Contract notice
Section I: Contracting
authority
I.1) Name and addresses
City of Edinburgh Council
Waverley Court
Edinburgh
EH8 8BG
UK
Contact person: Jonathan Livingstone
E-mail: jonathan.livingstone@edinburgh.gov.uk
NUTS: UKM75
Internet address(es)
Main address: http://www.edinburgh.gov.uk
Address of the buyer profile: https://www.publiccontractsscotland.gov.uk/search/Search_AuthProfile.aspxD=AA00290
I.3) Communication
The procurement documents are available for unrestricted and full direct access, free of charge at:
https://www.publictendersscotland.publiccontractsscotland.gov.uk
Additional information can be obtained from the abovementioned address
Tenders or requests to participate must be sent electronically to:
https://www.publictendersscotland.publiccontractsscotland.gov.uk
I.4) Type of the contracting authority
Regional or local authority
I.5) Main activity
General public services
Section II: Object
II.1) Scope of the procurement
II.1.1) Title
Cyber Security Assurance Services Framework
Reference number: CT1218
II.1.2) Main CPV code
72000000
II.1.3) Type of contract
Services
II.1.4) Short description
The City of Edinburgh Council is focused on establishing a robust Framework for the procurement of secure digital services. It aims to enhance the Councils ability to assess and select IT service providers that meet stringent security requirements, ensuring the delivery of secure and reliable digital services.
II.1.5) Estimated total value
Value excluding VAT:
750 000.00
GBP
II.1.6) Information about lots
This contract is divided into lots:
Yes
Tenders may be submitted for all lots
II.2) Description
Lot No: 1
II.2.1) Title
Essential Services: Penetration Testing, Security Assurance & Reporting, Advice & Consultation
II.2.2) Additional CPV code(s)
72000000
II.2.3) Place of performance
NUTS code:
UKM75
II.2.4) Description of the procurement
The City of Edinburgh Council intends to establish a Framework Agreement that will provide the Council with a range of ICT information and system security assessments.
These include:
- Penetration testing and vulnerability assessments against industry standards at application, component, and full stack levels, and
- Security assurance and reporting of proposed new technologies and services.
Suppliers must also provide:
- Advice and consultation on proposed and existing cloud developments,
- Advice and consultation on proposed and existing cloud infrastructure configurations, and
- Advice and consultation on cloud technologies to support ongoing management of our cloud operations.
II.2.5) Award criteria
Criteria below:
Quality criterion: Delivery of Services
/ Weighting: 30
Quality criterion: Advice and Consultancy
/ Weighting: 30
Quality criterion: Account Management and Staffing
/ Weighting: 15
Quality criterion: Business continuity
/ Weighting: 10
Quality criterion: The Environment
/ Weighting: 5
Quality criterion: Fair Work Practices
/ Weighting: 5
Quality criterion: Community Benefits
/ Weighting: 5
Price
/ Weighting:
50
II.2.6) Estimated value
Value excluding VAT:
675 000.00
GBP
II.2.7) Duration of the contract, framework agreement or dynamic purchasing system
Duration in months: 24
This contract is subject to renewal: Yes
Description of renewals:
Possible extension up to 24 months.
II.2.9) Information about the limits on the number of candidates to be invited
Envisaged minimum number: 5
II.2.10) Information about variants
Variants will be accepted:
No
II.2.11) Information about options
Options:
No
II.2.13) Information about European Union funds
The procurement is related to a project and/or programme financed by European Union funds:
No
Lot No: 2
II.2.1) Title
Incident Response, Digital Forensics, Data Breach Assessment & Recovery
II.2.2) Additional CPV code(s)
72000000
II.2.3) Place of performance
NUTS code:
UKM75
II.2.4) Description of the procurement
The City of Edinburgh Council intends to establish a Framework Agreement that will provide the Council with a range of ICT information and system security assessments.
These include:
- Incident Response,
- Digital Forensics,
- Data Breach Assessment and Recovery.
II.2.5) Award criteria
Criteria below:
Quality criterion: Quality from Lot 1
/ Weighting: 50
Price
/ Weighting:
50
II.2.6) Estimated value
Value excluding VAT:
15 000.00
GBP
II.2.7) Duration of the contract, framework agreement or dynamic purchasing system
Duration in months: 24
This contract is subject to renewal: Yes
Description of renewals:
Possible extension up to 24 months.
II.2.9) Information about the limits on the number of candidates to be invited
Envisaged minimum number: 5
II.2.10) Information about variants
Variants will be accepted:
No
II.2.11) Information about options
Options:
No
II.2.13) Information about European Union funds
The procurement is related to a project and/or programme financed by European Union funds:
No
Lot No: 3
II.2.1) Title
Security Audit – PCI, Security Architecture/Design Review, Compliance & Regulatory Services.
II.2.2) Additional CPV code(s)
72000000
II.2.3) Place of performance
NUTS code:
UKM75
II.2.4) Description of the procurement
The City of Edinburgh Council intends to establish a Framework Agreement that will provide the Council with a range of ICT information and system security assessments.
These include:
- Security Audit – PCI,
- Security Architecture/Design Review,
- Compliance and Regulatory Services.
II.2.5) Award criteria
Criteria below:
Quality criterion: Quality from Lot 1
/ Weighting: 50
Price
/ Weighting:
50
II.2.6) Estimated value
Value excluding VAT:
15 000.00
GBP
II.2.7) Duration of the contract, framework agreement or dynamic purchasing system
Duration in months: 24
This contract is subject to renewal: Yes
Description of renewals:
Possible extension up to 24 months.
II.2.9) Information about the limits on the number of candidates to be invited
Envisaged minimum number: 5
II.2.10) Information about variants
Variants will be accepted:
No
II.2.11) Information about options
Options:
No
II.2.13) Information about European Union funds
The procurement is related to a project and/or programme financed by European Union funds:
No
Lot No: 4
II.2.1) Title
Threat Intelligence
II.2.2) Additional CPV code(s)
72000000
II.2.3) Place of performance
NUTS code:
UKM75
II.2.4) Description of the procurement
The City of Edinburgh Council intends to establish a Framework Agreement that will provide the Council with a range of ICT information and system security assessments.
These include:
- Threat Intelligence
II.2.5) Award criteria
Criteria below:
Quality criterion: Quality from Lot 1
/ Weighting: 50
Price
/ Weighting:
50
II.2.6) Estimated value
Value excluding VAT:
15 000.00
GBP
II.2.7) Duration of the contract, framework agreement or dynamic purchasing system
Duration in months: 24
This contract is subject to renewal: Yes
Description of renewals:
Possible extension up to 24 months.
II.2.9) Information about the limits on the number of candidates to be invited
Envisaged minimum number: 5
II.2.10) Information about variants
Variants will be accepted:
No
II.2.11) Information about options
Options:
No
II.2.13) Information about European Union funds
The procurement is related to a project and/or programme financed by European Union funds:
No
Lot No: 5
II.2.1) Title
Vulnerability Assessments
II.2.2) Additional CPV code(s)
72000000
II.2.3) Place of performance
NUTS code:
UKM75
II.2.4) Description of the procurement
The City of Edinburgh Council intends to establish a Framework Agreement that will provide the Council with a range of ICT information and system security assessments.
These include:
- Vulnerability Assessments
II.2.5) Award criteria
Criteria below:
Quality criterion: Quality from Lot 1
/ Weighting: 50
Price
/ Weighting:
50
II.2.6) Estimated value
Value excluding VAT:
15 000.00
GBP
II.2.7) Duration of the contract, framework agreement or dynamic purchasing system
Duration in months: 24
This contract is subject to renewal: Yes
Description of renewals:
Possible extension up to 24 months.
II.2.9) Information about the limits on the number of candidates to be invited
Envisaged minimum number: 5
II.2.10) Information about variants
Variants will be accepted:
No
II.2.11) Information about options
Options:
No
II.2.13) Information about European Union funds
The procurement is related to a project and/or programme financed by European Union funds:
No
Lot No: 6
II.2.1) Title
Data & Hardware Sanitisation
II.2.2) Additional CPV code(s)
72000000
II.2.3) Place of performance
NUTS code:
UKM75
II.2.4) Description of the procurement
The City of Edinburgh Council intends to establish a Framework Agreement that will provide the Council with a range of ICT information and system security assessments.
These include:
- Data and Hardware Sanitisation
II.2.5) Award criteria
Criteria below:
Quality criterion: Quality from Lot 1
/ Weighting: 50
Price
/ Weighting:
50
II.2.6) Estimated value
Value excluding VAT:
15 000.00
GBP
II.2.7) Duration of the contract, framework agreement or dynamic purchasing system
Duration in months: 24
This contract is subject to renewal: Yes
Description of renewals:
Possible extension up to 24 months.
II.2.9) Information about the limits on the number of candidates to be invited
Envisaged minimum number: 5
II.2.10) Information about variants
Variants will be accepted:
No
II.2.11) Information about options
Options:
No
II.2.13) Information about European Union funds
The procurement is related to a project and/or programme financed by European Union funds:
No
Section III: Legal, economic, financial and technical information
III.1) Conditions for participation
III.1.1) Suitability to pursue the professional activity, including requirements relating to enrolment on professional or trade registers
List and brief description of conditions:
Suppliers are required to comply with the following qualification and accreditation requirements:
1. CREST or CHECK accredited, evidence of accreditation will be required.
2. Assessments carried out by your organisation are conducted by appropriately qualified individuals, for example (CISSP, CISM, CEH, CCSP, OSCP, CCT INF) or equivalent.
3. Accredited Microsoft, AWS Partner or equivalent.
III.1.2) Economic and financial standing
List and brief description of selection criteria:
Tenderers are required to have a minimum “general” annual turnover as detailed below for the last two financial years. Where a Tenderer does not have an annual turnover of this value, the Council may exclude the Tenderer from the competition or may apply discretion, seeking supporting evidence to determine the Tenderer’s suitability to proceed in the competition.
The formula for calculating a Tenderer’s current ratio is current assets divided by current liabilities. The acceptable range for each financial ratio is greater than the ratio as detailed below. Where a Tenderer’s current ratio is less than the acceptable value, the Council may exclude the Tenderer from the competition or may apply discretion, seeking supporting evidence to determine the Tenderer’s suitability to proceed in the competition.
Minimum level(s) of standards required:
Estimated Value pa Minimum “General” Annual Turnover Ratio
Cyber Assurance Framework 250,000 GBP 1.10
It is a mandatory requirement that service providers appointed to this Framework Agreement have the following insurance in place:
- Professional Indemnity Insurance (minimum of 5 Million GBP)
- Employer’s Liability Insurance (minimum of 5 Million GBP)
- Public Liability Insurance (minimum of 5 Million GBP)
III.1.3) Technical and professional ability
Selection criteria as stated in the procurement documents
III.2) Conditions related to the contract
Section IV: Procedure
IV.1) Description
IV.1.1) Type of procedure
Restricted procedure
IV.1.3) Information about a framework agreement or a dynamic purchasing system
The procurement involves the establishment of a framework agreement with several operators.
Envisaged maximum number of participants to the framework agreement: 6
IV.1.8) Information about Government Procurement Agreement (GPA)
The procurement is covered by the Government Procurement Agreement:
Yes
IV.2) Administrative information
IV.2.2) Time limit for receipt of tenders or requests to participate
Date:
31/07/2024
Local time: 12:00
IV.2.3) Estimated date of dispatch of invitations to tender or to participate to selected candidates
Date:
02/09/2024
IV.2.4) Languages in which tenders or requests to participate may be submitted
EN
IV.2.6) Minimum time frame during which the tenderer must maintain the tender
Duration in months: 6 (from the date stated for receipt of tender)
Section VI: Complementary information
VI.1) Information about recurrence
This is a recurrent procurement:
No
VI.3) Additional information
The buyer is using PCS-Tender to conduct this PQQ exercise. The Project code is 26662. For more information see: http://www.publiccontractsscotland.gov.uk/info/InfoCentre.aspx?ID=2343
Community benefits are included in this requirement. For more information see: https://www.gov.scot/policies/public-sector-procurement/community-benefits-in-procurement/
A summary of the expected community benefits has been provided as follows:
Community Benefits requirements will be published as part of the ITT stage.
(SC Ref:767446)
VI.4) Procedures for review
VI.4.1) Review body
Sheriff Court
Sheriff Court House, 27 Chambers Street
Edinburgh
EH1 1LB
UK
VI.4.3) Review procedure
Precise information on deadline(s) for review procedures:
An economic operator that suffers or risks suffering loss or damage attributable to a breach of duty under Public Contracts (Scotland) Regulations 2015 may bring proceedings in the Sheriff Court or Court of Session. A claim for an ineffectiveness order must be made within 30 days of the Contract Award Notice being published in the Find a Tender Service within 30 days of the date those who expressed an interest in or otherwise bid for the contract were informed of the conclusion of the contract or in any other case within 6 months from the date on which the contract was entered into.
VI.5) Date of dispatch of this notice
02/07/2024