Notice Information
Notice Title
Provision of Army Digital Services Security & Vulnerability Assessments Specialist & Technical Capability (DInfoCom/0212)
Notice Description
There is a requirement for specialist technical assistance to provide code assisted Vulnerability Assessments (VA) and Penetration Testing (PT) security assessments on both new and in-service applications/infrastructure. Security assessments, PT's and VA's are used to identify vulnerabilities in code and infrastructure (networks, servers, operating systems and applications) that could potentially be exploited. Attackers can be hackers trying to gain access into our network or systems, state sponsored activists or an insider threat. They will aim to either extract information that is held on applications and hosting environments or cause extensive disruption to services. ADS has 2 hosting environments, the Army Hosting Environment (AHE) and Joint Server Farm (JSF). The JSF is accessible from the internet via the Defence Gateway and holds information classified at Official. The AHE holds Official, Secret and Sensitive Personal Information which if extracted would not only be damaging to the Army's reputation, it could jeopardise potential operations. It could also incur fines from the Information Commissioner if there were a breach of personal information. An attack to disrupt any of the services ADS provides would significantly erode the Army's ability to operate, as many of the systems support day to day activities and processes. It is therefore imperative that vulnerabilities are identified and remedied/mitigated to reduce the risk of these occurrences. All new applications expecting to be hosted on the AHE or the JSF must have a vulnerability assessment before being allowed onto the environment to ensure there are no weaknesses which could potentially allow an attacker access to the wider infrastructure and applications. Existing applications, hosting environments and platforms must be VA'd on a rolling programme to ensure any changes do not increase vulnerability and potential for being attacked.
Notice Details
Publication & Lifecycle
- Open Contracting ID
- ocds-b5fd17-78275948-9210-49c0-92c9-c610861b6a45
- Publication Source
- Contracts Finder
- Latest Notice
- https://www.contractsfinder.service.gov.uk/Notice/496afb84-832e-49e2-a8cb-a5b6430f5aa6
- Current Stage
- Award
- All Stages
- Award
Procurement Classification
- Notice Type
- Award Notice
- Procurement Type
- Framework
- Procurement Category
- Services
- Procurement Method
- Selective
- Procurement Method Details
- Call-off from a framework agreement
- Tender Suitability
- SME
- Awardee Scale
- Large
Common Procurement Vocabulary (CPV)
- CPV Divisions
72 - IT services: consulting, software development, Internet and support
-
- CPV Codes
72820000 - Computer testing services
Notice Value(s)
- Tender Value
- £459,000 £100K-£500K
- Lots Value
- Not specified
- Awards Value
- £459,000 £100K-£500K
- Contracts Value
- Not specified
Notice Dates
- Publication Date
- 21 Sep 20223 years ago
- Submission Deadline
- 22 Jul 2022Expired
- Future Notice Date
- Not specified
- Award Date
- 26 Jul 20223 years ago
- Contract Period
- 30 Sep 2022 - 30 Sep 2024 2-3 years
- Recurrence
- Not specified
Notice Status
- Tender Status
- Complete
- Lots Status
- Not Specified
- Awards Status
- Active
- Contracts Status
- Not Specified
Buyer & Supplier
Contracting Authority (Buyer)
- Main Buyer
- MINISTRY OF DEFENCE
- Contact Name
- Available with D3 Tenders Premium →
- Contact Email
- Available with D3 Tenders Premium →
- Contact Phone
- Available with D3 Tenders Premium →
Buyer Location
- Locality
- ANDOVER
- Postcode
- SP11 8HJ
- Post Town
- Salisbury
- Country
- England
-
- Major Region (ITL 1)
- TLJ South East (England)
- Basic Region (ITL 2)
- TLJ3 Hampshire and Isle of Wight
- Small Region (ITL 3)
- TLJ36 Central Hampshire
- Delivery Location
- TLJ South East (England)
-
- Local Authority
- Test Valley
- Electoral Ward
- Andover Millway
- Westminster Constituency
- North West Hampshire
Further Information
Notice Documents
-
https://www.contractsfinder.service.gov.uk/Notice/496afb84-832e-49e2-a8cb-a5b6430f5aa6
21st September 2022 - Awarded contract notice on Contracts Finder
Open Contracting Data Standard (OCDS)
View full OCDS Record for this contracting process
The Open Contracting Data Standard (OCDS) is a framework designed to increase transparency and access to public procurement data in the public sector. It is widely used by governments and organisations worldwide to report on procurement processes and contracts.
{
"tag": [
"compiled"
],
"id": "ocds-b5fd17-78275948-9210-49c0-92c9-c610861b6a45-2022-09-21T12:09:09+01:00",
"date": "2022-09-21T12:09:09+01:00",
"ocid": "ocds-b5fd17-78275948-9210-49c0-92c9-c610861b6a45",
"language": "en",
"initiationType": "tender",
"tender": {
"id": "703103456",
"title": "Provision of Army Digital Services Security & Vulnerability Assessments Specialist & Technical Capability (DInfoCom/0212)",
"description": "There is a requirement for specialist technical assistance to provide code assisted Vulnerability Assessments (VA) and Penetration Testing (PT) security assessments on both new and in-service applications/infrastructure. Security assessments, PT's and VA's are used to identify vulnerabilities in code and infrastructure (networks, servers, operating systems and applications) that could potentially be exploited. Attackers can be hackers trying to gain access into our network or systems, state sponsored activists or an insider threat. They will aim to either extract information that is held on applications and hosting environments or cause extensive disruption to services. ADS has 2 hosting environments, the Army Hosting Environment (AHE) and Joint Server Farm (JSF). The JSF is accessible from the internet via the Defence Gateway and holds information classified at Official. The AHE holds Official, Secret and Sensitive Personal Information which if extracted would not only be damaging to the Army's reputation, it could jeopardise potential operations. It could also incur fines from the Information Commissioner if there were a breach of personal information. An attack to disrupt any of the services ADS provides would significantly erode the Army's ability to operate, as many of the systems support day to day activities and processes. It is therefore imperative that vulnerabilities are identified and remedied/mitigated to reduce the risk of these occurrences. All new applications expecting to be hosted on the AHE or the JSF must have a vulnerability assessment before being allowed onto the environment to ensure there are no weaknesses which could potentially allow an attacker access to the wider infrastructure and applications. Existing applications, hosting environments and platforms must be VA'd on a rolling programme to ensure any changes do not increase vulnerability and potential for being attacked.",
"status": "complete",
"classification": {
"scheme": "CPV",
"id": "72820000",
"description": "Computer testing services"
},
"items": [
{
"id": "1",
"deliveryAddresses": [
{
"region": "South East",
"countryName": "United Kingdom"
}
]
}
],
"value": {
"amount": 459000,
"currency": "GBP"
},
"procurementMethod": "selective",
"procurementMethodDetails": "Call-off from a framework agreement",
"tenderPeriod": {
"endDate": "2022-07-22T12:00:00+01:00"
},
"contractPeriod": {
"startDate": "2022-10-01T00:00:00+01:00",
"endDate": "2024-09-30T23:59:59+01:00"
},
"suitability": {
"sme": true,
"vcse": false
},
"mainProcurementCategory": "services"
},
"parties": [
{
"id": "GB-SRS-sid4gov.cabinetoffice.gov.uk/7U7AuvS7",
"name": "MINISTRY OF DEFENCE",
"identifier": {
"legalName": "MINISTRY OF DEFENCE",
"scheme": "GB-SRS",
"id": "sid4gov.cabinetoffice.gov.uk/7U7AuvS7"
},
"address": {
"streetAddress": "D Info Commercial, Army HQ",
"locality": "Andover",
"postalCode": "SP11 8HJ",
"countryName": "England"
},
"contactPoint": {
"email": "pauline.hewish662@mod.gov.uk"
},
"roles": [
"buyer"
]
},
{
"id": "GB-COH-04474600",
"name": "NCC GROUP SECURITY SERVICES LIMITED",
"identifier": {
"legalName": "NCC GROUP SECURITY SERVICES LIMITED",
"scheme": "GB-COH",
"id": "04474600"
},
"address": {
"streetAddress": "Xyz Building,2 Hardman Boulevard MANCHESTER M3 3AQ GB"
},
"details": {
"scale": "large",
"vcse": false
},
"roles": [
"supplier"
]
}
],
"buyer": {
"id": "GB-SRS-sid4gov.cabinetoffice.gov.uk/7U7AuvS7",
"name": "MINISTRY OF DEFENCE"
},
"awards": [
{
"id": "ocds-b5fd17-78275948-9210-49c0-92c9-c610861b6a45-1",
"status": "active",
"date": "2022-07-27T00:00:00+01:00",
"datePublished": "2022-09-21T12:09:09+01:00",
"value": {
"amount": 459000,
"currency": "GBP"
},
"suppliers": [
{
"id": "GB-COH-04474600",
"name": "NCC GROUP SECURITY SERVICES LIMITED"
}
],
"contractPeriod": {
"startDate": "2022-10-01T00:00:00+01:00",
"endDate": "2024-09-30T23:59:59+01:00"
},
"description": "PS459,000 'Core' value with PS1,500,000 Ad-Hoc Tasking Value for any additional assessments",
"documents": [
{
"id": "1",
"documentType": "awardNotice",
"description": "Awarded contract notice on Contracts Finder",
"url": "https://www.contractsfinder.service.gov.uk/Notice/496afb84-832e-49e2-a8cb-a5b6430f5aa6",
"datePublished": "2022-09-21T12:09:09+01:00",
"format": "text/html",
"language": "en"
},
{
"id": "2",
"documentType": "contractSigned",
"url": "https://www.contractsfinder.service.gov.uk/Notice/Attachment/6b2204ba-f6c2-49fb-816a-ba9105d3823c",
"format": "application/vnd.openxmlformats-officedocument.wordprocessingml.document"
},
{
"id": "3",
"documentType": "contractSchedule",
"url": "https://www.contractsfinder.service.gov.uk/Notice/Attachment/74b21b58-5288-430a-a183-704c2a8efb27",
"format": "application/vnd.openxmlformats-officedocument.wordprocessingml.document"
},
{
"id": "4",
"documentType": "contractSchedule",
"url": "https://www.contractsfinder.service.gov.uk/Notice/Attachment/f6d4bc7e-ea08-4206-91a2-cbd957f731ad",
"format": "application/vnd.openxmlformats-officedocument.wordprocessingml.document"
}
]
}
]
}