Security Services

Norges Bank

Norges Bank is hereby starting the process of pre-qualification of tenderers for delivery of a solution as described below to detect and respond to different phases of ICT-based attacks.
Norges Bank aims to procure security technology and services to support intrusion detection and response for security related ICT-incidents. The delivery will include technical solutions for, but not limited to:
— Intrusion detection;
— Monitoring and triage of alerts;
— Incident handling support;
— Response and analysis of security incidents;
— Artifact handling;
— Vulnerability scanning;
— Memory and disk forensics;
— Advanced Persistent Threat intelligence;
— Dynamic and static malware analysis including reverse engineering of malware;
— Log handling (SIEM);
— Incident handling and analysis at the premises of Norges Bank.
There may be a gradual implementation of the services.
The service should account for threat actors up to high levels of capability and available resources. The managed security monitoring is expected to operate at a 24/7/365 basis.
The service is expected to include a Security Information and Event Management (SIEM) solution, alternatively a Log Management solution with focus on incident support and/or detection of incidents based on correlation of events. The provider should also be a mature consumer and producer of threat intelligence, and actively using threat intelligence in security monitoring and incident handling. The log or SIEM-solution shall make the log material available to internal resources for further analysis.
The operation of the Norges Bank IT infrastructure and computing environment is outsourced to one large and a few small service providers.
The delivery is exempt from public disclosure pursuant to Section 13 of the Freedom of Information Act (cf. Section 12 of the Norges Bank Act).

Frist

Fristen for mottak av tilbud var 2015-04-16. Anskaffelsen ble publisert 2015-03-15.

Leverandører

Følgende leverandører er nevnt i tildelingsbeslutninger eller andre anskaffelsesdokumenter:

Hvem? Hva? Hvor?
Anskaffelseshistorikk
Dato Dokument
2015-03-15 Kunngjøring av konkurranse
2015-12-18 Kunngjøring om tildeling av kontrakt
Kunngjøring av konkurranse (2015-03-15)
Gjenstand
Anskaffelsens omfang
Tittel: IT services: consulting, software development, Internet and support
Antall eller omfang:
The total scope of the contract to be awarded is expected to be on the order of MNOK 20 – 90 incl VAT over 7 years. There is a substantial uncertainty with regard to the volume of this agreement. Previous experience indicates that the need may vary.
Metadata for kunngjøring
Originalspråk: engelsk 🗣️
Dokumenttype: Kunngjøring av konkurranse
Kontraktens art: Tjenester
Forskrift: Det europeiske økonomiske samarbeidsområdet (EØS)
Felles innkjøpsordliste (CPV)
Kode: Datatjenester: rådgivning, programvareutvikling, internett og systemstøtte 📦

Prosedyre
Prosedyretype: Konkurranse med forhandling
Tilbudstype: Innlevering for alle delkontrakter
Tildelingskriterier
Det mest økonomisk fordelaktige tilbudet

Oppdragsgiver
Identitet
Land: Norge 🇳🇴
Type tildelende myndighet: Offentligrettslig organ
Navn på tildelende myndighet: Norges Bank
Postadresse: Postboks 1179
Postnummer: 0107
Poststed: Oslo
Kontakt
E-post: ikt_tilbud@norges-bank.no 📧
Telefon: +47 22316000 📞

Referanse
Datoer
Sendt dato: 2015-03-15 📅
Innleveringsfrist: 2015-04-16 📅
Publiseringsdato: 2015-03-20 📅
Identifikatorer
Kunngjøringsnummer: 2015/S 056-098365
OJ-S-utgave: 56

Gjenstand
Anskaffelsens omfang
Kort beskrivelse:
Norges Bank is hereby starting the process of pre-qualification of tenderers for delivery of a solution as described below to detect and respond to different phases of ICT-based attacks.
Norges Bank aims to procure security technology and services to support intrusion detection and response for security related ICT-incidents. The delivery will include technical solutions for, but not limited to:
— Intrusion detection;
— Monitoring and triage of alerts;
— Incident handling support;
— Response and analysis of security incidents;
— Artifact handling;
— Vulnerability scanning;
— Memory and disk forensics;
— Advanced Persistent Threat intelligence;
— Dynamic and static malware analysis including reverse engineering of malware;
— Log handling (SIEM);
— Incident handling and analysis at the premises of Norges Bank.
There may be a gradual implementation of the services.
The service should account for threat actors up to high levels of capability and available resources. The managed security monitoring is expected to operate at a 24/7/365 basis.
The service is expected to include a Security Information and Event Management (SIEM) solution, alternatively a Log Management solution with focus on incident support and/or detection of incidents based on correlation of events. The provider should also be a mature consumer and producer of threat intelligence, and actively using threat intelligence in security monitoring and incident handling. The log or SIEM-solution shall make the log material available to internal resources for further analysis.
Vis mer
The operation of the Norges Bank IT infrastructure and computing environment is outsourced to one large and a few small service providers.
The delivery is exempt from public disclosure pursuant to Section 13 of the Freedom of Information Act (cf. Section 12 of the Norges Bank Act).
Varighet: 084 måneder
Referansenummer: 46
Utførelsessted
Hovedsted eller utførelsessted: Oslo.

Juridisk, økonomisk, finansiell og teknisk informasjon
Vilkår for deltakelse
Egnethet til å utøve yrkesvirksomheten:
The supplier shall demonstrate satisfactory payment of tax and payment of value added tax.
— Company Registration Certificate and compliance with tax and VAT legislation.
— Company registration certificate and tax certificates must be presented.
Norway:
Tax certificate (RF-1244 Assessed by the Directory of Taxes) will be issued by the city treasurer/district treasurer where the provider has its headquarters and by the tax collector in the county concerned. The one certificate applies to direct taxes and the other certificate applies to value-added taxes. Therefore, two certificates must be submitted with the request for admission.
Vis mer
The tax certificate must not be more than 6 months old calculated from the day of the deadline for submission of the request for admission.
This will apply for all sub-contractors as well.
Other countries:
Corresponding certificates issued by the relevant authorities are required of foreign tenderers.
The supplier shall be a legally established enterprise.
— Norwegian suppliers: certificate of registration.
— Foreign suppliers: certificates showing that the enterprise is registered in an industry register or business register as prescribed by the legislation of the country in which the supplier is established.
The certificate shall include the current members of the board.
The supplier shall be legally established in a country that has an Agreement between the Government of said country and the Government of the Kingdom of Norway on the Exchange and Mutual Protection of Classified Information”, ‘sikkerhetsavtale’.
A certificate showing the supplier's and any sub-suppliers' legal ownership.
The supplier shall have in place a functioning HES system.
HES Self-declaration
Add a signed self-declaration regarding health, environment and safety in compliance with Annex 1 or 2 (1 version for Norwegian companies and one version for foreign companies). The declaration form is a part of this RFP document.
Økonomisk og finansiell stilling:
The supplier shall have the economic capacity to complete the assignment/contract.
Please provide the following information as evidence of economic and financial capacity:
Copies of the last annual report including annual accounting, audit report, as well as more recent financial data with relevance to the financial situation of the company.
Teknisk og faglig kapasitet:
Supplier shall have professional qualifications sufficient for performing tasks under the contract.
As evidence of supplier's technical or professional qualifications, the following documentation shall be submitted in accordance with Norges Bank's needs in Section 1.5:
1. A short summary (maximum 2 pages) of how the supplier is able to be in front in the managed security services business.
2. A description of the supplier's technical staff, both competence and number, and the technical units utilised by the supplier to fulfil the contract, whether or not they are a part of the candidate's enterprise.
3. A list of the most important and relevant deliveries (anonymized) in the past 3 years, including the business area of the customer, scope, value and date both to public and private sector. (Of special interest are central banks, banks and other financial institutions, governments, governmental institutions and critical infrastructure.)
Vis mer
4. A brief overview of your managed security services and any supporting products.
5. A description of the architecture of your MSS delivery capability, including elements in your security operations centre (SOC), data centre, network and our premises. Include and identify any elements that are delivered by your partners.
6. A brief description of the requirements Norges Bank's IT-service provider must comply with for the MSSP to be able to provide their services.
7. A brief description of how the service work flow integrates Norges Bank CSIRT, third party IT service provider and the service provider (the MSSP)
When answering 4, 5 and 6 please use a form like this in addition to a written answer. For each service list elements and requirements (row by row). See the RPI for form.
Requirement for a declaration of commitment
If the supplier wishes to utilise the capacity of other enterprises, the tenderer shall document to the principal that it will have access to the necessary resources, by submitting declarations of commitment signed by these enterprises.
Norges Bank will accept a maximum of 2 levels of subcontractors.
Storage and processing of customer data may take place in a country that has an Agreement between the Government of said country and the Government of the Kingdom of Norway on the Exchange and Mutual Protection of Classified Information”, ‘sikkerhetsavtale’.
Vis mer
In what country will data storage and processing of Norges Bank data take place?
Requirement for the protection of classified information.
The supplier must have a policy and routines for handling information classified as IN CONFIDENCE in accordance to The Norwegian Protection Instructions laid down by Royal Decree of 17.3.1972 and are subject to special security provisions. The ‘Contractor’ will have to sign a protective security agreement that regulate these requirements.
Vis mer
The supplier shall describe their policy and routines for handling and storing classified information on both company and employee level.
Requirement for supply chain security.
The service must be operational even if Norges Bank and/or the Service Provider are under attack and/or there is a local, national or global crisis where Internet is affected with reduced capacity, connectivity or other restrictions on the data traffic or restrictions on travel affecting the MSSP personnel or delivery of software and/or hardware or similar situations.
Vis mer
The supplier shall provide:
A statement by top management that the requested service is one of supplier's main business lines and will be for the duration of the contract, including the optional terms.
Documentation that the organisational nature and geographical location of supplier's supply chain are such that the supplier can meet the contracting entity's requirement for supply chain security.
Quality system
The supplier shall submit a copy of their quality system and a signed statement that the quality system is adhered to in general for the daily operation and especially for this agreement with the company and all sub-contractors.
Kontraktutførelse
Personalets navn og faglige kvalifikasjoner

Prosedyre
Minste antall kandidater: 3
Største antall kandidater: 5
Objektive utvelgelseskriterier:
Supplier shall have professional qualifications sufficient for performing tasks under the contract.
As evidence of supplier's technical or professional qualifications, the following documentation shall be submitted in accordance with Norges Bank's needs in Section 1.5:
1. A short summary (maximum 2 pages) of how the supplier is able to be in front in the managed security services business.
2. A description of the supplier's technical staff, both competence and number, and the technical units utilised by the supplier to fulfil the contract, whether or not they are a part of the candidate's enterprise.
3. A list of the most important and relevant deliveries (anonymized) in the past 3 years, including the business area of the customer, scope, value and date both to public and private sector. (Of special interest are central banks, banks and other financial institutions, governments, governmental institutions and critical infrastructure.)
Vis mer
4. A brief overview of your managed security services and any supporting products.
5. A description of the architecture of your MSS delivery capability, including elements in your security operations centre (SOC), data centre, network and our premises. Include and identify any elements that are delivered by your partners.
6. A brief description of the requirements Norges Bank's IT-service provider must comply with for the MSSP to be able to provide their services.
7. A brief description of how the service work flow integrates Norges Bank CSIRT, third party IT service provider and the service provider (the MSSP)
When answering 4, 5 and 6 please use a form like this in addition to a written answer. For each service list elements and requirements (row by row). See the RPI for form.
Requirement for a declaration of commitment
If the supplier wishes to utilise the capacity of other enterprises, the tenderer shall document to the principal that it will have access to the necessary resources, by submitting declarations of commitment signed by these enterprises.
Norges Bank will accept a maximum of 2 levels of subcontractors.
Storage and processing of customer data may take place in a country that has an Agreement between the Government of said country and the Government of the Kingdom of Norway on the Exchange and Mutual Protection of Classified Information”, ‘sikkerhetsavtale’.
Vis mer
In what country will data storage and processing of Norges Bank data take place?
Requirement for the protection of classified information.
The supplier must have a policy and routines for handling information classified as IN CONFIDENCE in accordance to The Norwegian Protection Instructions laid down by Royal Decree of 17.3.1972 and are subject to special security provisions. The ‘Contractor’ will have to sign a protective security agreement that regulate these requirements.
Vis mer
The supplier shall describe their policy and routines for handling and storing classified information on both company and employee level.
Requirement for supply chain security.
The service must be operational even if Norges Bank and/or the Service Provider are under attack and/or there is a local, national or global crisis where Internet is affected with reduced capacity, connectivity or other restrictions on the data traffic or restrictions on travel affecting the MSSP personnel or delivery of software and/or hardware or similar situations.
Vis mer
The supplier shall provide:
A statement by top management that the requested service is one of supplier's main business lines and will be for the duration of the contract, including the optional terms.
Documentation that the organisational nature and geographical location of supplier's supply chain are such that the supplier can meet the contracting entity's requirement for supply chain security.
Quality system
The supplier shall submit a copy of their quality system and a signed statement that the quality system is adhered to in general for the daily operation and especially for this agreement with the company and all sub-contractors.
Språk
Språk: engelsk 🗣️
Andre språk: Norwegian.

Oppdragsgiver
Identitet
Nasjonalt registreringsnummer: 937884117
Kontakt
Kontaktpunkt: Petter Bjørklund
Adresse til kjøperprofilen: https://kgv.doffin.no/ctm/Supplier/CompanyInformation/Index/3683 🌏
URL for dokumenter: https://kgv.doffin.no/ctm/Supplier/Documents/Folder/129421 🌏
Kilde: OJS 2015/S 056-098365 (2015-03-15)
Kunngjøring om tildeling av kontrakt (2015-12-18)
Gjenstand
Anskaffelsens omfang
Totalverdi for anskaffelsen: 65 000 000 💰
Metadata for kunngjøring
Dokumenttype: Kunngjøring om tildeling av kontrakt

Prosedyre
Tilbudstype: Ikke aktuelt

Oppdragsgiver
Identitet
Navn på tildelende myndighet: Norges Bank (The Bank of Norway)
Kontakt
E-post: mss@norges-bank.no 📧

Referanse
Datoer
Sendt dato: 2015-12-18 📅
Publiseringsdato: 2015-12-22 📅
Identifikatorer
Kunngjøringsnummer: 2015/S 247-450576
Refererer til kunngjøring: 2015/S 056-098365
OJ-S-utgave: 247

Prosedyre
Tildelingskriterier
Kriterium: 1. Proposed solution (50)
2. Competence and organisation (15)
3. Security requirements (10)
4. Costs (25)

Tildeling av kontrakt
Navn: Mnemonic AS
Postadresse: Wergelandsveien 25
Poststed: Oslo
Postnummer: 0167
Land: Norge 🇳🇴
Kilde: OJS 2015/S 247-450576 (2015-12-18)
Nye anskaffelser i relaterte kategorier 🆕
Relaterte søk 🔍
Produkter/tjenester:
Datatjenester: rådgivning,... Datatjenester Databehandling Dataanalyse Internett tjenester Tjenesteleverandør tjenester