Skip to main content

We've saved some files called cookies on your device. These cookies are:

  • essential for the site to work
  • to help improve our website by collecting and reporting information on how you use it

We would also like to save some cookies to help tailor communications.

BETA
You're viewing an updated version of this service - your feedback will help us to improve it.

Contract Notice

Provision of an ISO27001 Internal Auditor

  • First published: 30 October 2024
  • Last modified: 30 October 2024

Contents

Summary

OCID:
ocds-kuma6s-145666
Published by:
Social Care Wales
Authority ID:
AA0289
Publication date:
30 October 2024
Deadline date:
27 November 2024
Notice type:
Contract Notice
Has documents:
Yes
Has SPD:
No
Has Carbon Reduction Plan:
No

Abstract

Introduction ISO 27001 is an internationally recognised standard for managing and maintaining information security within businesses. It outlines the requirements for an information security management system (ISMS), and provides a framework for establishing, implementing, maintaining and continually improving business information security. Social Care Wales has held ISO 27001:2013 certification since 2008, achieving our most recent triennial recertification in April 2024. We are amid transitioning to the 27001:2022 standard and are due to transition in February 2025. What is required / ‘The Requirements’ We are seeking the provision of an ISO 27001 Internal Auditor to evaluate and ensure the continued effectiveness and compliance of our Information Security Management System (ISMS) in accordance with the ISO 27001 standard. The audit should be performed independently and aligned with the requirements of the ISO IEC 27001:2013 (ISO 27001) standard. The Internal Auditor will: - Prepare and agree an ISMS audit scope and engagement letter with Social Care Wales; - Review and assess the ISMS documentation, including policies, procedures, and controls in line with the standard; - Plan and execute internal audits, including the preparation of audit plans and schedules; - Interview relevant personnel and gather evidence to assess compliance and effectiveness; - Evaluate the implementation of risk assessments and treatment plans; - Analyse audit findings and prepare detailed reports outlining strengths, weaknesses, and recommendations for improvement; - Present findings to senior management and relevant stakeholders; - Follow up on previous audit findings to ensure corrective actions have been implemented; - Follow through any external certification audit findings and remedial actions received by Social Care Wales. Please see Specification for more detail

Full notice text

CONTRACT NOTICE – NATIONAL

SERVICES

1 Authority Details

1.1

Authority Name and Address


Social Care Wales

South Gate House, Wood Street,

Cardiff

CF10 1EW

UK

Procurement Team

+44 3003033444


http://www.socialcare.wales
http://www.sell2wales.gov.wales
http://www.sell2wales.gov.wales

1.2

Address from which documentation may be obtained


Social Care Wales




UK




1.3

Completed documents must be returned to:


Social Care Wales




UK




2 Contract Details

2.1

Title

Provision of an ISO27001 Internal Auditor

2.2

Description of the goods or services required

Introduction

ISO 27001 is an internationally recognised standard for managing and maintaining

information security within businesses. It outlines the requirements for an information security management system (ISMS), and provides a framework for establishing, implementing, maintaining and continually improving business information security.

Social Care Wales has held ISO 27001:2013 certification since 2008, achieving our most recent triennial recertification in April 2024. We are amid transitioning to the 27001:2022 standard and are due to transition in February 2025.

What is required / ‘The Requirements’

We are seeking the provision of an ISO 27001 Internal Auditor to evaluate and ensure the continued effectiveness and compliance of our Information Security Management System (ISMS) in accordance with the ISO 27001 standard.

The audit should be performed independently and aligned with the requirements of the ISO IEC 27001:2013 (ISO 27001) standard.

The Internal Auditor will:

- Prepare and agree an ISMS audit scope and engagement letter with Social Care Wales;

- Review and assess the ISMS documentation, including policies, procedures, and controls in line with the standard;

- Plan and execute internal audits, including the preparation of audit plans and schedules;

- Interview relevant personnel and gather evidence to assess compliance and effectiveness;

- Evaluate the implementation of risk assessments and treatment plans;

- Analyse audit findings and prepare detailed reports outlining strengths, weaknesses, and recommendations for improvement;

- Present findings to senior management and relevant stakeholders;

- Follow up on previous audit findings to ensure corrective actions have been implemented;

- Follow through any external certification audit findings and remedial actions received by Social Care Wales.

Please see Specification for more detail

NOTE: To register your interest in this notice and obtain any additional information please visit the Sell2Wales Web Site at https://www.sell2wales.gov.wales/Search/Search_Switch.aspx?ID=145666.

The buyer has indicated that it will accept electronic responses to this notice via the Postbox facility. A user guide is available at https://www.sell2wales.gov.wales/sitehelp/help_guides.aspx.

Suppliers are advised to allow adequate time for uploading documents and to dispatch the electronic response well in advance of the closing time to avoid any last minute problems.

2.3

Notice Coding and Classification

72810000 Computer audit services
79212000 Auditing services
79212200 Internal audit services
1000 WALES
1010 West Wales and The Valleys
1011 Isle of Anglesey
1012 Gwynedd
1013 Conwy and Denbighshire
1014 South West Wales (Carmarthenshire, Pembrokeshire, Ceredigion)
1015 Central Valleys (Merthyr Tydfil, Rhondda Cynon Taf)
1016 Gwent Valleys (Torfaen, Blaenau Gwent, Caerphilly)
1017 Bridgend and Neath Port Talbot
1018 Swansea
1020 East Wales
1021 Monmouthshire and Newport
1022 Cardiff and Vale of Glamorgan
1023 Flintshire and Wrexham
1024 Powys

2.4

Total quantity or scope of tender

Budget

There is a budget of up to £25,000 (inclusive of any applicable VAT) agreed for this quote.

The Supplier will provide full financial breakdown of the costs associated with the project for consideration through the evaluation process.

Prices must be quoted in pounds sterling and clearly state if VAT will or will not be charged.

Length of contract

The contract will run from 10 January 2025 to 31 December 2025 with a possibility of being extended for a further 24 months in 12-month increments, up to a total period of 36 months.

3 Conditions for Participation

3.1

Minimum standards and qualification required

4 Administrative Information

4.1

Type of Procedure

Single stage

4.2

Reference number attributed to the notice by the contracting authority

N/a

4.3

Time Limits

Time-limit for receipt of completed tenders
    27-11-2024  Time  12:00

Estimated award date
 19-12-2024

4.5

Language or languages in which tenders or requests to participate can be drawn up

EN  CY 

4.6

Tender Submission Postbox

The buyer has indicated that it will accept electronic responses to this notice via the Postbox facility. A user guide is available at https://www.sell2wales.gov.wales/sitehelp/help_guides.aspx

5 Other Information

5.1

Additional Information

(WA Ref:145666)

The buyer considers that this contract is suitable for consortia bidding.

5.2

Additional Documentation

Gwahoddiad i Dendro a Manyleb
Combined ITT and Specification - Provision of ISO27001 Internal Audit Services
Atodiad 1 - Holiadur Cyn-gymhwyso
Appendix 1 - Pre-Qualification Questionnaire
Atodiad 2 - Dogfen Ymateb Ansawdd
Appendix 2 – Technical Quality Response Document
Atodiad 3 - Dogfen Ymateb Ariannol
Appendix 3 – Financial and Pricing Response Document
Atodiad 4 - Canllaw ein llais Gofal Cymdeithasol Cymru
Appendix 4 – Social Care Wales’s tone of voice guidelines
Atodiad 5 - Canllawiau brand Gofal Cymdeithasol Cymru
Appendix 5 – Social Care Wales’s branding guidelines
Atodiad 6 - Ffurflen Tendro
Appendix 6 - Form of Tender
Social Care Wales Contract

5.3

Publication date of this notice

 30-10-2024

Coding

Commodity categories

ID Title Parent category
79212000 Auditing services Accounting and auditing services
72810000 Computer audit services Computer audit and testing services
79212200 Internal audit services Auditing services

Delivery locations

ID Description
1017 Bridgend and Neath Port Talbot
1022 Cardiff and Vale of Glamorgan
1015 Central Valleys (Merthyr Tydfil, Rhondda Cynon Taf)
1013 Conwy and Denbighshire
1020 East Wales
1023 Flintshire and Wrexham
1016 Gwent Valleys (Torfaen, Blaenau Gwent, Caerphilly)
1012 Gwynedd
1011 Isle of Anglesey
1021 Monmouthshire and Newport
1024 Powys
1014 South West Wales (Carmarthenshire, Pembrokeshire, Ceredigion)
1018 Swansea
1000 WALES
1010 West Wales and The Valleys

Alert region restrictions

The buyer has restricted the alert for this notice to suppliers based in the following regions.

ID Description
There are no alert restrictions for this notice.

About the buyer

Main contact:
N/a
Admin contact:
N/a
Technical contact:
N/a
Other contact:
N/a

Further information

Date Details
No further information has been uploaded.

Postbox

The awarding buyer has indicated that it will accept electronic responses to this notice via the Tender Submission Postbox facility.

Submit your tender response electronically in a secure environment.

To create an electronic response please click the "Add to my interest list" button at the top of the page.

For more information on the Postbox Facility please refer to the user guide:

Q&A

Ask the buyer any questions you may have relating to this notice. To ask the buyer a question or questions please click the "View Questions and Answers" button.

Additional Documents

The following additional documents have been attached to this notice. To obtain these documents please select the individual file names below.

Current documents

pdf
pdf276.88 KB
This file may not be accessible.
pdf
pdf385.46 KB
This file may not be accessible.
docx
docx28.50 KB
This file may not be accessible.
pdf
pdf3.13 MB
This file may not be accessible.
pdf
pdf483.04 KB
This file may not be accessible.
docx
docx26.97 KB
This file may not be accessible.
docx
docx37.92 KB
This file may not be accessible.
docx
docx43.60 KB
This file may not be accessible.
docx
docx27.48 KB
This file may not be accessible.
pdf
pdf3.29 MB
This file may not be accessible.
pdf
pdf467.02 KB
This file may not be accessible.
docx
docx27.52 KB
This file may not be accessible.
docx
docx36.88 KB
This file may not be accessible.
docx
docx41.37 KB
This file may not be accessible.

Replaced documents

There are no previous versions of these documents.


0800 222 9004

Lines are open 8:30am to 5pm Monday to Friday.

Rydym yn croesawu galwadau'n Gymraeg.

We welcome calls in Welsh.