Services - 448169-2018

13/10/2018    S198    Services - Prior information notice without call for competition - Not applicable 

United Kingdom-London: Computer audit and testing services

2018/S 198-448169

Prior information notice

This notice is for prior information only


Legal Basis:

Directive 2014/24/EU

Section I: Contracting authority

I.1)Name and addresses
Official name: Transport for London
Postal address: 14 Pier Walk
Town: London
NUTS code: UK
Postal code: SE10 0ES
Country: United Kingdom
Contact person: Calum Pinder

Internet address(es):

Main address:

Address of the buyer profile:

I.2)Information about joint procurement
Additional information can be obtained from the abovementioned address
I.4)Type of the contracting authority
Regional or local authority
I.5)Main activity
General public services

Section II: Object

II.1)Scope of the procurement

Security Testing Framework

Reference number: DN369154
II.1.2)Main CPV code
II.1.3)Type of contract
II.1.4)Short description:

Transport for London (TfL) as the Authority intends to put in place a Pan TfL Agreement for the provision of Penetration testing and IT health check services to be utilised by all companies and subsidiaries of the TfL Group.

II.1.5)Estimated total value
II.1.6)Information about lots
This contract is divided into lots: no
II.2.2)Additional CPV code(s)
II.2.3)Place of performance
NUTS code: UK
II.2.4)Description of the procurement:

Due to the nature of the TfL organisation there are varying requirements for various business units and as such penetration testing can be split into distinct areas. These engagements can be via, large contracts with single providers or smaller contracts with companies engaged through project activity.

In many cases the TfL Cyber Security and Incident Response Team (CSIRT) are engaged late within the lifecycle of a project which requires a penetration test. When CSIRT are engaged after the application/system has gone live or been procured, and there has not been an independent penetration test, the project cannot go-live therefore delaying the project.

Issues are also encountered when projects engage companies without determining the scope/methodology to address specific risks to TfL. This lack of scoping potentially leads to a lower quality service provided to TfL, delaying the overall project and increasing the overall project cost due to re testing/independent verification being required.

TfL therefore wishes to create a framework to address many of these issues and is interested in gathering insight from the market on a number of key points relating to frameworks of this nature.

TfL will host a series of market engagement events to be held no later than November 2018 at which participating organisations will be engaged to elaborate upon their thinking.

To participate in the market engagement events please submit a response document to the Pro Contract site by 2.11.2018. The heading of the document should be “[COMPANYNAME]_Security Testing”.

Please include the following details:

— organisation name,

— contact name,

— job title of contact (including their responsibility within your organisation),

— contact phone number,

— contact email,

— organisation website link.

Based on the criteria outlined above and at your discretion, we propose that you include a summary (1 000 words or fewer) within your response document outlining how you could potentially meet some or all of these initial requirements by 2.11.2018.

II.2.14)Additional information
II.3)Estimated date of publication of contract notice:

Section IV: Procedure

IV.1.8)Information about the Government Procurement Agreement (GPA)
The procurement is covered by the Government Procurement Agreement: yes

Section VI: Complementary information

VI.3)Additional information:

The Contracting Authority is a complex organisation operating both as a Functional Body of the Greater London Authority (GLA) under the direction of the Mayor of London and as a provider of transport services. Any part of the Contracting Authority and/or any of its subsidiaries may award contracts as appropriate.

The Contracting Authority shall not be liable for any costs or expenses incurred by any Economic Operators in considering and/or responding to the procurement process. Tenders and supporting documents must be priced in sterling and all payments made under the contracts will be in sterling.

The Contracting Authority strongly supports and implements the Greater London Authority Group Responsible Procurement Policy:

The date in II.3) is the estimated date of publication and may change at the sole discretion of the authority at any time.

VI.5)Date of dispatch of this notice: