Check out our COVID-19 dedicated page for tenders related to medical equipment needs.

The Conference on the Future of Europe is your chance to share your ideas and shape the future of Europe. Make your voice heard!

Services - 287252-2021

Submission deadline has been amended by:  344362-2021
08/06/2021    S109

România-Bucureşti: Servicii de testări informatice

2021/S 109-287252

Anunț de participare

Servicii

Temei juridic:
Directiva 2014/24/UE

Secțiunea I: Autoritatea contractantă

I.1)Denumire şi adrese
Denumire oficială: Banca Națională a României
Număr naţional de înregistrare: R 361684
Adresă: Str. Doamnei nr. 8
Localitate: Bucureşti
Cod NUTS: RO321 Bucureşti
Cod poștal: 030051
Țară: România
Persoană de contact: Petre Tudor
E-mail: elena.ionescu@bnro.ro
Telefon: +40 311323253
Fax: +40 213110162
Adresă (adrese) internet:
Adresa principală: www.bnr.ro
Adresa profilului cumpărătorului: www.e-licitatie.ro
I.3)Comunicare
Documentele de achiziţii publice sunt disponibile pentru acces direct, nerestricţionat, complet si gratuit la: https://e-licitatie.ro/pub/notices/c-notice/v2/view/100121579
Informaţii suplimentare pot fi obţinute de la adresa menţionată mai sus
Ofertele sau cererile de participare trebuie depuse la adresa menţionată mai sus
I.4)Tipul autorității contractante
Alt tip: Bancă
I.5)Activitate principală
Altă activitate: Politică monetară

Secțiunea II: Obiect

II.1)Obiectul achiziţiei
II.1.1)Titlu:

Achiziție comună/Joint Procurement: teste de penetrare infrastructură informatică/Supply of IT Security Assessment Services: Penetration Testing/IT Security Assessment Services according to the TIBER-EU framework

Număr de referinţă: 361684_2021_M10
II.1.2)Cod CPV principal
72820000 Servicii de testări informatice
II.1.3)Tipul contractului
Servicii
II.1.4)Descriere succintă:

The contract implies a joint procurement.

The contracting authority is purchasing also on behalf of other contracting authorities.

The participating institutions are:

Banca d'Italia, Via Nazionale 91, Roma, IT 00184, Italy

Banco de España, Calle Alcalá, 48, 28014, Spain

Banque centrale du Luxembourg, 2, boulevard Royal, L-2983 Luxembourg

Central Bank of Cyprus, 80 Kennedy Avenue, Nicosia, CY-1076, CYPRUS

Central Bank of Ireland, New Wapping Street, North Wall Quay, Dublin 1, Ireland

Central Bank of Malta, Castille Place, Valletta, VLT1060, Malta

European Central Bank, Sonnemannstrasse 20, Frankfurt am Main,60314, Germany

Oesterreichische Nationalbank, Otto-Wagner-Platz 3, Wien, 1090, Austria

Malta Financial Services Authority, Triq l-Imdina, Zone 1, Central Business District, Birkirkara, Malta

Other institutions, having the right to participate in EPCO’s activities (according to Decision ECB/2008/17 as amended), which did not express an interest in this procedure before the publication of the contract notice in the OJEU will also have the possibility to join the Framework Agreements - if they wish so - before its expiry. The identity of EPCO members may be consulted on EPCO's website: https://epco.lu/.

The objective of the current joint tender procedure is to contract the services for identifying the cybersecurity risks and for guidance to take appropriate technical and organizational measures to minimize those risks within current and future EPCO members of the ESCB.

To cover a wider scope, according to the testing methodology, the National Bank of Romania identified three lots for the joint tender procedure:

• Lot no. 1 - IT Security Assessment Services in line with the latest Regular Penetration Testing Execution Standards;

IT Security Assessment Services according to the TIBER-EU framework:

• Lot no. 2 - Targeted Threat Intelligence Services;

• Lot no. 3 - Red team IT Security Services.

Each lot will result in a framework agreement with the following characteristics: multi-supplier framework agreement (max 5), with reopening the competition. For all Participating Institutions, except NBR, this Framework Agreement shall be non-exclusive, meaning that these Participating Institutions will not have obligation to award assignments to the Contractor according to this Framework Agreement for the purchase of IT Security Assessment Services with the Contractor. For NBR this Framework Agreement shall be exclusive, meaning that during the term of this Framework Agreement NBR will have the obligation to fulfill its needs for IT Security Assessment Services through this Framework Agreement by concluding Further Agreements with the Contractors.

All current and future EPCO member central banks are together potential beneficiaries of the Framework Agreements, which the Participating Institutions will implement via reopening of the competition (mini-competition) among the Contractors. Each Participating Institution shall be entitled to describe its specific needs regarding the IT Security Assessment Services (the IT infrastructure that needs to be tested), apply its own offers evaluation methodology, and quality/price weighting within the terms of the Framework Agreement to assign the Further Agreements.

Deadline for requesting clarifications to the award documentation: 16 days before the deadline for submission of offers

Date of response to all requests for clarification: 11 days before the deadline for submission of offers

II.1.5)Valoarea totală estimată
Valoare fără TVA: 600 000.00 EUR
II.1.6)Informații privind loturile
Contractul este împărțit în loturi: da
Pot fi depuse oferte pentru un singur lot
Numărul maxim de loturi care pot fi atribuite unui singur ofertant: 3
Autoritatea contractantă îşi rezervă dreptul de a atribui contracte prin combinarea următoarelor loturi sau grupuri de loturi:

According to the requested manner of preparing and presenting the tenders, the tenderers can submit their tenders for one or all lots.

Regarding the estimated volume in the case of participating institutions, EPCO members, the following information will be taken into account:

• interested Institutions in using the framework agreements from the beginning: Banco de Espana, Banque Centrale du Luxembourg, Central Bank of Cyprus, Central Bank of Ireland, Central Bank of Malta, Oesterreichische Nationalbank, European Central Bank, Banca d'Italia, Malta Financial Services Authority.

• The total estimated volume based on the information provided by the institutions listed above, for all lots, for a period of 4 years: 2,975,636 EURO

• The total real value of the further agreements could increase considerably considering that any other EPCO participating institution (https://epco.lu/) has the right to access the framework agreements that will result from this joint procurement.

II.2)Descriere
II.2.1)Titlu:

Red team IT Security Services

Lot nr.: 3
II.2.2)Cod(uri) CPV suplimentar(e)
72820000 Servicii de testări informatice
II.2.3)Locul de executare
Cod NUTS: RO321 Bucureşti
Locul principal de executare:

NBR Headquarters,

The headquarters of the participating institutions

II.2.4)Descrierea achiziţiei publice:

The IT infrastructure of the NBR (as well as that of the other participating institutions), as it is implemented at the time of the tests, available to both internal and external customers is within the purpose of these tests. The IT infrastructure contains the components required to operate and manage the IT environments.

These components include hardware, software, networking components, an operating system (OS), and data storage, all of which are used to deliver IT services and solutions.

The main objective is to identify the Participating Institution's cybersecurity risks and to take appropriate technical and organizational measures to minimize/mitigate those risks.

More granular objectives are defined as follows:

— Identify the external exposure in terms of surface attack and determine if the implemented security controls ensure appropriate protection against malicious actors,

— Measure the level of responsiveness and capability to identify and react against a cyber-attack targeted to the weakness points,

— Determine if the security policy and controls implemented within the internal IT infrastructure are strong enough to be able to identify an ongoing cyber-attack and to take measures to stop it,

— Measure the effectiveness of the security awareness program by testing the user’s reaction to a social engineering cyber-attack,

— Determine if the sensitive data is well protected against bad actors,

— Being compliant with the regulatory requirements in terms of ensuring that the IT infrastructure offers a certain level of security protection.

From the point of view of the TIBER - EU methodology:

The tests will provide an overview of the existing vulnerabilities in employees, business processes, associated technology (applications and infrastructure) and will provide a detailed threat assessment that can be used to raise awareness of the current situation and the measures to be taken to address it, improve the situation and reduce the associated risks. These tests performed on the basis of the "Red / Blue / White Team" concept are an extended form of the classic concept of penetration testing which usually provides a detailed and useful assessment of technical and configuration vulnerabilities. In the end, the tests will follow a complete scenario for a targeted attack against the entire entity.

II.2.5)Criterii de atribuire
Criteriile de mai jos
Criteriu privind calitatea - Nume: Evaluation subfactor name: 1. Qualification and professional experience of the staff designated for the performance of the contract (proposed key experts) for carrying out the activities under the Contract 2. The degree of knowledge and understanding of the object of the contract 3. Planning specific tasks 4. Quality assurance plan 5. The degree of adequacy of the implementation plan / Pondere: 60
Prețul - Pondere: 40
II.2.6)Valoarea estimată
Valoare fără TVA: 200 000.00 EUR
II.2.7)Durata contractului, a acordului-cadru sau a sistemului dinamic de achiziții
Durata în luni: 48
Contractul se reînnoiește: nu
II.2.10)Informații privind variantele
Vor fi acceptate variante: nu
II.2.11)Informații privind opțiunile
Opțiuni: nu
II.2.13)Informații despre fondurile Uniunii Europene
Achiziţia se referă la un proiect şi/sau program finanţat din fonduri ale Uniunii Europene: nu
II.2.14)Informații suplimentare

Regarding the estimated volume in the case of participating institutions, EPCO members, the following information will be taken into account:

• interested Institutions in using the framework agreements from the beginning: Banco de Espana, Banque Centrale du Luxembourg, Central Bank of Cyprus, Central Bank of Ireland, Central Bank of Malta, Oesterreichische National... detalii pe www.e-licitatie.ro

II.2)Descriere
II.2.1)Titlu:

IT Security Assessment Services in line with the latest Regular Penetration Testing Execution Standards

Lot nr.: 1
II.2.2)Cod(uri) CPV suplimentar(e)
72820000 Servicii de testări informatice
II.2.3)Locul de executare
Cod NUTS: RO321 Bucureşti
Locul principal de executare:

NBR Headquarters,

The headquarters of the participating institutions

II.2.4)Descrierea achiziţiei publice:

The IT infrastructure of the NBR (as well as that of the other participating institutions), as it is implemented at the time of the tests, available to both internal and external customers is within the purpose of these tests. The IT infrastructure contains the components required to operate and manage the IT environments.

These components include hardware, software, networking components, an operating system (OS), and data storage, all of which are used to deliver IT services and solutions.

The main objective is to identify the Participating Institution's cybersecurity risks and to take appropriate technical and organizational measures to minimize/mitigate those risks.

More granular objectives are defined as follows:

— Identify the external exposure in terms of surface attack and determine if the implemented security controls ensure appropriate protection against malicious actors,

— Measure the level of responsiveness and capability to identify and react against a cyber-attack targeted to the weakness points,

— Determine if the security policy and controls implemented within the internal IT infrastructure are strong enough to be able to identify an ongoing cyber-attack and to take measures to stop it,

— Measure the effectiveness of the security awareness program by testing the user’s reaction to a social engineering cyber-attack,

— Determine if the sensitive data is well protected against bad actors,

— Being compliant with the regulatory requirements in terms of ensuring that the IT infrastructure offers a certain level of security protection.

Penetration tests are performed usually by following the stages defined below:

• Pre-engagement Interactions;

• Intelligence Gathering and Threat Modelling;

• Vulnerability Identification and Analysis;

• Exploitation;

• Post Exploitation;

• Reporting.

II.2.5)Criterii de atribuire
Criteriile de mai jos
Criteriu privind calitatea - Nume: Evaluation subfactor name: 1. Qualification and professional experience of the staff designated for the performance of the contract (proposed key experts) for carrying out the activities under the Contract 2. The degree of knowledge and understanding of the object of the contract 3. Planning specific tasks 4. Quality assurance plan 5. The degree of adequacy of the implementation plan / Pondere: 60
Prețul - Pondere: 40
II.2.6)Valoarea estimată
Valoare fără TVA: 200 000.00 EUR
II.2.7)Durata contractului, a acordului-cadru sau a sistemului dinamic de achiziții
Durata în luni: 48
Contractul se reînnoiește: nu
II.2.10)Informații privind variantele
Vor fi acceptate variante: nu
II.2.11)Informații privind opțiunile
Opțiuni: nu
II.2.13)Informații despre fondurile Uniunii Europene
Achiziţia se referă la un proiect şi/sau program finanţat din fonduri ale Uniunii Europene: nu
II.2.14)Informații suplimentare

Regarding the estimated volume in the case of participating institutions, EPCO members, the following information will be taken into account:

• interested Institutions in using the framework agreements from the beginning: Banco de Espana, Banque Centrale du Luxembourg, Central Bank of Cyprus, Central Bank of Ireland, Central Bank of Malta, Oesterreichische National... detalii pe www.e-licitatie.ro

II.2)Descriere
II.2.1)Titlu:

Targeted Threat Intelligence Services

Lot nr.: 2
II.2.2)Cod(uri) CPV suplimentar(e)
72820000 Servicii de testări informatice
II.2.3)Locul de executare
Cod NUTS: RO321 Bucureşti
Locul principal de executare:

NBR Headquarters,

The headquarters of the participating institutions

II.2.4)Descrierea achiziţiei publice:

The IT infrastructure of the NBR (as well as that of the other participating institutions), as it is implemented at the time of the tests, available to both internal and external customers is within the purpose of these tests. The IT infrastructure contains the components required to operate and manage the IT environments.

These components include hardware, software, networking components, an operating system (OS), and data storage, all of which are used to deliver IT services and solutions.

The main objective is to identify the Participating Institution's cybersecurity risks and to take appropriate technical and organizational measures to minimize/mitigate those risks.

More granular objectives are defined as follows:

— Identify the external exposure in terms of surface attack and determine if the implemented security controls ensure appropriate protection against malicious actors,

— Measure the level of responsiveness and capability to identify and react against a cyber-attack targeted to the weakness points,

— Determine if the security policy and controls implemented within the internal IT infrastructure are strong enough to be able to identify an ongoing cyber-attack and to take measures to stop it,

— Measure the effectiveness of the security awareness program by testing the user’s reaction to a social engineering cyber-attack,

— Determine if the sensitive data is well protected against bad actors,

— Being compliant with the regulatory requirements in terms of ensuring that the IT infrastructure offers a certain level of security protection.

From the point of view of the TIBER - EU methodology:

The tests will provide an overview of the existing vulnerabilities in employees, business processes, associated technology (applications and infrastructure) and will provide a detailed threat assessment that can be used to raise awareness of the current situation and the measures to be taken to address it, improve the situation and reduce the associated risks. These tests performed on the basis of the "Red / Blue / White Team" concept are an extended form of the classic concept of penetration testing which usually provides a detailed and useful assessment of technical and configuration vulnerabilities. In the end, the tests will follow a complete scenario for a targeted attack against the entire entity.

II.2.5)Criterii de atribuire
Criteriile de mai jos
Criteriu privind calitatea - Nume: Evaluation subfactor name: 1. Qualification and professional experience of the staff designated for the performance of the contract (proposed key experts) for carrying out the activities under Contract 2. The degree of knowledge and understanding of the object of the contract 3. Planning specific tasks 4. Quality assurance plan 5. The degree of adequacy of the implementation plan / Pondere: 60
Prețul - Pondere: 40
II.2.6)Valoarea estimată
Valoare fără TVA: 200 000.00 EUR
II.2.7)Durata contractului, a acordului-cadru sau a sistemului dinamic de achiziții
Durata în luni: 48
Contractul se reînnoiește: nu
II.2.10)Informații privind variantele
Vor fi acceptate variante: nu
II.2.11)Informații privind opțiunile
Opțiuni: nu
II.2.13)Informații despre fondurile Uniunii Europene
Achiziţia se referă la un proiect şi/sau program finanţat din fonduri ale Uniunii Europene: nu
II.2.14)Informații suplimentare

Regarding the estimated volume in the case of participating institutions, EPCO members, the following information will be taken into account:

• interested Institutions in using the framework agreements from the beginning: Banco de Espana, Banque Centrale du Luxembourg, Central Bank of Cyprus, Central Bank of Ireland, Central Bank of Malta, Oesterreichische National... detalii pe www.e-licitatie.ro

Secțiunea III: Informații juridice, economice, financiare și tehnice

III.1)Condiții de participare
III.1.1)Capacitatea de exercitare a activităţii profesionale, inclusiv cerinţele privind înscrierea în registrele profesionale sau comerciale
Listă şi descriere succintă a condiţiilor:

The DUAE completed with reference data / information in relation to the provisions of art. 164 of Law no. 98/2016.

DUAE will be presented for each entity participating in the award procedure, respectively Tenderer, associate, subcontractor or third party supporter.

The supporting documents proving the fulfillment of those assumed by completing the DUAE are to be presented at the contracting authority's request, only by the Tenderers ranked on the first 5 places in the intermediate ranking drawn up at the end of the evaluation of the tenders. Documents that may be requested:

— criminal record for the Tenderer and for the persons who are members of the administrative, management or supervisory body of the respective Tenderer or have the power of representation, decision or control within it, as it results from the ascertaining certificate issued by ONRC / act constitutive.

For foreign tenderers, any document considered edifying in the country of origin or in the country where it is established is accepted, such as declarations on their own responsibility, certificates, criminal records or other equivalent documents issued by the competent authorities of that country, accompanied by an authorized translation. in Romanian.

Requirement no. 2

Reasons related to the payment of taxes and social security contributions

The manner of fulfillment and the applicability within the procedure

The DUAE completed with reference data / information in relation to the provisions of art. 165 of Law no. 98/2016.

DUAE will be presented for each entity participating in the award procedure, respectively tenderer, associate, subcontractor, or third party supporter.

The supporting documents proving the fulfillment of those assumed by completing the DUAE are to be presented at the contracting authority's request, only by the Tenderers ranked on the first 5 places in the intermediate ranking drawn up at the end of the evaluation of the tenders. Documents that may be requested:

— fiscal attestation certificates regarding the payment of taxes, fees or contributions to the general consolidated budget, etc. so as to show the lack of outstanding debts at the date of presentation of the documents,

— documents proving that the economic operator can benefit from the derogations provided in art. 166 para. (2), art. 167 para. (2), art. 171 of Law no. 98/2016 (if applicable).

For foreign Tenderers, any document considered edifying in the country of origin or in the country where it is established is accepted, such as declarations on their own responsibility, certificates, criminal records or other equivalent documents issued by the competent authorities of that country, accompanied by an authorized translation. in Romanian.

Requirement no. 3

Reasons related to insolvency, conflicts of interest or professional misconduct.

The manner of fulfillment and the applicability within the procedure

The DUAE (Part III - Reasons for exclusion) completed with reference data / information in relation to the provisions of art. 167 of Law no. 98/2016. DUAE will be presented for each entity participating in the award procedure, respectively tenderer, associate, subcontractor or third party supporter.

The supporting documents proving the fulfillment of those assumed by completing the DUAE are to be presented, at the request of the contracting authority, only by the Tenderers ranked on the first 5 places in the intermediate ranking drawn up at the end of the evaluation of the tenders:

— for the Romanian economic operator - ascertaining certificate issued by the Trade Register Office attached to the competent territorial Tribunal.

From the ascertaining certificate / register extract presented it must result:

a) the condition of the tenderer;

b) the persons representing the tenderer in the relationship with third parties.

The information contained in this document must be real / current at the date of submission.

Itcano prove the capacity to exercise the professional activity by presenting the ascertaining certificate issued by ONRC in electronic form, signed with the extended electronic signature.

— for a foreign economic operator: the tenderer will present edifying documents, translated into Romanian by an authorized translator, real / current at the date of presentation, proving a form of registration as a natural / legal person or registration / attestation or belonging from the point from a professional point of view and in which to mention the persons representing the entity in relations with third parties, in accordance with the legal provisions of the country in which the Tenderer is resident. Also, the submitted documents must include information on the status of the Tenderer.

NOTE: The supporting documents will be presented for each entity participating in the award procedure, respectively tenderer, associate, subcontractor or third party supporter.

The persons with decision-making positions within the contracting authority, regarding the organization, development and completion of the award procedure are:

National Bank of Romania Board of Directors:

• Governor - Mugur Isarescu

• First Deputy Governor - Florin Georgescu

• Deputy Governor - Eugen Nicolaescu

• Deputy Governor - Leonardo Badea

• Member - Csaba Bálint

• Member - Cristian Popa

• Member - Dan Radu Rușanu

• Member - Gheorghe Gherghina

• Member - Virgiliu Stoenescu

Management of the Procurement Department

• Gabriela Preda - Director

• Petre Augustin Dutu - Deputy Director

Management of the Budget and Financial Analysis Department

• Ion Paduraru - Director

• Gabriela Latea - Deputy Director

Management of the Accounting Department

• Iulia Stanciu - Director

• Daniela Ilie - Deputy Director

Management of the Legal Department

• Alexandru Paunescu - Director

Management of the IT Services Department

• Ovidiu Dragomir - Director

• Tiberiu Parvulescu - Deputy Director

Information and formalities necessary for evaluating if the requirements are met:

Information regarding the capacity to exercise the professional activity

The manner of fulfillment and the applicability within the procedure

The DUAE (Part IV A - Ability to comply with the requirements) supplemented with reference data / information in relation to the provisions of art. 173 of Law no. 98/2016.

The supporting documents proving the fulfillment of those assumed by completing the DUAE are to be presented, at the request of the contracting authority, only by the Tenderers ranked on the first 5 places in the intermediate ranking drawn up at the end of the evaluation of the tenders:

— for the Romanian economic operator - ascertaining certificate issued by the Trade Register Office attached to the competent territorial Tribunal.

From the ascertaining certificate / register extract presented it must result:

a) the main activity object and the secondary activity objects. The object of the contract must have a correspondent in the CAEN code from the Finding Certificate issued by ONRC

b) the legal situation of the Tenderer and his condition;

c) the persons representing the bidder in the relationship with third parties.

The information contained in this document must be real / current at the date of submission.

It can prove the capacity to exercise the professional activity by presenting the ascertaining certificate issued by ONRC in electronic form, signed with the extended electronic signature.

— for a foreign economic operator: the tenderer will present edifying documents, translated into Romanian by an authorized translator, real / current at the date of presentation, proving a form of registration as a natural / legal person or registration / attestation or belonging from the point professionally and in which to mention the persons representing the entity in relations with third parties, in accordance with the legal provisions of the country in which the bidder is resident. Also, the submitted documents must contain information on the status of the bidder.

NOTE: The supporting documents will be presented for each entity participating in the award procedure, respectively tenderer, associate, subcontractor or third party supporter.

III.1.2)Situația economică și financiară
Criteriile de selecţie enunţate în documentele achiziţiei
III.1.3)Capacitatea tehnică şi profesională
Listă şi descriere succintă a criteriilor de selecţie:

Loturile: 1,2,3 For service contracts: performance of services of the specified type For each lot, the Tenderers will fill in the DUAE the following information: Lot 1: List of the main services performed during a period covering a maximum of 3 years, calculated from the deadline set for the submission of tenders, indicating the values, data, and public or private beneficiaries, certifying that the tenderer has provided services similar within a maximum of 3 contracts with object “Penetration test”, whose cumulative value to be at least equal to 494,000 RON without VAT (or equivalent to EUR at a rate of 4.94 Lei / EUR). Lot 2: List of the main services performed during a period covering a maximum of 3 years, calculated from the deadline set for the submission of tenders, indicating the values, data, and public or private beneficiaries, certifying that the tenderer has provided services similar within a maximum of 3 contracts with object “Threat intelligence-led red team tests”, whose cumulative value to be at least equal to 494,000 RON without VAT (or equivalent to EUR at a rate of 4.94 Lei / EUR). Lot 3: List of the main services performed during a period covering a maximum of 3 years, calculated from the deadline set for the submission of tenders, indicating the values, data, and public or private beneficiaries, certifying that the tenderer has provided services similar within a maximum of 3 contracts with object “Threat intelligence-led red team tests”, whose cumulative value to be at least equal to 494,000 RON without VAT (or equivalent to EUR at a rate of 4.94 Lei / EUR).

Loturile: 1,2,3 Subcontracting proportion The tenderer must specify the part (s) of the contract which he intends to subcontract, the percentage of the contract corresponding to the activities to be carried out by the subcontractor, for each subcontractor, and the identification data of the subcontractors (at least name, legal form of organization and unique registration code).

Nivel(uri) minim(e) al(e) standardelor care ar putea fi impuse:

The proving documents regarding the fulfillment of the qualification criteria will be requested, respectively the presentation of certificates / documents / recommendations / minutes of reception (dated and signed by the beneficiary) confirming the provision of similar requested services, in the indicated period, as well as any other documents. considered relevant in proving the fulfillment of the requirement by the economic operator.

The DUAE Form will be completed with the reference data / information in relation to the provisions of art. 179 lit. k) of Law no. 98/2016. If tenderers subcontract parts of the contract, they shall submit with DUAE, the subcontracting agreement showing at least the information on the subcontractor and the identification data, the part (s) of the contract to be performed by the subcontractor and the actual manner whereby the subcontractor ensures the fulfillment of the assumed obligations. Tenderers are requested to indicate in their tenders the subcontractor / local subsidiary or other entity that could carry out the IT Security Assessment Services (current batch), for each participating institution that could adhere to the framework agreement. Tenderers will not have the right to introduce new subcontractors except with the agreement of the NBR, by presenting the contracts concluded between the contractor and the subcontractor / subcontractors, so that the activities and amounts / percentages related to services are included in the Framework Agreement. The introduction of a subcontractor must not lead to a change in the initial technical or financial proposal. In the case of subcontracting, the contractor will remain obliged to comply with its obligations towards the NBR and the participating Institutions under the framework agreement and will assume sole responsibility for the proper execution of the framework agreement. If it uses subcontractors / affiliates, the contractor guarantees that the subcontractors / affiliates are highly qualified and that the subcontractor / affiliate must provide services to the participating institutions at a very high quality level.

Secțiunea IV: Procedură

IV.1)Descriere
IV.1.1)Tipul procedurii
Procedură deschisă
IV.1.3)Informaţii privind un acord-cadru sau un sistem dinamic de achiziţii
Achiziţia implică încheierea unui acord-cadru
Acord-cadru cu mai mulți operatori economici
Numărul maxim preconizat de participanţi la acordul-cadru: 5
IV.1.8)Informații despre Acordul privind achizițiile publice (AAP)
Achiziţia intră sub incidenţa Acordului privind achiziţiile publice: nu
IV.2)Informații administrative
IV.2.2)Termen limită pentru primirea ofertelor sau a cererilor de participare
Data: 12/07/2021
Ora locală: 15:00
IV.2.3)Data estimată a expedierii invitațiilor de prezentare a ofertelor sau de participare către candidații selectați
IV.2.4)Limbile în care pot fi depuse ofertele sau cererile de participare:
Engleză
IV.2.6)Perioada minimă pe parcursul căreia ofertantul trebuie să își mențină oferta
Oferta trebuie să fie valabilă până la: 12/10/2021
IV.2.7)Condiții de deschidere a ofertelor
Data: 12/07/2021
Ora locală: 15:00
Locul:

In SEAP

Secțiunea VI: Informații complementare

VI.1)Informații privind periodicitatea
Această achiziție este periodică: nu
VI.3)Informații suplimentare:

If it is found that there are two or more tenders, with equal scores, ranked in one of the first five places, in order to decide the first five winners, the contracting authority will request through SEAP new price tenders, in which case the framework agreement will be awarded to the tenderers whose new financial proposals have the lowest price.

Requests for clarifications will be addressed in English, through SEAP, in the "Questions" section of the award procedure carried out by electronic means and the answers to them will be published in English, in SEAP in the Section "Documentation, clarifications and decisions" from the participation announcement. In order to send the requests for clarifications, the economic operators must register in the S.E.A.P. (www.e-licitatie.ro).

The evaluation commission will send the requests for clarification regarding the offer, in English, by using the technical facilities available in SEAP (“Questions” Section). The economic operators will send the answers to the clarifications and the eventual documents requested during the evaluation of the offers, through SEAP (“Questions” Section), entirely in the section corresponding to the respective request, in electronic format, in the form of one or more distinct documents / files signed with electronic signature according to the provisions of Law no. 455/2001 regarding the electronic signature.

All documents / documents related to the award procedure, submitted by the tenderers (offer, qualification documents, requests for clarifications, answers to requests for clarifications) will be written in English or will be presented accompanied by the authorized translation into English.

VI.4)Proceduri de contestare
VI.4.1)Organismul de soluţionare a contestaţiilor
Denumire oficială: Consiliul Național de Soluționare a Contestațiilor
Adresă: Str. Stavropoleos nr. 6, sector 3
Localitate: Bucureşti
Cod poștal: 030084
Țară: România
E-mail: office@cnsc.ro
Telefon: +40 213104641
Fax: +40 213104642 / +40 218900745
Adresă internet: http://www.cnsc.ro
VI.5)Data expedierii prezentului anunț:
03/06/2021