Awarded to Capita Business Services Limited

Start date: Wednesday 31 July 2019
Value: £4,200
Company size: large

The Queen's University Belfast

Penetration testing

10 Incomplete applications

10 SME, 0 large

11 Completed applications

8 SME, 3 large

• Published: Friday 26 April 2019
• Deadline for asking questions: Friday 3 May 2019 at 11:59pm GMT
• Closing date for applications: Friday 10 May 2019 at 11:59pm GMT

Overview

• Specialist role: Cyber security consultant
• Summary of the work: This is a high level overview of the requirement for Penetration testing the QUB network - details will be scoped with supplier.; External testing; Probing of public facing entities and scanning of the firewall for exploits.; Internal Testing; Scanning of 8 data centre subnets; Infrastructure testing of the QUB network
• Latest start date: Monday 22 July 2019
• Expected contract length: 6 days
• Location: Northern Ireland
• Organisation the work is for: The Queen's University Belfast
• Maximum day rate: Maximum daily rate of £1000 to include travel and subsistence costs.

About the work

• Who the specialist will work with: Data Security Manager and IT Systems team
• What the specialist will work on: Penetration Test of QUB Infrastructure; Black box – external; White box – internal (on-premises)

Work setup

• Address where the work will take place: Queens University Belfast; McClay Library; 10 College Park; Belfast; BT7 1LP
• Working arrangements: Expect onsite attendance for 3 days of the testing exercise

Additional information

• Additional terms and conditions: Tester must be CHECK or Crest certified.; Preference will be given to supplier with Crest Infrastructure qualification.

Skills and experience

Buyers will use the essential and nice-to-have skills and experience to help them evaluate suppliers’ technical competence.

• Essential skills and experience: CHECK or Crest certified
• Nice-to-have skills and experience: Crest Infrastructure qualified

How suppliers will be evaluated

• How many specialists to evaluate: 6
• Cultural fit criteria: be able to communicate well with senior management
• Assessment methods:
  • Work history
  • Reference
• Evaluation weighting:

  Technical competence

  10%

  Cultural fit

  5%

  Price

  85%

Questions asked by suppliers

• 1. is there a preference to use an enterprise grade cloud solution e.g Veracode or is an open source solution that is required ?: To be clear the requirement is for a pen tester (person) to complete testing, that individual can decide what software thy require to use to complete testing - providing the software is licensed and approved for security testing and the individual is CHECK or Crest certified.
• 2. have you chosen a tool yet, or is this part of the initial 6-day exercise ?: To be clear the requirement is for a pen tester (person) to complete testing, that individual can decide what software thy require to use to complete testing - providing the software is licensed and approved for security testing and the individual is CHECK or Crest certified.
• 3. Will the 6 days be dotted across a certain amount of time?: There is no requirement to complete the task in 6 consecutive days but i would imagine that the onsite work would be carried out on consecutive days.
• 4. Can the Authority confirm if they are already working with an incumbent supplier ?: I can confirm that we are not working with an incumbent supplier.