CONTRACT NOTICE – OFFICIAL JOURNAL

Section I: Contracting Authority

I.1)

Name, Address and Contact Point(s)

I.2)

Type of contracting Authority and Main Activity or Activities

Ministry or any other national or federal authority, including their regional or local sub-divisions National or federal agency/Office Regional or local Authority Regional or local Agency/Office Body governed by public law European Institution/Agency or International Organisation

General public services Defence Public order and safety Environment Economic and financial affairs Health Housing and community amenities Social protection Recreation, culture and religion Education Other (Please specify) transport

Section II: Object of the Contract

II.1)

Description

II.1.1)

Title attributed to the contract by the contracting authority

II.1.2(a))

Type of works contract

II.1.2(b))

Type of supplies contract

II.1.2(c))

Type of service contract

II.1.2)

Main site or location of works, place of delivery or performance

II.1.3)

This notice involves

A public contract
The setting up of a Dynamic Purchasing System
The establishment of a framework agreement

II.1.4)

Information on framework agreement (if applicable)

Framework agreement with a single operators
Framework agreement with several operators

Number of participants to the framework agreement envisaged

Duration of the framework agreement

Justification for a framework agreement the duration of which exceeds four years

Estimated total value of purchases for the entire duration of the framework agreement

Frequency and value of the contracts to be awarded

II.1.5)

Short description of the contract or purchase(s)

Computer support and consultancy services. Computer-related services. Computer-related professional services. Computer support services. Technical computer support services. Computer network services. Computer audit and testing services. The DfT is seeking to award a contract for the provision of specialist Security Practitioner Services to support its ongoing compliance with the security outcomes of the HMG SPF and other areas of compliance such as PCI DSS and the Public Services Network.

II.1.6)

Common Procurement Vocabulary (CPV)

II.1.7)

Contract covered by the Government Procurement Agreement (GPA)

II.1.8)

Division into lots

one lot only

one or more lots

all lots

II.1.9)

Will variants be accepted

II.3)

Duration of the contract or limit for completion

Section III: Legal, Economic, Financial and Technical Information

III.1)

Conditions Relating to the Contract

III.1.1)

Deposits and guarantees required

Participants will be advised if this is necessary during the procurement. Parent company and/or other guarantees of performance and financial liability may be required by the Agent if considered appropriate.

III.1.2)

Main Terms of financing and payment and/or reference to the relevant provisions

Tenders are to be priced in GBP and payment will only be made in GBP.

III.1.3)

Legal form to be taken by the grouping of suppliers, contractors or service providers to whom the contract is to be awarded

The group will be required to nominate a lead partner with whom the Authority can contract, or form themselves into a single legal entity before the contract is awarded.

III.1.4)

Other particular conditions to which the performance of the contract is subject

III.2)

Conditions for Participation

III.2.1)

Personal situation of economic operators, including requirements relating to enrolment on professional or trade registers

Please refer to the Invitation to Tender Documents.

III.2.2)

Economic and financial capacity

III.2.3)

Technical capacity

III.2.4)

Reserved contracts

The contract is restricted to sheltered workshops
The execution of the contract is restricted to the framework of sheltered employment programmes

III.3)

Conditions Specific to Service Contracts

III.3.1)

Is provision of the service reserved to a specific profession?

III.3.2)

Will legal entities be required to state the names and professional qualifications of the personnel responsible for the execution of the service?

Section IV: Procedure

IV.1)

Type of Procedure

Open		Restricted
Accelerated restricted		Negotiated
Accelerated negotiated		Competitive dialogue

Justification for the choice of accelerated procedure

IV.1.1)

Have candidates already been selected?

IV.1.2)

Limitations on the number of operators who will be invited to tender or to participate

Objective criteria for choosing the limited number of candidates

IV.1.3)

Reduction of the number of operators during the negotiation or dialogue

Recourse to staged procedure to gradually reduce the number of solutions to be discussed or tenders to be negotiated

IV.2)

Award Criteria

IV.2.2)

An electronic auction will be used

IV.3 Administrative Information

IV.3.1)

Reference number attributed to the notice by the contracting authority

PPRO 04/69/04

IV.3.2)

Previous publication(s) concerning the same contract

Prior Information Notice
Notice on a Buyer Profile

Other previous publications

IV.3.3)

Conditions for obtaining specifications and additional documents

IV.3.4)

Time-limit for receipt of tenders or requests to participate

IV.3.5)

Date of dispatch of invitations to tender or to participate to selected candidates

IV.3.6)

Language or languages in which tenders or requests to participate can be drawn up

IV.3.7)

Minimum time frame during which the tenderer must maintain the tender 

IV.3.8)

Conditions for opening tenders

Section VI: Other Information

VI.1)

Indicate whether this procurement is a recurrent one and the Estimated timing for further notices to be published

VI.2)

Does the contract relate to a Project/Programme financed by Community Funds?

VI.3)

Additional Information

The contracting authority considers that this contract may be suitable for economic operators that are small or medium enterprises (SMEs). However, any selection of tenderers will be based solely on the criteria set out for the procurement, and the contract will be awarded on the basis of the most economically advantageous tender. Potential Providers should note that, in accordance with the UK Government's policies on transparency, the DfT intends to publish the Selection and Award Questionnaires, Invitation to Tender (ITT) document and the text of any Contract awarded, subject to possible redactions at the discretion of the DfT. Further information on transparency can be found at:

http://gps.cabinetoffice.gov.uk/about-government-procurement-service/transparency-and-accountability/transparency-procurement

The DfT expressly reserves the right not to award the Contract as a result of the procurement process commenced by publication of this notice and in no circumstances will the DfT be liable for any costs incurred by the candidates. If the DfT decides to enter into a Contract with the successful supplier, this does not mean that there is any guarantee of subsequent contracts being awarded. Any expenditure, work or effort undertaken prior to Contract award is accordingly a matter solely for the commercial judgement of potential suppliers.

The duration of the Contract is for an initial 2 years with the option to extend for a further 1 year. Thus the potential duration of the Contract is 3 years.

The Department for Transport (DfT) is the Contracting Authority for the procurement of a contract to provide the DfT Family comprising of: the central Department and its Executive Agencies (i.e. Driver and Vehicle Standards Agency, Driver and Vehicle Licensing Agency, Highways England, Maritime and Coastguard Agency, Vehicle Certification Agency), Transport Bodies (i.e. Air Accident Investigation Branch, Marine Accident Investigation Branch and Rail Accident Investigation Branch), and Non-Departmental Public Bodies (NDPBs) (including but not limited to HS2 Ltd, British Transport Police Authority, Directly Operated Railways Limited, Northern Lighthouse Board, Passenger Focus, Trinity House) and their successor bodies

The value provided in Section II.1.4 is only an estimate and is based on the initial 2 year duration. As a baseline against the current contract, the DfT has made approximately 90 call-offs and approximately 70 % of the call-offs are for values of 20 000 GBP or less

Note: There is no appeal as such to a decision on whether or not to award the Contract but if you wish to make representations to the DfT about the conduct or outcome of the procurement you should email the DfT at the address stated in Section I.1.

To view this notice, please click here:

https://www.delta-esourcing.com/delta/viewNotice.html?noticeId=138594551

GO Reference: GO-2015327-PRO-6477578.

VI.4)

Procedures for appeal

VI.4.1)

Body responsible for appeal procedures

Body responsible for mediation procedures

VI.4.2)

Lodging of appeals
Precise information on deadline(s) for lodging appeals:

The DfT will incorporate a minimum 10 calendar day standstill period at the point information on the award of the contract is communicated to tenderers. Applicants who are unsuccessful shall be informed by the DfT as soon as possible after the decision has been made as to the reasons.

VI.4.3)

Service from which information about the lodging of appeals may be obtained

VI.5)

Dispatch date of this Notice

ANNEX B

Information About Lots

1)

Short Description

In line with current guidelines and standards and the proposed changes by CESG to Information Assurance (IA) consultancy, suppliers must be able to demonstrate and provide a range of experience and skills which relate to CESG Certified Professional (CCP) or equivalent roles i.e. CLAS.

Suppliers will be required to undertake a broad range of IT Security and IA roles of which the key areas are summarised as follows:

— Conduct risk assessments;

— Provide expert advice for the planning, design, set-up and implementation of information security relating to security architecture, configurations, risk control regimes and others requirements as specified;

— Develop security documentation in line with CESG and government standards (or as otherwise agreed);

— Develop policies, guidance and procedures relating to information security and information assurance;

— Conduct and document compliance reviews/checks of information systems in line with UKG and international best practice, policies and standards and where required, to carry out document reviews.

2)

Common Procurement Vocabulary (CPV)

3)

Quantity or scope

4)

Indication about different contract dates

5)

Additional Information about lots

ANNEX B

Information About Lots

1)

Short Description

IT Health Checks identify vulnerabilities in IT systems and networks which may compromise the confidentiality, integrity or availability of information held on that IT system.

The CHECK scheme enables penetration testing by CESG approved companies, employing penetration testing personnel qualified to assess HMG and other public sector bodies.

Suppliers must be able to demonstrate and provide a range of experience relating to IT Health Checks including, where appropriate, retain a valid and active registration on the CESG CHECK scheme or be CREST or TIGER accredited from qualified PCI security assessors.

Suppliers will be required to carry out and report on:

— IT security health checks of DfT IT systems;

— Penetration tests of IT systems and services;

— Compliance checks for ISO27000 standards (2005 and 2013) and similar standards such as the CESG IAS1&2 Baseline Control Set; and

— Scanning and compliance checks for PCI-DSS.

For all of the above and where relevant and agreed with the DfT lead, suppliers must be capable of producing reports that include: an impact assessment statement, a summary of the approach taken together with working assumptions, a set of findings, conclusions and recommendations and where relevant, a list of the key risks and issues including any costs relating to rectification.

2)

Common Procurement Vocabulary (CPV)

3)

Quantity or scope

4)

Indication about different contract dates

5)

Additional Information about lots

ANNEX B

Information About Lots

1)

Short Description

Suppliers must, at short notice, be capable of conducting internal security investigations to support legal compliance.

Suppliers must be able to demonstrate experience and expertise in the following areas of activity:

— Assessment and advice on the best approaches for preserving data or managing active incidents;

— Isolation and analysis of active IT systems;

— Analysis of disc drives, tapes and solid state memory devices for information that may have been deleted or overwritten;

— Analysis of Trusted Platform Module (TPM) and other hardware alerts;

— Analysis of log files and audit trails and other software indicators to associate actions, times, devices and person-related authentication credentials or tokens;

— Analysis of PCI-DSS transactions and related activity; and

— Physical forensics of equipment, work spaces etc.

2)

Common Procurement Vocabulary (CPV)

3)

Quantity or scope

4)

Indication about different contract dates

5)

Additional Information about lots

ANNEX B

Information About Lots

1)

Short Description

The DfT will issue a specification setting out the objectives, scope and expected deliverables for each individual Physical Security and Business Continuity requirement.

Due to the broad and varying nature of the requirements, suppliers should have demonstrable experience and qualifications, where required, to perform the following range of activities:

— Business Continuity

To review, amend, design, test and implement existing/new strategies and plans, governance structures including roles and responsibilities, processes, procedures and systems;

— Incident Management

To review, amend, design, test and implement existing/new strategies and plans, governance structures including roles and responsibilities, processes, procedures and systems – relating to both IT and Non-IT systems as required;

— Physical Security

To carry out physical risk assessments and audits in line with HMG policy and develop, where appropriate, remediation plans and new processes and procedures;

To develop policy and guidance relating to the storage of sensitive assets and their environments; and

To assess operational requirements and provide guidance in order to reduce the threat of risk and harm to DfT staff, information and assets.

2)

Common Procurement Vocabulary (CPV)

3)

Quantity or scope

4)

Indication about different contract dates

5)

Additional Information about lots