United Kingdom-London: Computer audit and testing services
Prior information notice
This notice is for prior information only
Section I: Contracting authority
Main address: https://tfl.gov.uk
Address of the buyer profile: https://tfl.gov.uk
Section II: Object
Security Testing Framework
Transport for London (TfL) as the Authority intends to put in place a Pan TfL Agreement for the provision of Penetration testing and IT health check services to be utilised by all companies and subsidiaries of the TfL Group.
Due to the nature of the TfL organisation there are varying requirements for various business units and as such penetration testing can be split into distinct areas. These engagements can be via, large contracts with single providers or smaller contracts with companies engaged through project activity.
In many cases the TfL Cyber Security and Incident Response Team (CSIRT) are engaged late within the lifecycle of a project which requires a penetration test. When CSIRT are engaged after the application/system has gone live or been procured, and there has not been an independent penetration test, the project cannot go-live therefore delaying the project.
Issues are also encountered when projects engage companies without determining the scope/methodology to address specific risks to TfL. This lack of scoping potentially leads to a lower quality service provided to TfL, delaying the overall project and increasing the overall project cost due to re testing/independent verification being required.
TfL therefore wishes to create a framework to address many of these issues and is interested in gathering insight from the market on a number of key points relating to frameworks of this nature.
TfL will host a series of market engagement events to be held no later than November 2018 at which participating organisations will be engaged to elaborate upon their thinking.
To participate in the market engagement events please submit a response document to the Pro Contract site by 2.11.2018. The heading of the document should be “[COMPANYNAME]_Security Testing”.
Please include the following details:
— organisation name,
— contact name,
— job title of contact (including their responsibility within your organisation),
— contact phone number,
— contact email,
— organisation website link.
Based on the criteria outlined above and at your discretion, we propose that you include a summary (1 000 words or fewer) within your response document outlining how you could potentially meet some or all of these initial requirements by 2.11.2018.
Section IV: Procedure
Section VI: Complementary information
The Contracting Authority is a complex organisation operating both as a Functional Body of the Greater London Authority (GLA) under the direction of the Mayor of London and as a provider of transport services. Any part of the Contracting Authority and/or any of its subsidiaries may award contracts as appropriate.
The Contracting Authority shall not be liable for any costs or expenses incurred by any Economic Operators in considering and/or responding to the procurement process. Tenders and supporting documents must be priced in sterling and all payments made under the contracts will be in sterling.
The Contracting Authority strongly supports and implements the Greater London Authority Group Responsible Procurement Policy: www.london.gov.uk/priorities/business-economy/vision-and-strategy/focus-areas/responsible-procurement.
The date in II.3) is the estimated date of publication and may change at the sole discretion of the authority at any time.