The Queen's University Belfast

Penetration testing

Incomplete applications

10
Incomplete applications
10 SME, 0 large

Completed applications

11
Completed applications
8 SME, 3 large
Important dates
Opportunity attribute name Opportunity attribute value
Published Friday 26 April 2019
Deadline for asking questions Friday 3 May 2019 at 11:59pm GMT
Closing date for applications Friday 10 May 2019 at 11:59pm GMT

Overview

Overview
Opportunity attribute name Opportunity attribute value
Specialist role Cyber security consultant
Summary of the work This is a high level overview of the requirement for Penetration testing the QUB network - details will be scoped with supplier.
External testing
Probing of public facing entities and scanning of the firewall for exploits.
Internal Testing
Scanning of 8 data centre subnets
Infrastructure testing of the QUB network
Latest start date Monday 22 July 2019
Expected contract length 6 days
Location Northern Ireland
Organisation the work is for The Queen's University Belfast
Maximum day rate Maximum daily rate of £1000 to include travel and subsistence costs.

About the work

About the work
Opportunity attribute name Opportunity attribute value
Early market engagement
Who the specialist will work with Data Security Manager and IT Systems team
What the specialist will work on Penetration Test of QUB Infrastructure
Black box – external
White box – internal (on-premises)

Work setup

Work setup
Opportunity attribute name Opportunity attribute value
Address where the work will take place Queens University Belfast
McClay Library
10 College Park
Belfast
BT7 1LP
Working arrangements Expect onsite attendance for 3 days of the testing exercise
Security clearance

Additional information

Additional information
Opportunity attribute name Opportunity attribute value
Additional terms and conditions Tester must be CHECK or Crest certified.
Preference will be given to supplier with Crest Infrastructure qualification.

Skills and experience

Buyers will use the essential and nice-to-have skills and experience to help them evaluate suppliers’ technical competence.

Skills and experience
Opportunity attribute name Opportunity attribute value
Essential skills and experience CHECK or Crest certified
Nice-to-have skills and experience Crest Infrastructure qualified

How suppliers will be evaluated

How suppliers will be evaluated
Opportunity attribute name Opportunity attribute value
How many specialists to evaluate 6
Cultural fit criteria be able to communicate well with senior management
Assessment methods
  • Work history
  • Reference
Evaluation weighting

Technical competence

10%

Cultural fit

5%

Price

85%

Questions asked by suppliers

Questions asked by suppliers
Supplier question Buyer answer
1. is there a preference to use an enterprise grade cloud solution e.g Veracode or is an open source solution that is required ? To be clear the requirement is for a pen tester (person) to complete testing, that individual can decide what software thy require to use to complete testing - providing the software is licensed and approved for security testing and the individual is CHECK or Crest certified.
2. have you chosen a tool yet, or is this part of the initial 6-day exercise ? To be clear the requirement is for a pen tester (person) to complete testing, that individual can decide what software thy require to use to complete testing - providing the software is licensed and approved for security testing and the individual is CHECK or Crest certified.
3. Will the 6 days be dotted across a certain amount of time? There is no requirement to complete the task in 6 consecutive days but i would imagine that the onsite work would be carried out on consecutive days.
4. Can the Authority confirm if they are already working with an incumbent supplier ? I can confirm that we are not working with an incumbent supplier.