FCO

Penetration Testing

10 Incomplete applications

7 SME, 3 large

4 SME, 5 large

Summary of the work: involve but not be limited to the following types of testing:
• Internal infrastructure assessment and vulnerability scanning;
• Network device configuration review;
• On host build reviews; and
• Application testing (where appropriate).

Exepected to be approx 5 days work
Latest start date: Monday 15 October 2018
Expected contract length
Location: South East England
Organisation the work is for: FCO
Budget range

Why the work is being done: Service Now implementation -Penetration testing required for MID server
Problem to be solved: Testing of MID server security
Who the users are and what they need to do: n/a
Early market engagement
Any work that’s already been done
Existing team: The selected supplier will be working with another supplier.
Current phase: Alpha

Address where the work will take place: Hanslope Park, near Milton Keynes
Working arrangements: Testing is expected to take place during normal weekday business hours as impact to normal services is classed as “minimal”. Should at any point the selected provider believe any part of its testing will have an adverse impact on the system, notification must be given immediately during the testing process and provision will be made for that aspect to take place out of business hours within 48 hours of notification.
Security clearance: DV clearence

Buyers will use the essential and nice-to-have skills and experience to help them evaluate suppliers’ technical competence.

How many suppliers to evaluate

Proposal criteria

Cultural fit criteria

Payment approach

Fixed price

Assessment methods

Written proposal

Evaluation weighting

Technical competence

65%

Cultural fit

Price

30%

1. Will the tester be required to leave hard disks on-site at the end of each day and then at the end of engagement for destruction?: Yes that is correct.
2. Are you looking for CHECK certified service provide OR resources who have conducted penetration testing under the terms of CHECK would also work?: We’re looking for a CHECK service provider.
3. Could you kindly confirm the below please: Is a CHECK team certified specialist acceptable or does the work require a CHECK certified organisation? Do you require a CHECK certified team member or a CHECK team certified team leader?: We’re looking for a CHECK service provider. It can be team lead or a team member as long as they can carry out the relevant testing.
4. If we are successfully shortlisted to the next stage will a full scoping document be sent out because currently there is not enough information to provide a written proposal.: Yes a full scoping document will be provided and we will work with the supplier.
5. As the time scale is rather close, would the authority accept the work starting week of the 22nd October?: There are some preqs that we need to ensure are in place therefore the start date can be negotiable however the earliest possible date is preferred.
6. Is the latest start date flexible?: There are some preqs that we need to ensure are in place therefore the start date can be negotiable however the earliest possible date is preferred.