FCO
Penetration Testing
10 Incomplete applications
7 SME, 3 large
9 Completed applications
4 SME, 5 large
Important dates
- Published
- Tuesday 25 September 2018
- Deadline for asking questions
- Tuesday 2 October 2018 at 11:59pm GMT
- Closing date for applications
- Tuesday 9 October 2018 at 11:59pm GMT
Overview
- Summary of the work
-
involve but not be limited to the following types of testing:
• Internal infrastructure assessment and vulnerability scanning;
• Network device configuration review;
• On host build reviews; and
• Application testing (where appropriate).
Exepected to be approx 5 days work - Latest start date
- Monday 15 October 2018
- Expected contract length
- Location
- South East England
- Organisation the work is for
- FCO
- Budget range
About the work
- Why the work is being done
- Service Now implementation -Penetration testing required for MID server
- Problem to be solved
- Testing of MID server security
- Who the users are and what they need to do
- n/a
- Early market engagement
- Any work that’s already been done
- Existing team
- The selected supplier will be working with another supplier.
- Current phase
- Alpha
Work setup
- Address where the work will take place
- Hanslope Park, near Milton Keynes
- Working arrangements
- Testing is expected to take place during normal weekday business hours as impact to normal services is classed as “minimal”. Should at any point the selected provider believe any part of its testing will have an adverse impact on the system, notification must be given immediately during the testing process and provision will be made for that aspect to take place out of business hours within 48 hours of notification.
- Security clearance
- DV clearence
Additional information
- Additional terms and conditions
Skills and experience
Buyers will use the essential and nice-to-have skills and experience to help them evaluate suppliers’ technical competence.
- Essential skills and experience
- CHECK certified
- Nice-to-have skills and experience
- n/a
How suppliers will be evaluated
- How many suppliers to evaluate
- 3
- Proposal criteria
-
- •Technical solution
- •Approach and methodology
- •How the approach or solution meets user needs
- •Value for money
- •Estimated timeframes for the work
- Cultural fit criteria
-
- •Work as a team with our organisation and other suppliers
- •Be transparent and collaborative when making decisions
- •Take responsibility for their work
- •Can work with clients with low technical expertise
- Payment approach
- Fixed price
- Assessment methods
- Written proposal
- Evaluation weighting
-
Technical competence
65%Cultural fit
5%Price
30%
Questions asked by suppliers
- 1. Will the tester be required to leave hard disks on-site at the end of each day and then at the end of engagement for destruction?
- Yes that is correct.
- 2. Are you looking for CHECK certified service provide OR resources who have conducted penetration testing under the terms of CHECK would also work?
- We’re looking for a CHECK service provider.
-
3. Could you kindly confirm the below please:
Is a CHECK team certified specialist acceptable or does the work require a CHECK certified organisation?
Do you require a CHECK certified team member or a CHECK team certified team leader? - We’re looking for a CHECK service provider. It can be team lead or a team member as long as they can carry out the relevant testing.
- 4. If we are successfully shortlisted to the next stage will a full scoping document be sent out because currently there is not enough information to provide a written proposal.
- Yes a full scoping document will be provided and we will work with the supplier.
- 5. As the time scale is rather close, would the authority accept the work starting week of the 22nd October?
- There are some preqs that we need to ensure are in place therefore the start date can be negotiable however the earliest possible date is preferred.
- 6. Is the latest start date flexible?
- There are some preqs that we need to ensure are in place therefore the start date can be negotiable however the earliest possible date is preferred.