff Court

Sheriff Court House, 27 Chambers Street

Edinburgh

EH1 1LB

Country

United Kingdom

six.4.3) Review procedure

Precise information on deadline(s) for review procedures

An economic operator that suffers or risks suffering loss or damage attributable to a breach of duty under Public Contracts (Scotland) Regulations 2015 may bring proceedings in the Sheriff Court or Court of Session. A claim for an ineffectiveness order must be made within 30 days of the Contract Award Notice being published in the Find a Tender Service within 30 days of the date those who expressed an interest in or otherwise bid for the contract were informed of the conclusion of the contract or in any other case within 6 months from the date on which the contract was entered into.