Awarded to NTA Monitor Ltd.

Start date: Monday 24 September 2018
Value: £11,375
Company size: SME
The Unity Partnership Ltd

2018/2019 Scope for PSN Health-Check – Oldham Council

8 Incomplete applications

5 SME, 3 large

3 Completed applications

2 SME, 1 large

Important dates

Published
Friday 3 August 2018
Deadline for asking questions
Friday 10 August 2018 at 11:59pm GMT
Closing date for applications
Friday 17 August 2018 at 11:59pm GMT

Overview

Summary of the work
To conduct a PSN Health-check of the Oldham Council network including internal and external infrastructure and end user devices. The precise scope and technical details will be agreed with the supplier further down the process. The following information provides a scope for pricing the audit
Latest start date
Monday 24 September 2018
Expected contract length
3 weeks
Location
North West England
Organisation the work is for
The Unity Partnership Ltd
Budget range

About the work

Why the work is being done
This work needs to be carry out on council obligation to achieve Public Sector Network (PSN) compliant in order to demonstrate that Oldham council will needs to require PSN certification.
Problem to be solved
To achieve PSN accreditation
Who the users are and what they need to do
To achieve the PSN certification, part of the process is to asses the IT estate against any kind of threat and vulnerability, and take action to mitigate in order to achieve PSN certification.
Early market engagement
Any work that’s already been done
Existing team
Working with Unity Partnership Information Security team
Current phase
Not applicable

Work setup

Address where the work will take place
Oldham Council,
Civic Centre,
Oldham
Ol1 1NY
Working arrangements
Working with Unity Information Security Manager
Security clearance
Baseline personnel security standard

Additional information

Additional terms and conditions

Skills and experience

Buyers will use the essential and nice-to-have skills and experience to help them evaluate suppliers’ technical competence.

Essential skills and experience
  • CREST CRT certified or equivalent
  • understand complex computer systems and technical cyber security terms
  • carry out remote testing of a client's network or onsite testing of their infrastructure to expose weaknesses in security
  • work with clients to determine their requirements from the test, for example the number and type of systems they would like testing
  • plan and create penetration methods, scripts and tests
  • advise on methods to fix or lower security risks to systems
  • consider the impact your 'attack' will have on the business and its users
  • create reports and recommendations from your findings
  • present your findings, risks and conclusions to both technical and non-technical audiences
  • understand how the flaws that you identify could affect a business, or business function, if they're not fixed
  • Minimum 3 years frequent pen test experience
  • Review your findings and feedback to clients
  • Analyse the outcomes and make recommendations for security improvements
  • Previous pen testing experience on local or Government organisation pen test would be highly advantageous
Nice-to-have skills and experience

How suppliers will be evaluated

How many suppliers to evaluate
3
Proposal criteria
  • How the approach or solution meets your organisation’s policy or goal
  • How they’ve identified risks and dependencies and offered approaches to manage them
  • Value for money
Cultural fit criteria
  • Work as a team with our organisation
  • Take responsibility for their work
  • Share knowledge and experience with other team members
  • Challenge the status quo
Payment approach
Fixed price
Assessment methods
Written proposal
Evaluation weighting

Technical competence

70%

Cultural fit

10%

Price

20%

Questions asked by suppliers

No questions have been answered yet