Services - 60351-2020

Submission deadline has been amended by:  127377-2020
07/02/2020    S27

Greece-Maroussi: Support Services in Relation to the EU Cybersecurity Certification Framework

2020/S 027-060351

Contract notice


Legal Basis:
Directive 2014/24/EU

Section I: Contracting authority

I.1)Name and addresses
Official name: European Union Agency for Cybersecurity
Postal address: 1 Vasilissis Sofias Street
Town: Maroussi
Postal code: 15124
Country: Greece
Contact person: Procurement Officer
Telephone: +30 2814409711
Internet address(es):
Main address:
The procurement documents are available for unrestricted and full direct access, free of charge, at:
Additional information can be obtained from the abovementioned address
Tenders or requests to participate must be submitted electronically via:
Tenders or requests to participate must be submitted to the abovementioned address
I.4)Type of the contracting authority
European institution/agency or international organisation
I.5)Main activity
Other activity: Cybersecurity

Section II: Object

II.1)Scope of the procurement

Support Services in Relation to the EU Cybersecurity Certification Framework

Reference number: ENISA F-COD-20-T02
II.1.2)Main CPV code
73000000 Research and development services and related consultancy services
II.1.3)Type of contract
II.1.4)Short description:

The requested services shall cover ENISA’s activities in the area of drafting cybersecurity certification schemes.

Examples include:

— addressing internal market as well as international aspects concerning market, organisational, technical and legal aspects,

— analysis of market sectors likely to benefit from cybersecurity certification including:

—— market requirements to certification schemes from user, service and technology provider’s perspective;

—— key factors for ensuring market acceptance and non-discriminatory market access;

—— existing national schemes, their market position and potential areas for improvement;

—— potential synergies with CSA-conformant certification schemes for other market sectors.

— market studies on take up of cybersecurity certification schemes,

— research and documentation of market aspects of certification,

— support for preparation and implementation of sector-specific risk assessments.

II.1.5)Estimated total value
Value excluding VAT: 800 000.00 EUR
II.1.6)Information about lots
This contract is divided into lots: no
II.2.2)Additional CPV code(s)
73210000 Research consultancy services
79130000 Legal documentation and certification services
79132000 Certification services
II.2.3)Place of performance
NUTS code: EL30 Aττική
II.2.4)Description of the procurement:

We expect tenderers to have expertise and knowledge in several of the following areas:

— relevant EU legislation, in particular CSA and the regulatory framework in the European and international market,

— European ICT market, sectorial domains and their ICT services. Major stakeholders and their roles and business objectives, position in the international market, dependencies from non-European service or technology providers,

— typical sector-specific requirements to the evaluation and certification of ICT products, existing certification schemes and their position in the relevant market sectors,

— typical system architectures for ICT services and involved ICT products,

— typical attack vectors. Capabilities of types of potential attackers,

— risk assessment standards (e.g. ISO/IEC 27005) and current work undertaken by related standardization bodies,

— practical experience in carrying out risk assessments,

— ICT product security evaluation and certification schemes (e.g. CC/SOGIS-schemes, EMVCo, FIDO) and related standards,

— ISMS evaluation and certification based on the ISO/IEC 27000 series of standards,

— definition and implementation of evaluation and certification schemes,

— generation of protection profiles, security targets,

— enabling and managing evaluation labs, quality assurance processes for evaluation labs,

— validation of evaluation results and issuing certificates,

— collecting stakeholders’ requirements, aggregating and documenting different opinions and viewpoints,

— generating technical documentation.

Various specific contracts based on the annual ENISA Work Programme will be launched periodically to the successful framework contractors based on the ‘Reopening of Competition’ procedure. Depending on the needs of the contracting authority and budget availability, this overall budget could be increased by up to 50 % by using a ‘negotiated procedure without prior publication of a contract notice’.

II.2.5)Award criteria
Price is not the only award criterion and all criteria are stated only in the procurement documents
II.2.6)Estimated value
Value excluding VAT: 800 000.00 EUR
II.2.7)Duration of the contract, framework agreement or dynamic purchasing system
Duration in months: 12
This contract is subject to renewal: yes
Description of renewals:

The ensuing framework contracts will be for an initial 12-month period, renewable on a yearly basis up to a maximum of 4 years.

II.2.10)Information about variants
Variants will be accepted: no
II.2.11)Information about options
Options: no
II.2.13)Information about European Union funds
The procurement is related to a project and/or programme financed by European Union funds: no
II.2.14)Additional information

Section III: Legal, economic, financial and technical information

III.1)Conditions for participation
III.1.1)Suitability to pursue the professional activity, including requirements relating to enrolment on professional or trade registers
List and brief description of conditions:

As stated in the procurement documents.

III.1.2)Economic and financial standing
Selection criteria as stated in the procurement documents
III.1.3)Technical and professional ability
Selection criteria as stated in the procurement documents
III.2)Conditions related to the contract
III.2.3)Information about staff responsible for the performance of the contract
Obligation to indicate the names and professional qualifications of the staff assigned to performing the contract

Section IV: Procedure

IV.1.1)Type of procedure
Open procedure
IV.1.3)Information about a framework agreement or a dynamic purchasing system
The procurement involves the establishment of a framework agreement
Framework agreement with several operators
IV.1.8)Information about the Government Procurement Agreement (GPA)
The procurement is covered by the Government Procurement Agreement: no
IV.2)Administrative information
IV.2.2)Time limit for receipt of tenders or requests to participate
Date: 05/03/2020
Local time: 18:00
IV.2.3)Estimated date of dispatch of invitations to tender or to participate to selected candidates
IV.2.4)Languages in which tenders or requests to participate may be submitted:
IV.2.6)Minimum time frame during which the tenderer must maintain the tender
Duration in months: 3 (from the date stated for receipt of tender)
IV.2.7)Conditions for opening of tenders
Date: 06/03/2020
Local time: 11:30

ENISA Athens office, Vasilissis Sofias Street 1, 151 24 Maroussi, Attiki, GREECE.

Information about authorised persons and opening procedure:

A maximum of 1 legal representative per participating tenderer may attend the opening session. Tenderers shall inform the Agency in writing of their intention to attend by email to ‘’ at least 2 working days prior to the opening session. Failing that, the contracting authority reserves the right to refuse access to its premises.

Section VI: Complementary information

VI.1)Information about recurrence
This is a recurrent procurement: no
VI.2)Information about electronic workflows
Electronic invoicing will be accepted
Electronic payment will be used
VI.3)Additional information:
VI.4)Procedures for review
VI.4.1)Review body
Official name: Court of Justice of the European Union
Postal address: boulevard Konrad Adenauer, Kirchberg
Town: Luxembourg
Postal code: 2925
Country: Luxembourg
Telephone: +352 4303-1
Fax: +352 4303-2600
VI.4.2)Body responsible for mediation procedures
Official name: The European Ombudsman
Postal address: 1 avenue du Président Robert Schuman, PO Box 403
Town: Strasbourg
Postal code: 67001
Country: France
Telephone: +33 388172313
Fax: +33 388179062
VI.5)Date of dispatch of this notice: