National portal for digital security

Kort beskrivelse

The Norwegian National Security Authority (NSM) is Norway ́s directorate for preventive safety. NSM makes up, together with the Intelligence Service and the Police Security Service (PST), Norway ́s three intelligence surveillance and security services. The directorate's main task is to improve Norway's ability to protect against snooping, sabotage, terror and compound threats. Through consultancy, control activities, inspections, testing and research, NSM contributes to ensuring civil and military information, systems, objects and infrastructure of importance to national security. NSM is responsible for a national warning system (VDI) that shall uncover and notify about cyber operations against digital infrastructure. NSM also has a national responsibility to coordinate the handling of serious cyber operations. The National Cyber Security Centre (NCSC) is a part of NSM. NSM is administratively subject to the Ministry of Justice and Emergency Services, at the same time that the Ministry of Defence has instructions to the NSM in cases of their area of responsibility. The Government will launch a national portal for digital security where advice from the authorities gather. The portal shall be a common gateway for different user groups, but designed so that everyone gets uniform advice suitable for their user group. This is without a prior knowledge of roles and responsibilities within the area. NSM shall manage and coordinate the work on the portal, in close cooperation with the relevant authorities and any other actors. Denmark, Australia and the United Kingdom have similar portals on digital security. Other public services that may be relevant to refer to that also share information from several authorities are norge.no and ung.no.The Digitalisation Council has previously shared recommendations for the project and the recommendations can be found here: National Security Authority: Authority Portal | Digdir Insight work beyond this will be shared with the tenderer during the execution of this assignment. See the nsm.no for general information advice and guidance from NSM on digital security. See also information in the National Cyber Security Centre - National Security Authority. NSM envisages a gradual development after flexible methodology, with the ambition of launching a first version, a so-called MVP (Minimum Viable Product), already in the summer/autumn of 2025.NSM envisages that the use of artificial intelligence (KI) and that a reporting service (warning to the authorities) will be part of the solution within one year.

Hovedtrekk ved prosedyren

NSM needs a tenderer who, in close cooperation with NSM, can develop a new national portal for digital security. The following will be the needs that shall be covered by deliveries under this agreement: The national portal for digital security shall be a gateway for each inhabitant, small and medium sized businesses, municipalities, owners of critical infrastructure and authorities so that everyone has uniform advice suitable for their target group, without a prerequisite knowledge of roles and responsibilities within the digital security area. The portal must be user oriented and user friendly. The portal shall be able to view content from several different sources and the user shall be able to click on themselves further and end up to the owner of the content. Publication in the portal shall be editor managed. The content shall be easily found by utilising search engine optimisation. The system shall allow users to notify the authorities through the portal. Notification to the authorities is not included in the first mvp, but the tenderer's concept must be described The portal shall comply with orders and recommendations on digitalisation of the public sector given in the government's digitalisation strategy and in the digitisation circularHosting of the solution is not a part of this agreement. Tenderers must maintain the development environment themselves, whilst the final product shall be coughed at NBMS hosting provider Redpill Linpro. Alternatively, the service provider must justify why another hosting provider is proposed. The solution should be movable (e.g. by being container based) and independent of underlying hosting environments in order to enable moving between hosting environments over the portal ́s lifetime. Each user shall be able to subscribe to and get notifications in accordance with stated interestsThe individual actors who publish on the authority portal must be able to notify with different degrees of importance and to selected user groupsThere shall be facilitated for the use of new technology in the system, e.g. the KI-assistant.KI-assist shall be able to train to only extract data from NSM specified domains. The aim of the KI assist is to enable the user to find the right information without any notable prior knowledge of the regulations in the government sector The supplier must have documented experience with working product orientes and flexible, and offer a team that has all the roles required to bring out a new product.  A description of the team and need for competence for both the first mvp development phase, but also the subsequent continual improvement phase of a product in production, must be described. Tenders shall include CVs for the consultants who are offered. Tenderers must be able to document the execution of similar assignments previously for Norwegian customers and have a methodology that can be reused in this assignment as they present in the tender offer. The assignments that are used as references shall have a gender neutral preferred at the customer. The supplier ́s recommended strategy for how the product shall tolerate technology changes in the next five years shall be included. The tenderer ́s draft of the plan with the launch of the first version in summer/autumn 2025, as well as proposals for continual improvements throughout 2025 shall be submitted with the tender. The tenderer ́s proposal for a system shall meet the requirements in the law and regulations on universal design. It must be arranged for the portal to show all content in all Norwegian official languages (Bokmål, Nynorsk and Sami). The system being developed shall be developed with built-in security and built-in privacy. Tenderers must belong to a country that Norway have a security cooperation with. The contract is for the development of the portal up until the first launch, as well as further development with prioritised functionality as determined together with NSM. The tenderer must also be able to take responsibility for administering the system in the period from launching to the end of the agreement period. The agreement period is one year. The cost of the first version is estimated by the tenderer, but the annual cost must not exceed NOK 2.2 million excluding VAT per annum for further development and management. The operation of the service will be carried out by NBMS ́s hosting provider and it is not included in this agreement. The assignment will run continuously within the time frame, but the volume of procurements in periods will follow the joint agreed plan. The tenderer ́s personnel will not be able to reckon on working on development assignments in the period from 1 July to 15 August or in the Christmas room.

Liste og kort beskrivelse av regler og kriterier

Tenderers are registered in a company register or a trade register in the member state in which the tenderer is established. As described in annex XI of directive 2014/24/EU; suppliers from certain member states may have to fulfil other requirements in the mentioned annex.