Award

Cyber Security Testing Services

SCOTTISH GOVERNMENT

This public procurement record has 1 release in its history.

Award

25 Sep 2024 at 00:00

PCS Notice - Website Contract Award Notice
Summary of the contracting process

The Scottish Government has awarded a contract for cyber security testing services under its Dynamic Purchasing System (DPS) for Digital Technology Services, specifically Lot 4 Cyber Security and Resilience Services. The awarded contract, signed on 13th September 2024, focuses on providing quality-assured security testing, including annual IT health checks and ad-hoc security tests at key project milestones. The buying organisation is the Scottish Government, with the primary delivery location being Victoria Quay, The Shore, Edinburgh, although services will predominantly be provided remotely. The procurement method used was an open procedure, and the contract is valued at GBP 3,000,000. A key deadline for note was the award notice published on 25th September 2024.

This tender presents significant growth opportunities for businesses specialising in cyber security services, particularly those that are NCSC CHECK approved and capable of deploying security testing tools across diverse IT environments like Microsoft Azure and Amazon AWS. The requirement for subcontracting (up to 25% of the contract value, estimated at GBP 750,000) also opens up potential partnerships for smaller firms. Companies experienced in providing both routine and ad-hoc IT security tests and those capable of meeting the Scottish Government’s comprehensive requirements will find this tender particularly well-suited.

Find more tenders on our Open Data Platform.
How relevant is this notice?

D3 Tenders Premium

Win More Public Sector Contracts

AI-powered tender discovery, pipeline management, and market intelligence — everything you need to grow your public sector business.

Start Free Trial Book a Demo
All Features Pricing

Notice Information

Notice Title

Cyber Security Testing Services

Notice Description

The Scottish Ministers, on behalf of The Scottish Government have a requirement to engage with a partner to secure a service provider that will provide quality-assured security testing services and will have the scale and flexibility to accommodate both longer-term routine (e.g. annual) Information Technology (IT) operational health checks, as well as more frequent point-in-time security tests at key project milestones throughout the contract.

Lot Information

Lot 1

1.1 The Scottish Ministers, on behalf of The Scottish Government and hereafter referred to as the Purchaser, is seeking to establish an agreement for the provision of cyber security testing services. The contract shall undertake these services across a range of programmes which support our Digital Strategy and Cyber Resilient Strategic Framework. The successful Service Provider MUST be NCSC CHECK approved as the services will cover a wide variety of Scottish Government applications, platforms, and network types A Contract is required to cover the following service scope as a minimum and as further detailed in the Statement of Requirements: A. Cyber security testing which must comply with NCSC and UK Government guidance for cyber security testing and in line with the CHECK scheme. B. Deploy testing tools, either locally or remotely (as appropriate), to a wide variety of on-premise and cloud environments (e.g. Microsoft 365, Microsoft Azure, Amazon AWS, Google Cloud Platform, Oracle Cloud Infrastructure, etc). C. Provide CHECK level security testing. D. Cyber Security Red Teaming.. Requirement has been called off from the Scottish Governments Dynamic Purchasing System (DPS) for Digital Technology Services under Lot 4 Cyber Security and Resilience Services.

Notice Details

Publication & Lifecycle

Open Contracting ID
ocds-r6ebe6-0000778856
Publication Source
Public Contracts Scotland
Latest Notice
https://www.publiccontractsscotland.gov.uk/search/show/search_view.aspx?ID=SEP514938
Current Stage
Award
All Stages
Award

Procurement Classification

Notice Type
PCS Notice - Website Contract Award Notice
Procurement Type
Standard
Procurement Category
Services
Procurement Method
Open
Procurement Method Details
Open procedure
Tender Suitability
Not specified
Awardee Scale
SME

Common Procurement Vocabulary (CPV)

CPV Divisions

72 - IT services: consulting, software development, Internet and support

CPV Codes

72222300 - Information technology services

Notice Value(s)

Tender Value
Not specified
Lots Value
Not specified
Awards Value
Not specified
Contracts Value
£3,000,000 £1M-£10M

Notice Dates

Publication Date
25 Sep 20241 years ago
Submission Deadline
Not specified
Future Notice Date
Not specified
Award Date
13 Sep 20241 years ago
Contract Period
Not specified - Not specified
Recurrence
Not specified

Notice Status

Tender Status
Complete
Lots Status
Complete
Awards Status
Not Specified
Contracts Status
Active

Buyer & Supplier

Contracting Authority (Buyer)

Main Buyer
SCOTTISH GOVERNMENT
Contact Name
Not specified
Contact Email
paul.packett@gov.scot
Contact Phone
Not specified

Buyer Location

Locality
GLASGOW
Postcode
G2 8LU
Post Town
Glasgow
Country
Scotland
Major Region (ITL 1)
TLM Scotland
Basic Region (ITL 2)
TLM3 West Central Scotland
Small Region (ITL 3)
TLM32 Glasgow City
Delivery Location
TLM75 City of Edinburgh
Local Authority
Glasgow City
Electoral Ward
Anderston/City/Yorkhill
Westminster Constituency
Glasgow North

Supplier Information

Number of Suppliers
1
Supplier Name

COMMISSUM

Further Information

Notice Documents

  • https://www.publiccontractsscotland.gov.uk/search/show/search_view.aspx?ID=SEP514938
    Cyber Security Testing Services - The Scottish Ministers, on behalf of The Scottish Government have a requirement to engage with a partner to secure a service provider that will provide quality-assured security testing services and will have the scale and flexibility to accommodate both longer-term routine (e.g. annual) Information Technology (IT) operational health checks, as well as more frequent point-in-time security tests at key project milestones throughout the contract.

Open Contracting Data Standard (OCDS)

View full OCDS Record for this contracting process

Download

The Open Contracting Data Standard (OCDS) is a framework designed to increase transparency and access to public procurement data in the public sector. It is widely used by governments and organisations worldwide to report on procurement processes and contracts. 

{
    "tag": [
        "compiled"
    ],
    "id": "ocds-r6ebe6-0000778856-2024-09-25T00:00:00Z",
    "date": "2024-09-25T00:00:00Z",
    "ocid": "ocds-r6ebe6-0000778856",
    "initiationType": "tender",
    "parties": [
        {
            "id": "org-82",
            "name": "Scottish Government",
            "identifier": {
                "legalName": "Scottish Government"
            },
            "address": {
                "streetAddress": "5 Atlantic Quay, 150 Broomielaw",
                "locality": "Glasgow",
                "region": "UKM",
                "postalCode": "G2 8LU"
            },
            "contactPoint": {
                "email": "Paul.packett@gov.scot",
                "url": "http://"
            },
            "roles": [
                "buyer",
                "centralPurchasingBody",
                "mediationBody",
                "reviewContactPoint"
            ],
            "details": {
                "classifications": [
                    {
                        "id": "Ministry or any other national or federal authority, including their regional or local subdivisions",
                        "scheme": "TED_CA_TYPE"
                    },
                    {
                        "id": "01",
                        "description": "General public services",
                        "scheme": "COFOG"
                    },
                    {
                        "id": "05",
                        "description": "Environmental protection",
                        "scheme": "COFOG"
                    }
                ],
                "url": "http://www.scotland.gov.uk"
            }
        },
        {
            "id": "org-91",
            "name": "Commissum",
            "identifier": {
                "legalName": "Commissum"
            },
            "address": {
                "streetAddress": "Mitchell House, 5 Mitchell St",
                "locality": "Edinburgh",
                "region": "UKM75",
                "postalCode": "EH6 7BD"
            },
            "contactPoint": {
                "email": "alexander.northwood@uk.resillion.com",
                "telephone": "+44 3302230709"
            },
            "roles": [
                "supplier"
            ],
            "details": {
                "scale": "sme",
                "url": "http://www.commissum.com"
            }
        },
        {
            "id": "org-41",
            "name": "Edinburgh Sheriff Court",
            "identifier": {
                "legalName": "Edinburgh Sheriff Court"
            },
            "address": {
                "streetAddress": "27 Chambers Street",
                "locality": "Edinburgh",
                "postalCode": "EH1 1LB"
            },
            "contactPoint": {
                "url": "http://www.scotcourts.gov.uk/the-courts/sheriff-court/find-a-court"
            },
            "roles": [
                "reviewBody",
                "mediationBody",
                "reviewContactPoint"
            ]
        }
    ],
    "buyer": {
        "name": "Scottish Government",
        "id": "org-82"
    },
    "tender": {
        "id": "SP-24-02",
        "title": "Cyber Security Testing Services",
        "description": "The Scottish Ministers, on behalf of The Scottish Government have a requirement to engage with a partner to secure a service provider that will provide quality-assured security testing services and will have the scale and flexibility to accommodate both longer-term routine (e.g. annual) Information Technology (IT) operational health checks, as well as more frequent point-in-time security tests at key project milestones throughout the contract.",
        "status": "complete",
        "items": [
            {
                "id": "1",
                "additionalClassifications": [
                    {
                        "id": "72222300",
                        "scheme": "CPV"
                    }
                ],
                "deliveryLocation": {
                    "description": "Scottish Government, Victoria Quay, The Shore, Edinburgh, EH6 6QQ (Services delivered will be mostly remote)."
                },
                "deliveryAddresses": [
                    {
                        "region": "UKM75"
                    }
                ],
                "relatedLot": "1"
            }
        ],
        "procurementMethod": "open",
        "procurementMethodDetails": "Open procedure",
        "mainProcurementCategory": "services",
        "documents": [
            {
                "id": "SEP514938",
                "documentType": "awardNotice",
                "title": "Cyber Security Testing Services",
                "description": "The Scottish Ministers, on behalf of The Scottish Government have a requirement to engage with a partner to secure a service provider that will provide quality-assured security testing services and will have the scale and flexibility to accommodate both longer-term routine (e.g. annual) Information Technology (IT) operational health checks, as well as more frequent point-in-time security tests at key project milestones throughout the contract.",
                "url": "https://www.publiccontractsscotland.gov.uk/search/show/search_view.aspx?ID=SEP514938",
                "format": "text/html"
            }
        ],
        "lots": [
            {
                "id": "1",
                "description": "1.1 The Scottish Ministers, on behalf of The Scottish Government and hereafter referred to as the Purchaser, is seeking to establish an agreement for the provision of cyber security testing services. The contract shall undertake these services across a range of programmes which support our Digital Strategy and Cyber Resilient Strategic Framework. The successful Service Provider MUST be NCSC CHECK approved as the services will cover a wide variety of Scottish Government applications, platforms, and network types A Contract is required to cover the following service scope as a minimum and as further detailed in the Statement of Requirements: A. Cyber security testing which must comply with NCSC and UK Government guidance for cyber security testing and in line with the CHECK scheme. B. Deploy testing tools, either locally or remotely (as appropriate), to a wide variety of on-premise and cloud environments (e.g. Microsoft 365, Microsoft Azure, Amazon AWS, Google Cloud Platform, Oracle Cloud Infrastructure, etc). C. Provide CHECK level security testing. D. Cyber Security Red Teaming.. Requirement has been called off from the Scottish Governments Dynamic Purchasing System (DPS) for Digital Technology Services under Lot 4 Cyber Security and Resilience Services.",
                "status": "complete",
                "hasOptions": false
            }
        ],
        "coveredBy": [
            "GPA"
        ],
        "classification": {
            "id": "72222300",
            "scheme": "CPV"
        }
    },
    "awards": [
        {
            "id": "sp-24-02",
            "suppliers": [
                {
                    "id": "org-91",
                    "name": "Commissum"
                }
            ],
            "relatedLots": [
                "1"
            ],
            "hasSubcontracting": true,
            "subcontracting": {
                "description": "Up to 25% of the contract may be sub-contracted as a result of burst / short notice resource request requirements",
                "maximumPercentage": 0.25,
                "minimumPercentage": 0.25,
                "value": {
                    "amount": 750000,
                    "currency": "GBP"
                }
            }
        }
    ],
    "contracts": [
        {
            "id": "sp-24-02",
            "awardID": "sp-24-02",
            "status": "active",
            "value": {
                "amount": 3000000,
                "currency": "GBP"
            },
            "dateSigned": "2024-09-13T00:00:00Z"
        }
    ],
    "language": "EN",
    "description": "Award against framework: digital technology and cyber services Dynamic Purchasing System Requirement has been called off from the Scottish Governments Dynamic Purchasing System (DPS) for Digital Technology Services under Lot 4 Cyber Security and Resilience Services. (SC Ref:778856)",
    "bids": {
        "statistics": [
            {
                "id": "178",
                "measure": "bids",
                "value": 6,
                "relatedLot": "1"
            },
            {
                "id": "179",
                "measure": "smeBids",
                "value": 3,
                "relatedLot": "1"
            },
            {
                "id": "180",
                "measure": "foreignBidsFromEU",
                "value": 0,
                "relatedLot": "1"
            },
            {
                "id": "181",
                "measure": "foreignBidsFromNonEU",
                "value": 6,
                "relatedLot": "1"
            },
            {
                "id": "182",
                "measure": "electronicBids",
                "value": 6,
                "relatedLot": "1"
            }
        ]
    },
    "links": [
        {
            "rel": "canonical",
            "href": "https://api.publiccontractsscotland.gov.uk/v1/Notice?id=ocds-r6ebe6-0000778856"
        }
    ],
    "noticetype": "PCS Notice - Website Contract Award Notice"
}