Framework agreement regarding services related to technical security testing
Danmarks Nationalbank
Danmarks Nationalbank (DN) is the central bank of Denmark, which is an independent self-governing institution established by law. DN wishes to enter into a non-exclusive framework agreement with a supplier regarding technical security testing.
DN's needed services regarding technical security testing are the following:
Section A:
— A monthly vulnerability scan of the external perimeter (Internet facing hosts and web-applications)
— A yearly security assessment/test of Internet facing hosts and web-applications
— A yearly Content Security Test (Test of Malware protection setup), including assessment of the following:
- Control configuration
- Network design
- Test cases to validate the desired control configuration and network design
— Periodical tests of the most critical internal business systems to ensure a continuous high level of security
Section B:
Ad-Hoc consultancy services that DN can order if needed. Services could include:
— Source code reviews
— Risk analyses and threat modelling
— Document reviews/analyses
— Security Requirement definitions
— Hardening recommendations
— Secure software development training
— Incident response services
— Strategic security development
— Supplementary services as described in section A.
— License for technical tools to be used by DN to perform technical security tests in-house
All services must include quality assurance, project management and reporting.
The framework agreement will include requirements to ensure that the supplier shall be present at the premises of the bank in Denmark, Havnegade 5, 1093 Copenhagen K, within maximum 1 hour, due to the possible need of assistance in critical situations, which cannot be amended solely through the internet.
Fristen for modtagelse af bud var på 2014-09-30. Indkøbet blev offentliggjort på 2014-08-25.
LeverandørerFølgende leverandører er nævnt i tildelingsbeslutninger eller andre indkøbsdokumenter:
Hvem? Hvad?- • It-tjenester: rådgivning, programmeludvikling, internet og support › Support- og konsulentvirksomhed i forbindelse med edb
- • Sikkerhedsprogrampakke › Datasikkerhedsprogrampakke
Indkøbshistorik
| Dato | Dokument |
|---|---|
| 2014-08-25 | Udbudsbekendtgørelse |
| 2015-02-05 | Bekendtgørelse om indgåede kontrakter |
Udbudsbekendtgørelse (2014-08-25)
Objekt
Omfanget af udbuddet
Titel: Support- og konsulentvirksomhed i forbindelse med edb
Bekendtgørelsens metadata
Originalsprog: engelsk 🗣️
Dokumenttype: Udbudsbekendtgørelse
Kontraktens art: Tjenesteydelser
Forordning: Den Europæiske Union, med deltagelse af GPA-lande
Fælles glossar for offentlige kontrakter (CPV)
Kode: Support- og konsulentvirksomhed i forbindelse med edb 📦
Procedure
Procedureform: Begrænset udbud
Bud-type: Indsendelse gældende for alle delaftaler
Kriterier for tildeling
Det økonomisk mest fordelagtige bud
Ordregivende myndighed
Identitet
Land: Danmark 🇩🇰
Type af ordregivende myndighed: Offentligretligt organ
Navn på ordregivende myndighed: Danmarks Nationalbank
Postadresse: Havnegade 5
Postnummer: 1093
Postby: Copenhagen K
Kontakt
Internetadresse: http://www.nationalbanken.dk 🌏
E-mail: jhsi@nationalbanken.dk 📧
Telefon: +45 33636527 📞
Reference
Datoer
Afsendelsesdato: 2014-08-25 📅
Tilbudsfrist: 2014-09-30 📅
Offentliggørelsesdato: 2014-08-27 📅
Identifikatorer
Bekendtgørelsesnummer: 2014/S 163-292330
EUT-S-nummer: 163
Yderligere oplysninger
Objekt
Omfanget af udbuddet
Kort beskrivelse:
Varighed: 48 måneder
Juridiske, økonomiske, finansielle og tekniske oplysninger
Betingelser for deltagelse
Egnethed til at udøve det erhverv:
Økonomisk og finansiel stilling:
Teknisk og faglig kompetence:
Mindstekrav til niveauet:
Krav om deponering og sikkerhedsstillelse: DN does not allow payments made in advance.
De vigtigste finansieringsbetingelser og betalingsordninger og/eller henvisning til de relevante bestemmelser, der regulerer dem:
Personalets navne og faglige kvalifikationer ✅
Procedure
Rammeaftalens varighed i år: 4
Påtænkt antal ansøgere: 5
Objektive kriterier for udvælgelse:
Dato for afsendelse af opfordringer: 2014-10-07 📅
Sprog
Sprog: dansk 🗣️
engelsk 🗣️
Ordregivende myndighed
Kontakt
Enhed: Jacob Høeg Simonsen
URL til dokumenter: http://www.nationalbanken.dk/en/about_danmarks_nationalbank/tenders/ 🌏
Reference
Yderligere oplysninger
Supplerende oplysninger
Gennemgå organ
Navn: Klagenævnet for Udbud (The Complaints Board for Public Procurement)
Postadresse: Dahlerups Pakhus - Langelinie Alle 17
Postby: Copenhagen Ø
Postnummer: 2100
Land: Danmark 🇩🇰
Telefon: +45 35291000 📞
Oplysninger om frister for klageprocedurer:
Tjeneste, hvorfra der kan indhentes oplysninger om klageproceduren
Navn: Konkurrence- og Forbrugerstyrelsen (Danish Competition and Consumer Authority)
Postadresse: Carl Jacobsens Vej 35
Postby: Valby
Postnummer: 2500
Telefon: +45 41715000 📞
Tilbagevendende udbud
2018.
Kilde: OJS 2014/S 163-292330 (2014-08-25)
Objekt
Omfanget af udbuddet
Titel: Support- og konsulentvirksomhed i forbindelse med edb
Bekendtgørelsens metadata
Originalsprog: engelsk 🗣️
Dokumenttype: Udbudsbekendtgørelse
Kontraktens art: Tjenesteydelser
Forordning: Den Europæiske Union, med deltagelse af GPA-lande
Fælles glossar for offentlige kontrakter (CPV)
Kode: Support- og konsulentvirksomhed i forbindelse med edb 📦
Procedure
Procedureform: Begrænset udbud
Bud-type: Indsendelse gældende for alle delaftaler
Kriterier for tildeling
Det økonomisk mest fordelagtige bud
Ordregivende myndighed
Identitet
Land: Danmark 🇩🇰
Type af ordregivende myndighed: Offentligretligt organ
Navn på ordregivende myndighed: Danmarks Nationalbank
Postadresse: Havnegade 5
Postnummer: 1093
Postby: Copenhagen K
Kontakt
Internetadresse: http://www.nationalbanken.dk 🌏
E-mail: jhsi@nationalbanken.dk 📧
Telefon: +45 33636527 📞
Reference
Datoer
Afsendelsesdato: 2014-08-25 📅
Tilbudsfrist: 2014-09-30 📅
Offentliggørelsesdato: 2014-08-27 📅
Identifikatorer
Bekendtgørelsesnummer: 2014/S 163-292330
EUT-S-nummer: 163
Yderligere oplysninger
As regards section III.2.2) and III.2.3), please note that if a candidate relies on the capacities of other entities, regardless of the legal nature of the links which it has with them, the candidate must prove to DN that it will have at its disposal the resources necessary.
As regard section II.3) please note that the starting date is the estimated date for the award of the framework agreement.
As regards section III.3.2) the indication of names and professional qualifications of the staff responsible for the execution of the service is not needed in the request to participate, but is expected to be required in the invitation to tender.
The indicated date of dispatch of the invitation to tender is preliminary and could be shanged by DN, cf. section IV.3.5).
The request to participate should preferably be submitted in 3 paper copies and 1 electronic copy on a usb or another relevant medium. The request should preferably be marked 'Request to participate - Technical security testing - do not open'.The request must be delivered in a sealed envelope to the address stated in section I.1 and may not be sent by email.
In order to ease the request procedure for the candidate, DN has made the following check list. The check list cannot replace the content of each demand described throughout the contract notice, and the candidate is encouraged to review the contract notice thoroughly:
1. The candidate should clearly state the identity of the candidate. Each member of a joint group, e.g. a consortium, must be clearly identified.
2. A solemn declaration regarding public debt (find form at www.nationalbanken.dk), cf. section III.2.1).The declaration should be submitted for each member of a joint group, if. relevant.
3. A solemn declaration regarding art. 45 in Directive 2004/18/EF (find form at www.nationalbanken.dk), cf. section III.2.1). The declaration should be submitted for each member of a joint group, if relevant.
4. A statement about the financial statements (annual account/balance sheets) for each of the last three financial years available, cf. section III.2.2)
5. A list of relevant services, cf. section III.2.3)
6. Information about manpower etc., cf. section III.2.3)
7. If relevant, a declaration as regards the use of other legal entities if the candidate relies on the capacity of the said entities, cf. section III.2.2) and III.3.2.3)
8. Request written in Danish or English
9. Request in 3 paper copies
10. Request in 1 electronic copy
11. Request sent or delivered timely to Nationalbankens Postaladress to meet the deadline in section IV.3.4). Notice, that DN does not accept requests to participate sent by e-mail.
There is no supplemental information which the candidate can ask for before submitting the request to participate, cf. section I.1.
DN request that any questions concerning this contract notice are sent by e-mail, cf. section I.1. Answers will be published on DN's website, www.nationalbanken.dk
Vis mere
Objekt
Omfanget af udbuddet
Kort beskrivelse:
Danmarks Nationalbank (DN) is the central bank of Denmark, which is an independent self-governing institution established by law. DN wishes to enter into a non-exclusive framework agreement with a supplier regarding technical security testing.
DN's needed services regarding technical security testing are the following:
Section A:
— A monthly vulnerability scan of the external perimeter (Internet facing hosts and web-applications)
— A yearly security assessment/test of Internet facing hosts and web-applications
— A yearly Content Security Test (Test of Malware protection setup), including assessment of the following:
- Control configuration
- Network design
- Test cases to validate the desired control configuration and network design
— Periodical tests of the most critical internal business systems to ensure a continuous high level of security
Section B:
Ad-Hoc consultancy services that DN can order if needed. Services could include:
— Source code reviews
— Risk analyses and threat modelling
— Document reviews/analyses
— Security Requirement definitions
— Hardening recommendations
— Secure software development training
— Incident response services
— Strategic security development
— Supplementary services as described in section A.
— License for technical tools to be used by DN to perform technical security tests in-house
All services must include quality assurance, project management and reporting.
The framework agreement will include requirements to ensure that the supplier shall be present at the premises of the bank in Denmark, Havnegade 5, 1093 Copenhagen K, within maximum 1 hour, due to the possible need of assistance in critical situations, which cannot be amended solely through the internet.
Vis mere
Juridiske, økonomiske, finansielle og tekniske oplysninger
Betingelser for deltagelse
Egnethed til at udøve det erhverv:
1. A solemn declaration stating that the candidate has fulfilled his obligations relating to the payment of direct and indirect taxes and social security contributions in accordance with the legal provisions of the country in which the candidate is established or in Denmark, in accordance with the Danish Consolidation Act No. 336 of 13.5.1997 on the restriction of Debtors' Options for Participating in Public Procurement Procedures and on the Amendment of Certain other Acts.
Vis mere
2. A solemn declaration stating that the candidate is not excluded from participating in a public contract due to the reasons stated in Article 45 of Directive 2004/18/EC.
Ad 1+2: Submission from foreign candidates of a similar declaration/report from their country containing the same information as the Danish solemn declaration is also sufficient. Please be aware that the declaration from the candidate may only contain information about the candidates own country and the request to participate must then be supplemented with a declaration about the candidates public debt in Denmark.
Vis mere
The declaration must not be older than six month before the deadline for receiving requests to participate. If the candidate consists of a joint group of suppliers (e.g. a consortium) each member of the consortium must submit the declaration/report.
The candidate may obtain a form at www.nationalbanken.dk/tender which may be used in the request to participate.
A statement about the financial statements (annual account or balance sheets/extract of balance sheets) for each of the last 3 financial years available, depending on the date on which the entity was set up or started the business.
Mindstekrav til niveauet:
The candidate must have a positive equity capital (egenkapital) in each of the last 3 financial years available.
A candidate can rely on the capacities of other entities, regardless of the nature of the links which it has with them.
1. A list of the 5 principal deliveries of similar technical security testing services, cf. section II.1.5), to larger financial institutions/companies or institutions/companies with high security level delivered in the past three years, preferable indicating the sums, dates and recipients involved (references) together with contact information. DN may contact the institutions mentioned.
Vis mere
2. A statement of the average annual manpower of the candidate and the number of managerial staff for the last 3 years.
1. The principal deliveries (references) must comprise at least 1 reference on the delivery of technical security testing similar to the ones described in section II.1.5) within the past 3 years.
Kontraktens udførelse
Krav om deponering og sikkerhedsstillelse: DN does not allow payments made in advance.
De vigtigste finansieringsbetingelser og betalingsordninger og/eller henvisning til de relevante bestemmelser, der regulerer dem:
Other terms of payment will be described in the tender documents. There will be requirements in the framework agreement as regards insurance and quality assurance.
Den juridiske form, som den sammenslutning af økonomiske aktører, der skal have kontrakten, skal have:
No specific legal form is required. If the framework agreement is awarded to an association of entities, each entity shall assume joint and several liability, and a joint proxy shall be appointed.
Andre særlige vilkår:
Employees of the supplier or of any subcontractors that shall execute the services described in the framework agreement could be asked to have prior security clearance from DN. For this purpose, DN shall obtain the consent of the employees in question for security checks to be performed by the Danish Security and Intelligence Service (PET). DN shall require the consent of the employees in question for undertaking clearance to the 'Confidential' level.
Vis mere
Where an employee is not given security clearance by DN as a result of said employee's personal affairs, the supplier shall make another employee with similar qualifications available for the performance of the agreed tasks.
As regards employees who are not Danish citizens, the supplier shall provide documentation about the criminal record the last 10 years of the employees in question and shall provide DN with a copy of those employees' passports in order for DN to make the security clearance.
Vis mere
Procedure
Rammeaftalens varighed i år: 4
Påtænkt antal ansøgere: 5
Objektive kriterier for udvælgelse:
Limitations on the number of candidates who will be invited to tender will be based upon an evaluation of which candidates have the most relevant references with regards to the services governed by the framework agreement, cf. section II.1.5), cf. section III.2.3), and on the number of average annual manpower and number of managerial staff that indicates sufficient capacity to perfom the tasks described in section II.1.5). DN will place the greatest emphasis on the most relevant references.
Vis mere
Sprog
Sprog: dansk 🗣️
engelsk 🗣️
Ordregivende myndighed
Kontakt
Enhed: Jacob Høeg Simonsen
URL til dokumenter: http://www.nationalbanken.dk/en/about_danmarks_nationalbank/tenders/ 🌏
Reference
Yderligere oplysninger
As regards section III.2.2) and III.2.3), please note that if a candidate relies on the capacities of other entities, regardless of the legal nature of the links which it has with them, the candidate must prove to DN that it will have at its disposal the resources necessary.
Vis mere
As regard section II.3) please note that the starting date is the estimated date for the award of the framework agreement.
As regards section III.3.2) the indication of names and professional qualifications of the staff responsible for the execution of the service is not needed in the request to participate, but is expected to be required in the invitation to tender.
The indicated date of dispatch of the invitation to tender is preliminary and could be shanged by DN, cf. section IV.3.5).
The request to participate should preferably be submitted in 3 paper copies and 1 electronic copy on a usb or another relevant medium. The request should preferably be marked 'Request to participate - Technical security testing - do not open'.The request must be delivered in a sealed envelope to the address stated in section I.1 and may not be sent by email.
Vis mere
In order to ease the request procedure for the candidate, DN has made the following check list. The check list cannot replace the content of each demand described throughout the contract notice, and the candidate is encouraged to review the contract notice thoroughly:
Vis mere
1. The candidate should clearly state the identity of the candidate. Each member of a joint group, e.g. a consortium, must be clearly identified.
2. A solemn declaration regarding public debt (find form at www.nationalbanken.dk), cf. section III.2.1).The declaration should be submitted for each member of a joint group, if. relevant.
3. A solemn declaration regarding art. 45 in Directive 2004/18/EF (find form at www.nationalbanken.dk), cf. section III.2.1). The declaration should be submitted for each member of a joint group, if relevant.
4. A statement about the financial statements (annual account/balance sheets) for each of the last three financial years available, cf. section III.2.2)
5. A list of relevant services, cf. section III.2.3)
6. Information about manpower etc., cf. section III.2.3)
7. If relevant, a declaration as regards the use of other legal entities if the candidate relies on the capacity of the said entities, cf. section III.2.2) and III.3.2.3)
8. Request written in Danish or English
9. Request in 3 paper copies
10. Request in 1 electronic copy
11. Request sent or delivered timely to Nationalbankens Postaladress to meet the deadline in section IV.3.4). Notice, that DN does not accept requests to participate sent by e-mail.
There is no supplemental information which the candidate can ask for before submitting the request to participate, cf. section I.1.
DN request that any questions concerning this contract notice are sent by e-mail, cf. section I.1. Answers will be published on DN's website, www.nationalbanken.dk
Supplerende oplysninger
Gennemgå organ
Navn: Klagenævnet for Udbud (The Complaints Board for Public Procurement)
Postadresse: Dahlerups Pakhus - Langelinie Alle 17
Postby: Copenhagen Ø
Postnummer: 2100
Land: Danmark 🇩🇰
Telefon: +45 35291000 📞
Oplysninger om frister for klageprocedurer:
According to the (Danish) Act no. 492 of 12 May 2010 on the Enforcement of the Rules of Procurement, including subsequently modifications, complaints regarding a candidate not being selected must be lodged with The Complaints Board for Public Procurement within 20 calendar days starting the day after the contracting authority has sent a notification to all interested candidates.
Vis mere
Complaints regarding other decisions relating to the announcement must be lodged with The Complaints Board for Public Procurement within 6 months starting the day after the contracting authority has sent a notification to the invited candidates about entering into framework agreement.
Vis mere
Navn: Konkurrence- og Forbrugerstyrelsen (Danish Competition and Consumer Authority)
Postadresse: Carl Jacobsens Vej 35
Postby: Valby
Postnummer: 2500
Telefon: +45 41715000 📞
Tilbagevendende udbud
2018.
Kilde: OJS 2014/S 163-292330 (2014-08-25)
Bekendtgørelse om indgåede kontrakter (2015-02-05)
Objekt
Bekendtgørelsens metadata
Dokumenttype: Bekendtgørelse om indgåede kontrakter
Procedure
Bud-type: Finder ikke anvendelse
Reference
Datoer
Afsendelsesdato: 2015-02-05 📅
Offentliggørelsesdato: 2015-02-10 📅
Identifikatorer
Bekendtgørelsesnummer: 2015/S 028-047648
Henviser til bekendtgørelse: 2014/S 163-292330
EUT-S-nummer: 28
Yderligere oplysninger
Procedure
Kriterier for tildeling
Kriterium: 1. Quality (50)
2. Delivery (20)
3. Price (30)
Tildeling af kontrakt
Dato for kontraktindgåelse: 2014-12-12 📅
Navn: Deloitte Statsautoriseret Revisionspartnerselskab
Postadresse: Weidekampsgade 6
Postby: Copenhagen S
Postnummer: 2300
Land: Danmark 🇩🇰
Oplysninger om udbud
Antal modtagne bud: 5
Supplerende oplysninger
Gennemgå organ
Postadresse: Dahlerups Pakhus — Langelinie Alle 17
Kilde: OJS 2015/S 028-047648 (2015-02-05)
Objekt
Bekendtgørelsens metadata
Dokumenttype: Bekendtgørelse om indgåede kontrakter
Procedure
Bud-type: Finder ikke anvendelse
Reference
Datoer
Afsendelsesdato: 2015-02-05 📅
Offentliggørelsesdato: 2015-02-10 📅
Identifikatorer
Bekendtgørelsesnummer: 2015/S 028-047648
Henviser til bekendtgørelse: 2014/S 163-292330
EUT-S-nummer: 28
Yderligere oplysninger
As regards section III.2.2) and III.2.3), please note that if a candidate relies on the capacities of other entities, regardless of the legal nature of the links which it has with them, the candidate must prove to DN that it will have at its disposal the resources necessary.
As regard section II.3) please note that the starting date is the estimated date for the award of the framework agreement.
As regards section III.3.2) the indication of names and professional qualifications of the staff responsible for the execution of the service is not needed in the request to participate, but is expected to be required in the invitation to tender.
The indicated date of dispatch of the invitation to tender is preliminary and could be changed by DN, cf. section IV.3.5).
The request to participate should preferably be submitted in 3 paper copies and 1 electronic copy on a usb or another relevant medium. The request should preferably be marked ‘Request to participate — Technical security testing — do not open’. The request must be delivered in a sealed envelope to the address stated in section I.1 and may not be sent by email.
In order to ease the request procedure for the candidate, DN has made the following check list. The check list cannot replace the content of each demand described throughout the contract notice, and the candidate is encouraged to review the contract notice thoroughly:
1. The candidate should clearly state the identity of the candidate. Each member of a joint group, e.g. a consortium, must be clearly identified;
2. A solemn declaration regarding public debt (find form at www.nationalbanken.dk), cf. section III.2.1). The declaration should be submitted for each member of a joint group, if. relevant;
3. A solemn declaration regarding art. 45 in Directive 2004/18/EF (find form at www.nationalbanken.dk), cf. section III.2.1). The declaration should be submitted for each member of a joint group, if relevant;
4. A statement about the financial statements (annual account/balance sheets) for each of the last three financial years available, cf. section III.2.2);
5. A list of relevant services, cf. section III.2.3);
6. Information about manpower etc., cf. section III.2.3);
7. If relevant, a declaration as regards the use of other legal entities if the candidate relies on the capacity of the said entities, cf. section III.2.2) and III.3.2.3);
8. Request written in Danish or English;
9. Request in 3 paper copies;
10. Request in 1 electronic copy;
11. Request sent or delivered timely to Nationalbankens Postal adress to meet the deadline in section IV.3.4). Notice, that DN does not accept requests to participate sent by e-mail.
There is no supplemental information which the candidate can ask for before submitting the request to participate, cf. section I.1.
DN request that any questions concerning this contract notice are sent by e-mail, cf. section I.1. Answers will be published on DN's website, www.nationalbanken.dk
Vis mere
Procedure
Kriterier for tildeling
Kriterium: 1. Quality (50)
2. Delivery (20)
3. Price (30)
Tildeling af kontrakt
Dato for kontraktindgåelse: 2014-12-12 📅
Navn: Deloitte Statsautoriseret Revisionspartnerselskab
Postadresse: Weidekampsgade 6
Postby: Copenhagen S
Postnummer: 2300
Land: Danmark 🇩🇰
Oplysninger om udbud
Antal modtagne bud: 5
Supplerende oplysninger
Gennemgå organ
Postadresse: Dahlerups Pakhus — Langelinie Alle 17
Kilde: OJS 2015/S 028-047648 (2015-02-05)
Nye indkøb inden for beslægtede kategorier 🆕