Date of dispatch of this notice: 23/04/2020
External Reference: 2020-299153
TED Reference: 2020/S 083-197649
Contract award notice - utilities
Information
Published
Contract award notice - utilities
[NoticeAwardUtilities]
[NoticeContractAwardSub]
[Services]
[Directive201425]
[Section1]: [Ce]
I.1)
[NameAddressContact]
EirGrid plc
N/A
Block 2 - The Oval, 160 Shelbourne Road
Ballsbridge
Dublin 4
IE
[Contactpoint]:
Paul Valentine
[AddressPhone]:
+353 12370200
[AddressEmail]:
paul.valentine@eirgrid.com
[Internets]:
[UrlGeneral]:
http://www.eirgrid.com
[UrlBuyerprofile]:
https://irl.eu-supply.com/ctm/Company/CompanyInformation/Index/219
I.6)
[Mainactivity]
[MainactivElectricity]
[Section2]: [Object]
II.1)
[QuantityScopeContract]
II.1.1)
[TitleContract]
Cyber Security Testing Services (CSTS)
[Fileref]:
ENQEIR653
II.1.2)
[CpvMain]
72222300
-
II.1.3)
[TypeContract]
[Services]
II.1.4)
[DescrShort]
This Tender process is now complete.
Driven by the ongoing development of our information security framework and business transformation programmes, EirGrid’s Information Security function has established a security testing and a security risk assessments reporting regime. The aim of the reporting regime is to provide EirGrid with the following:
1. Vulnerability assessment with the associated exposures inherent within their current infrastructure.
2. Comprehensive risk analysis and recommendations, including a remediation plan.
3. Security audit, security reviews and test details, including applied methodology.
In keeping with its position in the industry EirGrid maintains a modern IT infrastructure comprising the following technologies:
• Servers: Physical and Virtual. Linux, Unix, Windows.
• Desktop: Workstation and Laptop. Windows.
• Databases: Oracle and MSQL.
• Network: Routers, Switches, Firewalls, Load Balancers and Gateways.
• Cloud Services.
Driven by the ongoing development of our information security framework and business transformation programmes, EirGrid’s Information Security function has established a security testing and a security risk assessments reporting regime. The aim of the reporting regime is to provide EirGrid with the following:
1. Vulnerability assessment with the associated exposures inherent within their current infrastructure.
2. Comprehensive risk analysis and recommendations, including a remediation plan.
3. Security audit, security reviews and test details, including applied methodology.
In keeping with its position in the industry EirGrid maintains a modern IT infrastructure comprising the following technologies:
• Servers: Physical and Virtual. Linux, Unix, Windows.
• Desktop: Workstation and Laptop. Windows.
• Databases: Oracle and MSQL.
• Network: Routers, Switches, Firewalls, Load Balancers and Gateways.
• Cloud Services.
II.1.6)
[LotsInfo]
[DivisionLots]:
[No]
II.1.7)
[ValueTotal] ( [HAgreeToPublish] [Yes] )
[ValueExclVat]:
1000000.00
EUR
II.2)
[Description]
II.2.2)
[CpvAdditional]
72222300
-
II.2.3)
[PlacePerformance]
[MainsiteplaceWorksDelivery]:
Dublin, Belfast
II.2.4)
[DescrProcurement]
This tender process is complete.
EirGrid intends to establish a single supplier framework. The Framework Agreement period will be for an initial duration of three (3) years with the option to extend yearly for up to five (5) years, subject always to the satisfactory performance of the member.
EirGrid require a security partner to provide the scope of services below. The scope of services is expected to include, but is not limited to:
• Provision of Cyber Security Testing Services (CSTS) across EirGrid’s IT Infrastructure to ensure security, confidentiality and integrity.
• Security testing will be primarily targeted at the externally visible infrastructure but some may be required to be internal.
• Security testing may be targeted at production and pre-production environments.
• Some CSTS may require re-testing to confirm the implementation of the remediation plan.
• Each security testing will be subject to individual scoping determined by EirGrid and agreed with the successful supplier, including “rules of engagement” such as:
Type of security testing.
Targets.
Objectives (what can and cannot be done).
Scope (processes, website options, infrastructure, services that are off limits).
Progress reporting.
Entry points.
EirGrid intends to establish a single supplier framework. The Framework Agreement period will be for an initial duration of three (3) years with the option to extend yearly for up to five (5) years, subject always to the satisfactory performance of the member.
EirGrid require a security partner to provide the scope of services below. The scope of services is expected to include, but is not limited to:
• Provision of Cyber Security Testing Services (CSTS) across EirGrid’s IT Infrastructure to ensure security, confidentiality and integrity.
• Security testing will be primarily targeted at the externally visible infrastructure but some may be required to be internal.
• Security testing may be targeted at production and pre-production environments.
• Some CSTS may require re-testing to confirm the implementation of the remediation plan.
• Each security testing will be subject to individual scoping determined by EirGrid and agreed with the successful supplier, including “rules of engagement” such as:
Type of security testing.
Targets.
Objectives (what can and cannot be done).
Scope (processes, website options, infrastructure, services that are off limits).
Progress reporting.
Entry points.
II.2.5)
[AwardCriteria] ( [HAgreeToPublish] [Yes] )
[AwardCriteriaBelow]
[AwardCriterionQuality]
-
[AwardCriterionName]:
Quality Quantity and Balance of Human Resources
/
[Weighting]:
15
[AwardCriterionQuality]
-
[AwardCriterionName]:
Approach & Methodology
/
[Weighting]:
15
[AwardCriterionQuality]
-
[AwardCriterionName]:
Sample Projects
/
[Weighting]:
30
[AwardCriterionQuality]
-
[AwardCriterionName]:
Quality Assurance
/
[Weighting]:
5
[AwardCriterionQuality]
-
[AwardCriterionName]:
Service Levels
/
[Weighting]:
5
[Price]
-
[Weighting]:
30
II.2.11)
[OptionsInfo]
[Options]:
[Yes]
[OptionsDescr]:
The initial contract period envisaged is three years with the possibility to extend annually up to a further five years, subject always to the satisfactory performance of the supplier.
II.2.13)
[EuProgrInfo]
[EuProgrRelated]:
[No]
II.2.14)
[InfoAdditional]
The estimate contract value is taking into account the contract being extended for the additional five years
[Section4]: [Procedure]
IV.1)
[Description]
IV.1.1)
[TypeProcedure]
[ProctypeNegotWCall]
IV.1.3)
[FrameworkContractDpsInfo]
[NoticeInvolvesFramework]
IV.1.8)
[GpaInfo]
[GpaCovered]
: [Yes]
IV.2)
[InfoAdmin]
IV.2.1)
[PubPrevious]
[NumberOj]: 2019/S 022-048945
[Section5]: [AwardOfContract]
[ContractNumber]: 1
[TitleContract]: Cyber Security Testing Services (CSTS)
V.2)
[AwardOfContract]
V.2.1)
[DateAward]
22/04/2020
V.2.2)
[AwardOffersInfo] ( [HAgreeToPublish] [Yes] )
[OffersReceived]:
5
[OffersReceivedElectronic]:
5
[AwardedGroup]
:
[No]V.2.3)
[AwardedToName] ( [HAgreeToPublish] [Yes] )
Ernst & Young
IE 4554695L
Harcourt Centre, Harcourt Street
Dublin
Dublin
IE
[AddressPhone]:
+353 4794074
[AddressEmail]:
eytendersirl@ie.ey.com
[Internet]:
http://www.ey.com
[AwardedSme] : [No]
V.2.4)
[ValueContractInfo] ([ExclVat]) ( [HAgreeToPublish] [Yes] )
[ValueTotalFinal]:
1000000.00
EUR
[Section6]: [InfoComplement]
VI.4)
[AppealsProcedure]
VI.4.1)
[AppealsBody]
The High Court
Four Courts
Dublin
7
IE
[AddressPhone]:
+353 18886000
[Internet]:
http://www.courts.ie
VI.4.4)
[AppealsInfo]
Central office of the High Courts (Appeal Section)
Ground Floor, East Wing, Inns Quay
Dublin
7
IE
[AddressPhone]:
+353 18886000
[Internet]:
http://www.courts.ie