Pan Government Framework – Further Competition
Title
Framework Reference & Lot number
National College Contract Manager
EF620-3-Security testing of National College ICT systems
hosted by BT Global Services
RM591/L4.2
Neill Beard
Supplier notice
Please note that responses to this Further Competition need to be made electronically
through REDIMO by completing evaluation sections and questions. Further guidance on
this process can be found by clicking here.
SECTION 1 :Tendering
Requirements
Background
The National College uses BT Global Services to provide IT system hosting and application support\development for
its customer\member facing IT systems. As a UK Government organisation the College must comply with the
requirements in a document called the Security Policy Framework (SPF). The SPF and its associated documents
specify controls that MUST be in place to protect information when held on government IT systems. One of the key
requirements in the SPF is to carry out regular technical risk assessments and security checks (including penetration
tests).
This piece of work is to carry out a security check (including penetration testing) of the College’s BT hosted IT
systems. It needs to be pointed out that the contract for the hosting and support of these member facing systems is
up for renewal in early 2013, but the applications used will probably not change. This needs to be taken into
account in this security check so that any risks are identified but effort is not wasted on things that will change in
2013.
Mandatory Requirements
As part of this Further Competition there are a number of specific requirements which must be met. These can be
found within the evaluation sections of REDIMO. Please note that the National College may at its absolute discretion
refuse to consider your bid further dependant on the answers given to these requirements.
The mandatory requirements for this Further Competition are as follows:




The bidder must have the relevant skills to discover the technical and procedural weaknesses within the
College’s BT hosted systems.
The bidder must be an expert in the requirements in the SPF and ISO 27001
The bidder must be willing and able to work closely with BT but for the College on this piece of work
The bidder must be listed as a CHECK service provider by CESG
Detailed Requirements
Price


Place
Quality
A fixed price is required to complete this piece of work, including the finished report and
recommendations
A competitive price is required that delivers a high quality product, at a price that is considered
excellent value for money
Points to consider:

The bidder must be willing to travel to any site in the UK to complete this work. International
travel is not expected.

High quality, concise and detailed report on the risks the College IT systems, hosted by BT
Global Services, are exposed to
Detailed recommendations on the actions required to either remove or minimise the risks
This piece of work does NOT need to be completed under the CHECK scheme but the provider
does need to be listed as a CHECK service provider by CESG


© National College for School Leadership
Page 1 of 3
Timescales



The timescale for this piece of work is flexible but needs to be completed relatively quickly
There will be some dependency on BT’s security and technical experts to complete this work
The number of days required to complete this piece of work is linked to the cost
Data Handling
The Data Handling schedule for this requirement will be Category 3. The current versions of the data handling
schedule can be viewed here Data Handling Schedules.
Attachments
The following attachments should be read in conjunction with this Further Competition:
BT drawing for
InfoSec tender
Online systems
schematic#2 Sept 2011.jpg
These can be downloaded via REDIMO (my tenders – reference – view full notice including documentation).
Evaluation Process and criteria
All quotes received will be evaluated against the evaluation criteria and scoring methodology as stated within this
Further Competition and REDIMO.
The evaluation criteria for each of the questions, within each evaluation section, are detailed below along with the
weighting to be applied. Please note that Item Prices are weighted at 20% of the overall score, Technical
Requirements are weighted as 80% of the Overall Score.
Evaluation sections and questions
The method of scoring the evaluation sections will be a 6 point scale, evaluators will use this to assign a score to
each evaluation question response:
Score
0
1
2
3
4
5
Guidance
No quotation provided and /or no response to questions submitted via Redimo.
The quotation provided meets less than half of the stated requirement.
The quotation provided meets some but not all of the stated requirement.
The quotation provided fully meets the stated requirement. Any additional offering is deemed to be of
little or no benefit to the College.
The quotation provided fully meets the stated requirement and in addition provides evidence of some
added value which would bring specific benefit to the College.
The quotation provided fully meets the stated requirement and in addition provides evidence of
exceptional added value which would bring significant benefit to the College.
The College expressly reserves the right to require a bidder to provide additional information
supplementing or clarifying any of the information provided in response to the requests set out in this
Further Competition. The College may seek independent advice to validate information declared, or to
assist in the evaluation
The evaluation criteria for each of the questions within each evaluation section are detailed below along
with the weighting to be applied:
Evaluation Section 1: Item Prices
Section Weighting: 20%
Ref
Question
1.1 Please provide a total fixed price for the delivery of this work inclusive of all expenses but exclusive of VAT.
Evaluation Section 2: Mandatory Requirements
Section Weighting: 0%
Ref
Question(s)
2.1 Has your organisation the relevant skills to discover the technical and procedural weaknesses within the
College’s BT hosted systems?
2.2 Have your organisation experts in the requirements in the SPF and ISO 27001?
2.3 Are you willing and able to work closely with BT but for the College on this piece of work?
2.4 Is your organisation listed as a CHECK service provider by CESG?
Please provide an answer for each question explicitly. References to answers in other questions/sections may not be
considered, and could result in a lower score being applied.
Evaluators can not take into account previous knowledge of your delivery unless it is included in the bid, therefore
© National College for School Leadership
Page 2 of 3
please be explicit about outcomes you have delivered and provide clear evidence and examples of your skills and
experience.
Please note that the National College may at its absolute discretion refuse to consider your response further if the
score achieved in the Technical Requirements section is lower than 60%
Evaluation Section 3: Technical Requirements
(If you have specified a requirement in the Detailed Requirements
section you should include an evaluation criteria for that
requirement).
Ref
Question(s)
Section Weighting: 60%
Look Fors
3.1 Please provide examples of where you have
carried out similar pieces of work
-
3.2 Please provide details of your resource plan for
this work and if the required skills to detect the
weaknesses within the College’s BT hosted
-
systems and experts in the SPF and ISO 27001
are to be provided by sub-contracting please
provide details of how this relationship will be
managed
-
-
- Good examples of previous
work in this area
-Bidders should provide up to
600 words in response to this
question
a robust resource plan with the
necessary skills for the work
robust resource relationship
management process in place
-Bidders should provide up to
600 words in response to this
question
Section Weighting: 0%
Question
weight
H
H
Evaluation Section 4: Further information
Ref
Question
4.1 Is VAT to be charged in addition to your net bid
4.2 Are you classed as a Small Medium Enterprise?
Timelines
Deadline for completing all evaluation sections in relation to this
Monday 24th October 2011 at 12noon
Further Competition
Notification to bidders of result
Friday 4th November 2011
Contract start date
Friday 11th November 2011
Contract expiry date
Friday 30th March 2012
Contract Management
Neill Beard will be the contract manager for this work
Queries and Guidance
Queries
Any queries in respect of this Further Competition should be raised via REDIMO through the link ‘Raise a clarification
question’.
Technical
Responses to this Further Competition need to be made electronically through REDIMO by completing evaluation
sections and questions. Further guidance on this process can be found by clicking here.
Bidders experiencing technical difficulties can also contact the commercial team during office hours on 01158723888
© National College for School Leadership
Page 3 of 3