Sheffield Health and Social Care

ISO 27001 Assessment - Quotes

Incomplete applications

7
Incomplete applications
5 SME, 2 large

Completed applications

13
Completed applications
11 SME, 2 large
Important dates
Opportunity attribute name Opportunity attribute value
Published Thursday 19 September 2019
Deadline for asking questions Thursday 26 September 2019 at 11:59pm GMT
Closing date for applications Thursday 3 October 2019 at 11:59pm GMT

Overview

Overview
Opportunity attribute name Opportunity attribute value
Summary of the work We are looking to purchase an IS27001 assessment and certification.
Latest start date Monday 14 October 2019
Expected contract length
Location Yorkshire and the Humber
Organisation the work is for Sheffield Health and Social Care
Budget range

About the work

About the work
Opportunity attribute name Opportunity attribute value
Why the work is being done We are looking to carry out an ISO 27001 assessment and certification.
Problem to be solved To asses our current readiness for ISO 27001 certification.
Who the users are and what they need to do Our users are our staff and patients (service users) - they will need to use an IT environment that is ISO 27001 certified.
Early market engagement We are looking to obtain quotes for an ISO 27001 assessment and certification.
Any work that’s already been done
Existing team We have an established IT team.
Current phase Discovery

Work setup

Work setup
Opportunity attribute name Opportunity attribute value
Address where the work will take place Sheffield Health & Social Care NHS Foundation Trust;
Fulwood House;
Old Fulwood Road;
SHEFFIELD;
S10 3TH
Working arrangements To be defined.
Security clearance

Additional information

Additional information
Opportunity attribute name Opportunity attribute value
Additional terms and conditions

Skills and experience

Buyers will use the essential and nice-to-have skills and experience to help them evaluate suppliers’ technical competence.

Skills and experience
Opportunity attribute name Opportunity attribute value
Essential skills and experience Be able to deliver an ISo27001 assessment and certification.
Nice-to-have skills and experience Experience of working with the NHS

How suppliers will be evaluated

How suppliers will be evaluated
Opportunity attribute name Opportunity attribute value
How many suppliers to evaluate 10
Proposal criteria Quality of assessment.
Cultural fit criteria Commit to working at our site and attending meetings.
Payment approach Fixed price
Assessment methods
  • Written proposal
  • Case study
  • Work history
  • Reference
Evaluation weighting

Technical competence

10%

Cultural fit

10%

Price

80%

Questions asked by suppliers

Questions asked by suppliers
Supplier question Buyer answer
1. You mention that you would like certification as well, does this mean the bids can only come from Accreditation bodies as only authorised companies (which are a few) can issue actual certification.
However if this proposals allows companies that can do an assessment, help with corrective actions and then work with an accreditation body to get you certified this would open the proposal to a wider audience and so attract better prices (80% consideration).
We will accept bids from unaccredited bodies who can help carry out the assessment and then work with us with accredited bodies to achieve certification.
2. Is there a preferred or existing supplier for this work? No there isn't a preferred or existing supplier, we would like to run a competitive tender process base on the outlined criteria.
3. Who will be reviewing bids? i.e. IT or Commercial focused staff member. All bids will be reviewed by a combination of technical and commercial.
4. Do you have an indicative budget for this work please? We don't have an indicative budget, we are looking for quotes for the initial ISO27001 audit and potential day rates to get us to the point of certification.
5. Do you require attendance on site 5 days a week, or is there some working arrangements flexibility? No we will accept flexible working arrangements. Suppliers may need to visit us on site during the assessment phase, although we are completely flexible.
6. Will we be provided with scope details at second stage? For the consultancy phase, suppliers will be able to agree the scope and requirements that are needed to obtain ISO27001 certification. Ideally we would like suppliers to provide a quote based on a consultancy day rate to achieve this. If suppliers are able to provide an bulk discount on this or a fixed price, this should also be submitted along side the consultancy day rate.
7. Is this an Expression of Interest (EOI) process only as we can see nowhere in the application submission to provide a quotation? Will you be selecting potential bidders and requesting quotes by separate activity? No this is a RFQ - request for a quote. If suppliers are unable to submit quote details through the portal, they should include a summary quote in their response. We will then set up a secure portal to submit formal quote documents.