CONTRACT NOTICE – NATIONAL

1 Authority Details

1.1

Authority Name and Address

1.2

Address from which documentation may be obtained

1.3

Completed documents must be returned to:

2 Contract Details

2.1

Title

Provision of an ISO27001 Internal Auditor

2.2

Description of the goods or services required

Introduction

ISO 27001 is an internationally recognised standard for managing and maintaining

information security within businesses. It outlines the requirements for an information security management system (ISMS), and provides a framework for establishing, implementing, maintaining and continually improving business information security.

Social Care Wales has held ISO 27001:2013 certification since 2008, achieving our most recent triennial recertification in April 2024. We are amid transitioning to the 27001:2022 standard and are due to transition in February 2025.

What is required / ‘The Requirements’

We are seeking the provision of an ISO 27001 Internal Auditor to evaluate and ensure the continued effectiveness and compliance of our Information Security Management System (ISMS) in accordance with the ISO 27001 standard.

The audit should be performed independently and aligned with the requirements of the ISO IEC 27001:2013 (ISO 27001) standard.

The Internal Auditor will:

- Prepare and agree an ISMS audit scope and engagement letter with Social Care Wales;

- Review and assess the ISMS documentation, including policies, procedures, and controls in line with the standard;

- Plan and execute internal audits, including the preparation of audit plans and schedules;

- Interview relevant personnel and gather evidence to assess compliance and effectiveness;

- Evaluate the implementation of risk assessments and treatment plans;

- Analyse audit findings and prepare detailed reports outlining strengths, weaknesses, and recommendations for improvement;

- Present findings to senior management and relevant stakeholders;

- Follow up on previous audit findings to ensure corrective actions have been implemented;

- Follow through any external certification audit findings and remedial actions received by Social Care Wales.

Please see Specification for more detail

NOTE: To register your interest in this notice and obtain any additional information please visit the Sell2Wales Web Site at https://www.sell2wales.gov.wales/Search/Search_Switch.aspx?ID=145666.

The buyer has indicated that it will accept electronic responses to this notice via the Postbox facility. A user guide is available at https://www.sell2wales.gov.wales/sitehelp/help_guides.aspx.

Suppliers are advised to allow adequate time for uploading documents and to dispatch the electronic response well in advance of the closing time to avoid any last minute problems.

2.3

Notice Coding and Classification

2.4

Total quantity or scope of tender

Budget

There is a budget of up to £25,000 (inclusive of any applicable VAT) agreed for this quote.

The Supplier will provide full financial breakdown of the costs associated with the project for consideration through the evaluation process.

Prices must be quoted in pounds sterling and clearly state if VAT will or will not be charged.

Length of contract

The contract will run from 10 January 2025 to 31 December 2025 with a possibility of being extended for a further 24 months in 12-month increments, up to a total period of 36 months.

3 Conditions for Participation

3.1

Minimum standards and qualification required

4 Administrative Information

4.1

Type of Procedure

Single stage

4.2

Reference number attributed to the notice by the contracting authority

N/a

4.3

Time Limits

4.5

Language or languages in which tenders or requests to participate can be drawn up

4.6

Tender Submission Postbox

5 Other Information

5.1

Additional Information

(WA Ref:145666)

The buyer considers that this contract is suitable for consortia bidding.

5.2

Additional Documentation

5.3

Publication date of this notice