Information Security

Norsk Tipping AS

Norsk Tipping shall enter into a framework agreement with up to 4 tenderers for information security. 1: Strategic consulting cyber security 2: Security testing 3: Cyber security exercises 4: Security competence, security audits and consultancy ISO27001, 27017, OWASP etc. Norsk Tipping is certified in accordance with ISO 27001 and WLA SCS, and requires consultancy services that ensure that the company complies with these standards and ensures stable and secure operation of our IT services.

Frist

Fristen for mottak av tilbud var 2025-05-21. Anskaffelsen ble publisert 2025-04-15.

Hvem?

• Norsk Tipping AS

Hva?

Hvor?

• Innlandet › Innlandet

Anskaffelseshistorikk

Dato	Dokument
2025-04-15	Kunngjøring av konkurranse

Kunngjøring av konkurranse (2025-04-15)
Gjenstand
Anskaffelsens omfang
Tittel: Information Security
Referansenummer: NT-25-0100
Kort beskrivelse:

Kontrakttype: Tjenester
Produkter/tjenester: Datatjenester: rådgivning, programvareutvikling, internett og systemstøtte 📦
Informasjon om delkontrakter
Denne kontrakten er delt opp i delkontrakter ✅

1️⃣
Intern identifikator: 1655232
Tittel: Tender documentation
Beskrivelse av anskaffelsen:

The aim of this procurement is to enter into a consultancy agreement with one or several tenderers within information security.

Tilleggsprodukter/-tjenester:

Bedriftsrådgivning og administrativ rådgivning 📦

Forretningstjenester: lov, reklame, rådgiving, ansettelse, trykking og sikkerhet 📦

Konsulentvirksomhet i forbindelse med utvikling 📦

Systemtjenester og tekniske konsulenttjenester 📦

By: Hamar
Land: Norge 🇳🇴
Utførelsessted: Innlandet 🏙️
Varighet
Startdato: 2025-07-01 📅
Sluttdato: 2028-06-30 📅
Beskrivelse
Maksimalt antall fornyelser: 1
Annen informasjon om fornyelser: Up to one year
Informasjon om elektroniske kataloger
Tilbud må presenteres i form av elektroniske kataloger eller inkludere en elektronisk katalog
Tittel
Identifikasjonsnummer for delkontrakt: LOT-0001

2️⃣
Intern identifikator: 1690052
Tittel: SUB AREA 1
Beskrivelse av anskaffelsen:

The aim of the agreement is to continually assist the company with strategic competence, consultancy, including assisting Norsk Tipping's Board of Directors, Security Committee and Security Environment etc. Norsk Tipping would like to enter into a contract for strategic consultancy in the areas of management and control with information security, cyber security, threat assessments, strengthening the company's management system for information security etc.

Tittel
Identifikasjonsnummer for delkontrakt: LOT-0002

3️⃣
Intern identifikator: 1690053
Tittel: SUB AREA 2
Beskrivelse av anskaffelsen:

The aim of the procurement is to cover Norsk Tipping ́s need for testing within main security. This area includes general testing of defence systems, but also testing quality, resilience and robustness of both the existing and new codes, systems and equipment. Norsk Tipping emphasises the entire KIT triad and would like, through testing, to gain knowledge of the condition and what measures must be taken to increase the safety of the test object and the system included in this object.

Tittel
Identifikasjonsnummer for delkontrakt: LOT-0003

4️⃣
Intern identifikator: 1690054
Tittel: SUB AREA 3
Beskrivelse av anskaffelsen:

The aim of the contract is to see to the company ́s need for training, training and competence of Norsk Tipping ́s employees within information security. The aim of this is to increase the company's competence in the area and safeguard the relevant ISO 27001 requirements that are imposed on the company through its certification.

Tittel
Identifikasjonsnummer for delkontrakt: LOT-0004

5️⃣
Intern identifikator: 1690055
Tittel: SUB AREA 4
Beskrivelse av anskaffelsen:

"We have strengthened the quality of the company's business critical processes". Norsk Tipping's business critical processes consist of: 1) Sales of Games 2) Payment of prizes 3) Implementation of game 4) Responsible gambling activities Norwegian betting currently uses a tool to maintain an overview of employees ́ implementation of obligatory and voluntary courses in security competence and instructions. The tool is also used for mapping employees ́ insight and understanding of e.g. a safety culture. Norsk Tipping is in addition to being certified iht. ISO 27001 standard, also as the only company in Norway certified in accordance with WLA SCS. In order to obtain WLA certification, iso 27001 certification must be at the bottom. It is a prerequisite that our contract supplier understands the WLA standard well enough to assist Norsk Tipping with consultancy services, but does not expect expert competence within the WLA standard.

Tittel
Identifikasjonsnummer for delkontrakt: LOT-0005

Prosedyre
Prosedyretype
Åpen anbudskonkurranse ✅
Rettslig grunnlag: Direktiv 2014/24/EU
Administrativ informasjon
Frist for mottak av tilbud eller forespørsler om deltakelse: 2025-05-21 10:00:58 📅
Vilkår for åpning av tilbud: 2025-05-21 10:01:00 📅
Vilkår for åpning av tilbud (sted): Hamar
Språk som tilbud eller forespørsler om deltakelse kan sendes inn på: norsk 🗣️
Minste tidsramme som tilbyderen må opprettholde tilbudet i: 101 dager
Informasjon om en rammeavtale eller en dynamisk innkjøpsordning
Rammeavtale med flere leverandører ✅
Anbudsvilkår
Avansert eller kvalifisert elektronisk signatur eller segl (som definert i forordning (EU) nr. 910/2014) er påkrevd
Åpningsdato: 2025-05-21 10:01:00 📅
Sted: Hamar
Elektronisk katalog: Tillatt
Elektronisk fakturering: Påkrevd
Elektronisk bestilling vil bli brukt ✅
Elektronisk betaling vil bli brukt ✅
Frist for å be om tilleggsinformasjon: 2025-05-11 22:00:00 📅

Juridisk, økonomisk, finansiell og teknisk informasjon
Økonomisk og finansiell stilling
Liste og kort beskrivelse av utvelgelseskriterier:

Annual accounts and credit rating (rating).: Requirement: Tenderers shall have satisfactory finances. • Documentation requirement: Income statement and balance with notes, as well as annual reports and auditor ́s report for the last year. In addition a cash flow statement is required for the companies that are obliged to set this up. • Credit evaluation/rating, not older than 6 months from the tender deadline. • If it is more than 6 months since the balance sheet for the last annual accounts, the sub-year accounts must be enclosed. • Any other information of relevance to the company's fiscal figures. • If a tenderer, for a justifiable reason, cannot present the documentation that Norsk Tipping has requested, he can prove his economic and financial style with any other document that the contracting authority can accept. If the tenderer has such a justifiable reason, he may contact Norsk Tipping in writing in order to clarify which other documentation is acceptable.

Vilkår for deltakelse
Liste og kort beskrivelse av vilkår:

Registered in a trade register or company register.: Tenderers are registered in a company register or a trade register in the member state in which the tenderer is established. As described in annex XI of directive 2014/24/EU; suppliers from certain member states may have to fulfil other requirements in the mentioned annex. Requirement: The tenderer shall be a legally established company. Foreign companies: Proof that the company is registered in a trade or business register as prescribed by the law of the country where the tenderer is established.

Teknisk og faglig kapasitet
Liste og kort beskrivelse av utvelgelseskriterier:

Information Security System: Sub-area 1 - Strategic consulting cyber security Requirement: • Tenderers shall have a satisfactory and well-functioning management system for information security. The information security system must cover all processes that are relevant for this contract and be compliant with ISO 27001 or equivalent standard. Relevant processes are in this context defined as i.a. the purpose and need of the sub area, see annex 1 chapter 2. Documentation requirement: • To document this, a description shall be enclosed of the tenderer's management system for information security (policy, procedures and guidelines), possibly enclose an ISO 27001 certificate. Lot 2 - Security testing No qualification requirements for a management system for information security. Sub-area 3 - Cyber security exercises Requirement: • Tenderers shall have a satisfactory and well-functioning management system for information security. The information security system must cover all processes that are relevant for this contract and be compliant with ISO 27001 or equivalent standard. Relevant processes are in this context defined as i.a. the purpose and need of the sub area, see annex 1 chapter 2. Documentation requirement : • To document this, a description shall be enclosed of the tenderer's management system for information security (policy, procedures and guidelines), possibly enclose an ISO 27001 certificate Sub-area 4 - Security competence, consultancy and security audits Requirement: • The tenderer shall have a satisfactory and well-functioning system for information security, as well as be certified in accordance with ISO 27001. The information security system must cover all processes that are relevant for this contract. Relevant processes are in this context defined as i.a. the purpose and need of the sub area, see annex 1 chapter 2. Documentation requirement: • To document this, enclose a valid ISO 27001 certificate.

Vilkår for deltakelse
Utestengelsesgrunn:

Akkord med kreditorer

Avtaler med andre økonomiske aktører som har til formål å vri konkurransen

Barnearbeid og andre former for menneskehandel

+ 20 til

Bedrageri

Betaling av skatter

Betaling av trygdeavgifter

Brudd på forpliktelser på arbeidsrettens område

Brudd på forpliktelser på miljørettens område

Brudd på forpliktelser på sosialrettens område

Deltakelse i en kriminell organisasjon

Direkte eller indirekte deltakelse i forberedelsen av denne anskaffelsen

Eiendeler under administrasjon av bobestyrer

Forretningsvirksomheten er suspendert

Hvitvasking eller terrorfinansiering

Insolvens

Interessekonflikt på grunn av deltakelse i anskaffelsesprosedyren

Konkurs

Korrupsjon

Situasjon tilsvarende konkurs etter nasjonal lovgivning

Skyldig i alvorlige feil i yrkesutøvelsen

Skyldig i uriktig fremstilling, tilbakeholdt informasjon, ute av stand til å fremlegge nødvendige dokumenter og innhentet konfidensiell informasjon om denne prosedyren

Terrorhandlinger eller handlinger knyttet til terrorvirksomhet

Tidlig heving, erstatning eller andre sammenlignbare sanksjoner

Beskrivelse av utelukkelsesgrunner:

Is the supplier in a situation where he has been forced debt arrangement? Specify why, under the mentioned circumstances, one is able to carry out the contract, considering the current national provisions and measures for continuing the business activities? It is not necessary to provide this information if rejection of tenderers made mandatory in accordance with the current national law without the possibility for exceptions.

Is the tenderer in a bankruptcy situation? Specify why, under the mentioned circumstances, one is able to carry out the contract, considering the current national provisions and measures for continuing the business activities? It is not necessary to provide this information if rejection of tenderers made mandatory in accordance with the current national law without the possibility for exceptions.

Is the tenderer himself or a person, who is a member of the tenderer's administration, management or supervisory body or has the competence to represent or control or make decisions in such bodies,…

… in the event a enforceable verdict has been convicted of corruption by a verdict handed down not more than five years ago, or a rejection period determined directly in the judgement that still applies? Corruption as defined in Article 3 of the Convention on Combating Corruption, Involving European Communities or European Union Member States (EUT C 195 of 25.6.1997, s. 1), and in Article 2, point 1, in the Council ́s framework decision 2003/568/RIA of 22 July 2003 on combating corruption in the private sector (EUT L 192 of 31.7.2003, p. 54). This rejection reason also includes corruption as defined in national law for the contracting authority or supplier.

… at the time a legally convicted verdict of participation in a criminal organisation by a verdict handed down no more than five years ago, or a rejection period set out directly in the judgement that still applies? Participation in a criminal organisation as defined in Article 2 of the Council ́s framework decision 2008/841/RIA of 24 October 2008 on control of organised crime (EUT L 300 of 11.11.2008, p. 42)

Has the tenderer entered into agreement(s) with other tenderers with the intention of turning the competition?

Is the tenderer aware of breaches of environmental provisions as stated in national law, the relevant notice or procurement documents or Article 18 (2) of Directive 2014/24/EU.

… in the event a legal verdict has been convicted of money laundering or financing terrorism by a verdict handed down no more than five years ago, or a rejection period set out directly in the judgement that still applies? Money laundering or financing terrorism As defined in Article 1 of the European Parliament and Council Directive 2005/60/EF of 26 October 2005 on preventive measures against the use of the financial system for money laundering and financing terrorism (EUT L 309 of 25.11.2005, p. 15).

… at the time a legally convicted of fraud has been convicted of fraud by a verdict handed down not more than five years ago, or a rejection period determined directly in the judgement that still applies? Fraud included in Article 1 of the Convention on protection of the Financial Interests of the European Communities (EFT C 316 of 27.11.1995, p. 48).

… in the event a legal verdict has been convicted of child labour and other forms of human trafficking by a verdict handed down no more than five years ago, or a rejection period determined directly in the judgement that still applies? Child labour and other forms of human trafficking as defined in Article 2 of the European Parliament and council directive 2011/36/EU of 5. 1 April 2011 on the prevention and control of human trafficking and the protection of its victims and for compensation of the Council ́s framework decision 2002/629/RIA (EUT L 101 of 15.4.2011, p. 1).

Is the tenderer in an insolvency situation? Specify why, under the mentioned circumstances, one is able to carry out the contract, considering the current national provisions and measures for continuing the business activities? It is not necessary to provide this information if rejection of tenderers made mandatory in accordance with the current national law without the possibility for exceptions.

Is the tenderer aware of breaches of provisions on working conditions as stated in national law, the relevant notice or procurement documents or Article 18 (2) of Directive 2014/24/EU.

Specify why, under the mentioned circumstances, one is able to carry out the contract, considering the current national provisions and measures for continuing the business activities? It is not necessary to provide this information if rejection of tenderers made mandatory in accordance with the current national law without the possibility for exceptions.

Has the tenderer: a) given grossly incorrect information with the notification of the information required to verify that there is no basis for rejection, or of the qualification requirements being fulfilled, b) failed to provide such information, c) made reservations immediately to present the supporting documents requested by the contracting authority, or d) improperly affected the contracting authority ́s decision process to acquire confidential information that could give this an unlawful advantage in connection with competition, or negligently has given misleading information that can have a significant influence on decisions on rejection, selection or award?

Are tenderers aware of a conflict of interest as stated in national law, the relevant notice or procurement documents?

Has the tenderer or an entity associated with the supplier advised the contracting authority or in another way been involved in the planning of the competition?

Has the tenderer committed serious errors in professional practice? If relevant, see the definitions in national law, the relevant notice or procurement documents.

Has the tenderer committed significant breaches of contract in connection with the fulfilment of a previous public contract, a previous contract with a public contracting authority or a previous concession contract, where the breach has led to the cancellation of the contract, compensation or other similar sanctions?

Is the tenderer aware of breaches of provisions on social conditions as stated in national law, the relevant notice or procurement documents or Article 18 (2) of Directive 2014/24/EU.

Have tenderers failed to fulfil all their social security obligations in the country where they are established and in their member state, if this is a different country than what he is established in?

Has the tenderer not fulfilled his tax and duty obligations in the country in which he is established, and in the contracting authority's member state, if this is a different country than what he is established in?

Is the tenderer himself or a person, who is a member of the tenderer's administration, management or supervisory body, or has the competence to represent or control or make decisions in such bodies, in the event a legal verdict has been convicted of acts of terrorism or criminal acts connected to terrorist activities by a verdict handed down no more than five years ago, or a rejection period set out directly in the judgement that still applies? Acts of terrorism or criminal acts relating to terrorist activity as defined in Article 1 and 3 of the Council ́s framework decision 2002/475/RIA of 13 June 2002 on combating terrorism (EFT L 164, af 22.6.2002, p. 3). This rejection reason also includes incitement to, participation or attempts to commit such actions as included in Article 4 in the mentioned framework decision.

Oppdragsgiver
Navn og adresser
Navn: Norsk Tipping AS
Nasjonalt registreringsnummer: 925836613
Avdeling: Norsk Tipping AS
Postadresse: Postboks 4414
Postnummer: 2325
Poststed: Hamar
Land: Norge 🇳🇴
Kontaktpunkt: Jonas Aune
E-post: jonas.aune@norsk-tipping.no 📧
Telefon: +47 62514000 📞
URL: http://www.norsk-tipping.no 🌏
Type oppdragsgiver
Offentligrettslig organ
Hovedaktivitet
Alminnelige offentlige tjenester
Kommunikasjon
URL for dokumenter: https://tendsign.com/doc.aspx?MeFormsNoticeId=55209 🌏
Deltakelses-URL: https://tendsign.com/doc.aspx?MeFormsNoticeId=55209&GoTo=Tender 🌏
Elektronisk innsending: Påkrevd

Utfyllende informasjon
Klageinstans
Navn: Østre Innlandet tingrett
Nasjonalt registreringsnummer: 926 723 669
Postadresse: Postboks 4450
Postnummer: 2326
Poststed: Hamar
Region: Innlandet 🏙️
Land: Norge 🇳🇴
E-post: ostre.innlandet.tingrett@domstol.no 📧
Telefon: 62 78 27 00 📞
URL: https://www.domstol.no/no/domstoler/tingrett/ostre-innlandet-tingrett/ 🌏
Informasjon om elektroniske arbeidsflyter
Elektronisk fakturering vil bli akseptert
Kilde: OJS 2025/S 076-251389 (2025-04-15)

Nye anskaffelser i relaterte kategorier 🆕

Datatjenester: rådgivning, programvareutvikling, internett og systemstøtte (>20 nye anskaffelser)