Awarded to Capita Business Services Limited

Start date: Monday 26 November 2018
Value: £4,560
Company size: large

Penetration Testing

10 Incomplete applications

7 SME, 3 large

9 Completed applications

4 SME, 5 large

Important dates

Tuesday 25 September 2018
Deadline for asking questions
Tuesday 2 October 2018 at 11:59pm GMT
Closing date for applications
Tuesday 9 October 2018 at 11:59pm GMT


Summary of the work
involve but not be limited to the following types of testing:
• Internal infrastructure assessment and vulnerability scanning;
• Network device configuration review;
• On host build reviews; and
• Application testing (where appropriate).

Exepected to be approx 5 days work
Latest start date
Monday 15 October 2018
Expected contract length
South East England
Organisation the work is for
Budget range

About the work

Why the work is being done
Service Now implementation -Penetration testing required for MID server
Problem to be solved
Testing of MID server security
Who the users are and what they need to do
Early market engagement
Any work that’s already been done
Existing team
The selected supplier will be working with another supplier.
Current phase

Work setup

Address where the work will take place
Hanslope Park, near Milton Keynes
Working arrangements
Testing is expected to take place during normal weekday business hours as impact to normal services is classed as “minimal”. Should at any point the selected provider believe any part of its testing will have an adverse impact on the system, notification must be given immediately during the testing process and provision will be made for that aspect to take place out of business hours within 48 hours of notification.
Security clearance
DV clearence

Additional information

Additional terms and conditions

Skills and experience

Buyers will use the essential and nice-to-have skills and experience to help them evaluate suppliers’ technical competence.

Essential skills and experience
CHECK certified
Nice-to-have skills and experience

How suppliers will be evaluated

How many suppliers to evaluate
Proposal criteria
  • •Technical solution
  • •Approach and methodology
  • •How the approach or solution meets user needs
  • •Value for money
  • •Estimated timeframes for the work
Cultural fit criteria
  • •Work as a team with our organisation and other suppliers
  • •Be transparent and collaborative when making decisions
  • •Take responsibility for their work
  • •Can work with clients with low technical expertise
Payment approach
Fixed price
Assessment methods
Written proposal
Evaluation weighting

Technical competence


Cultural fit




Questions asked by suppliers

1. Will the tester be required to leave hard disks on-site at the end of each day and then at the end of engagement for destruction?
Yes that is correct.
2. Are you looking for CHECK certified service provide OR resources who have conducted penetration testing under the terms of CHECK would also work?
We’re looking for a CHECK service provider.
3. Could you kindly confirm the below please:
Is a CHECK team certified specialist acceptable or does the work require a CHECK certified organisation?
Do you require a CHECK certified team member or a CHECK team certified team leader?
We’re looking for a CHECK service provider. It can be team lead or a team member as long as they can carry out the relevant testing.
4. If we are successfully shortlisted to the next stage will a full scoping document be sent out because currently there is not enough information to provide a written proposal.
Yes a full scoping document will be provided and we will work with the supplier.
5. As the time scale is rather close, would the authority accept the work starting week of the 22nd October?
There are some preqs that we need to ensure are in place therefore the start date can be negotiable however the earliest possible date is preferred.
6. Is the latest start date flexible?
There are some preqs that we need to ensure are in place therefore the start date can be negotiable however the earliest possible date is preferred.