CFT-1748 - CERBERUS - IT Security Operations and Testing, Business Continuity, Information Protection and Access Control Consultancy Services

The purpose of this Call for Tenders is to award Framework Agreements to up to 5 successful Tenderers (per each lot) for the provision of consultants and specific information security services to support the Cybersecurity Division of the Group Digital Office of the European Investment Bank. The services in scope …

CPV: 72000000 Servicios TI: consultoría, desarrollo de software, Internet y apoyo, 72253200 Servicios de apoyo a sistemas, 72254100 Servicios de prueba de sistemas, 72212732 Servicios de desarrollo de software de seguridad de datos, 72220000 Servicios de consultoría en sistemas y consultoría técnica, 72225000 Servicios de evaluación y revisión de la garantía de calidad del sistema, 72800000 Servicios de ensayo y auditoría informáticos, 72820000 Servicios de ensayo informático
Lugar de ejecución:
CFT-1748 - CERBERUS - IT Security Operations and Testing, Business Continuity, Information Protection and Access Control Consultancy Services
Organismo adjudicador:
European Investment Bank
Número de premio:
EIB/2024/OP/0002-PIN

1. Buyer

1.1 Buyer

Official name : European Investment Bank
Legal type of the buyer : EU institution, body or agency
Activity of the contracting authority : General public services

2. Procedure

2.1 Procedure

Title : CFT-1748 - CERBERUS - IT Security Operations and Testing, Business Continuity, Information Protection and Access Control Consultancy Services
Description : The purpose of this Call for Tenders is to award Framework Agreements to up to 5 successful Tenderers (per each lot) for the provision of consultants and specific information security services to support the Cybersecurity Division of the Group Digital Office of the European Investment Bank. The services in scope include: Lot 1, Provision of IT Security Operations Consultancy Services; Lot 2, Provision of Business Continuity Consultancy Services; Lot 3, Provision of Information Protection and Identity and Access Management Consultancy Services; and Lot 4, Provision of IT Security Testing Services.
Internal identifier : EIB/2024/OP/0002-PIN

2.1.1 Purpose

Main nature of the contract : Services
Main classification ( cpv ): 72000000 IT services: consulting, software development, Internet and support

2.1.3 Value

Estimated value excluding VAT : 53 000 000 Euro

2.1.4 General information

Additional information : This prior information notice announces the intention of the contracting authority to publish a future call for tenders. No other information or documents are available at this stage. Interested economic operators are invited to subscribe at the link https://ec.europa.eu/info/funding-tenders/opportunities/portal/screen/opportunities/tender-details/7305ab45-23b9-409e-8f56-b538c19232a6-PIN in order to get notified when the contract notice and all the procurement documents, including the tender specifications, are published.
Legal basis :
Regulation (EU, Euratom) 2018/1046

3. Part

3.1 Part technical ID : PAR-0001

Title : Provision of IT Security Operations consultancy services
Description : The services in scope include: - Security Engineering support, i.e. support regarding the incorporation and maintenance of security controls into the information system so that they become an integral part of the system’s operational capabilities; - Security Monitoring support, i.e. assistance with regards to collecting and analysing indicators of potential security threats and triaging these threats with appropriate actions.

3.1.1 Purpose

Main nature of the contract : Services
Main classification ( cpv ): 72000000 IT services: consulting, software development, Internet and support
Additional classification ( cpv ): 72212732 Data security software development services
Additional classification ( cpv ): 72220000 Systems and technical consultancy services
Additional classification ( cpv ): 72225000 System quality assurance assessment and review services
Additional classification ( cpv ): 72253200 Systems support services
Additional classification ( cpv ): 72800000 Computer audit and testing services
Additional classification ( cpv ): 72820000 Computer testing services
Additional classification ( cpv ): 72254100 Systems testing services

3.1.3 Duration

Duration : 72 Month

3.1.4 Value

Estimated value excluding VAT : 36 450 161 Euro

3.1.5 General information

Reserved participation :
The procurement is covered by the Government Procurement Agreement (GPA) : no

3.1.6 Procurement documents

3.1.8 Techniques

Framework agreement :
Framework agreement, without reopening of competition

3.1.9 Further information, mediation and review

Review organisation : Court of Justice of the European Union

3.1 Part technical ID : PAR-0002

Title : Provision of Business Continuity consultancy services
Description : The services in scope include: - Business Continuity support, i.e. support in planning, building, running and managing EIB’s enterprise-wide Business Continuity Management Operational Framework; - ICT Disaster Recovery support, i.e. assistance in designing and implementing EIB’s enterprise-wide ICT resilience and Disaster Recovery Management programmes.

3.1.1 Purpose

Main nature of the contract : Services
Main classification ( cpv ): 72000000 IT services: consulting, software development, Internet and support
Additional classification ( cpv ): 72212732 Data security software development services
Additional classification ( cpv ): 72220000 Systems and technical consultancy services
Additional classification ( cpv ): 72225000 System quality assurance assessment and review services
Additional classification ( cpv ): 72253200 Systems support services
Additional classification ( cpv ): 72254100 Systems testing services
Additional classification ( cpv ): 72800000 Computer audit and testing services
Additional classification ( cpv ): 72820000 Computer testing services

3.1.3 Duration

Duration : 72 Month

3.1.4 Value

Estimated value excluding VAT : 6 687 596 Euro

3.1.5 General information

Reserved participation :
The procurement is covered by the Government Procurement Agreement (GPA) : no

3.1.6 Procurement documents

3.1.8 Techniques

Framework agreement :
Framework agreement, without reopening of competition

3.1.9 Further information, mediation and review

Review organisation : Court of Justice of the European Union

3.1 Part technical ID : PAR-0003

Title : Provision of Information Protection and Identity and Access Management consultancy services
Description : The services in scope include: - Identity and Access Management support, i.e. assistance in the handling of end-users and technical teams’ requests related to access management, authentication management, recertification process, contribution to architectural design, optimization of operational processes, contribution to risk assessments; - Information Protection Analyst support, i.e. assistance in conducting/defining feasibility studies, gap analysis, architectural design, governance and operational models in the different domains of the Information Protection such as information classification, data leakage prevention, information management, etc.

3.1.1 Purpose

Main nature of the contract : Services
Main classification ( cpv ): 72000000 IT services: consulting, software development, Internet and support
Additional classification ( cpv ): 72212732 Data security software development services
Additional classification ( cpv ): 72220000 Systems and technical consultancy services
Additional classification ( cpv ): 72225000 System quality assurance assessment and review services
Additional classification ( cpv ): 72253200 Systems support services
Additional classification ( cpv ): 72254100 Systems testing services
Additional classification ( cpv ): 72800000 Computer audit and testing services
Additional classification ( cpv ): 72820000 Computer testing services

3.1.3 Duration

Duration : 72 Month

3.1.4 Value

Estimated value excluding VAT : 5 511 024 Euro

3.1.5 General information

Reserved participation :
The procurement is covered by the Government Procurement Agreement (GPA) : no

3.1.6 Procurement documents

3.1.8 Techniques

Framework agreement :
Framework agreement, without reopening of competition

3.1.9 Further information, mediation and review

Review organisation : Court of Justice of the European Union

3.1 Part technical ID : PAR-0004

Title : Provision of IT Security Testing Services
Description : The services in scope include: - IT Security Penetration Testing Services covering, but not limited to, EIB’s applications penetration testing, web and mobile applications, network penetration testing, social engineering including physical intrusion; - Red and Purple Teaming support, i.e. assistance in designing and running structured and comprehensive scenario-based cyber incident testing on live systems using recognized frameworks (e.g., MITRE ATT@CK, CBEST...); - IT Security Audit and Compliance support, i.e. assistance in testing the effectiveness of security controls and risk mitigations plans based on EIB’s Internal Control Framework (ICF).

3.1.1 Purpose

Main nature of the contract : Services
Main classification ( cpv ): 72000000 IT services: consulting, software development, Internet and support
Additional classification ( cpv ): 72212732 Data security software development services
Additional classification ( cpv ): 72220000 Systems and technical consultancy services
Additional classification ( cpv ): 72225000 System quality assurance assessment and review services
Additional classification ( cpv ): 72253200 Systems support services
Additional classification ( cpv ): 72254100 Systems testing services
Additional classification ( cpv ): 72800000 Computer audit and testing services
Additional classification ( cpv ): 72820000 Computer testing services

3.1.3 Duration

Duration : 72 Month

3.1.4 Value

Estimated value excluding VAT : 4 351 219 Euro

3.1.5 General information

Reserved participation :
The procurement is covered by the Government Procurement Agreement (GPA) : no

3.1.6 Procurement documents

3.1.8 Techniques

Framework agreement :
Framework agreement, with reopening of competition

3.1.9 Further information, mediation and review

Review organisation : Court of Justice of the European Union

8. Organisations

8.1 ORG-0001

Official name : European Investment Bank
Registration number : EIB
Postal address : 98-100 boulevard Konrad Adenauer
Town : Luxembourg
Postcode : L-2950
Country subdivision (NUTS) : Luxembourg ( LU000 )
Country : Luxembourg
Telephone : +352 43 79 1
Internet address : http://www.eib.org
Roles of this organisation :
Buyer

8.1 ORG-0002

Official name : Court of Justice of the European Union
Registration number : CURIA
Postal address : Rue du Fort Niedergrünewald
Town : Luxembourg
Postcode : L-2925
Country subdivision (NUTS) : Luxembourg ( LU000 )
Country : Luxembourg
Telephone : +352 4303-1
Internet address : http://curia.europa.eu
Roles of this organisation :
Review organisation

8.1 ORG-0003

Official name : European Commission
Registration number : EUCOM
Postal address : Mondrian (CDMA), Rue du Champ de Mars 21
Town : Brussels
Postcode : B-1050
Country subdivision (NUTS) : Arr. de Bruxelles-Capitale/Arr. Brussel-Hoofdstad ( BE100 )
Country : Belgium
Telephone : +32 2 299 11 11
Roles of this organisation :
TED eSender

10. Change

Version of the previous notice to be changed : a40b52e0-05fd-4ef0-afef-b794fcf57e1c-01
Main reason for change : Information updated
Description : The estimated date of publication of the contract notice has been updated.

11. Notice information

11.1 Notice information

Notice identifier/version : 830ae6e3-1d87-4b61-a8b6-28145774bd1b - 01
Form type : Planning
Notice type : Prior information notice or a periodic indicative notice used only for information
Notice dispatch date : 22/11/2024 11:11 +01:00
Languages in which this notice is officially available : English

11.2 Publication information

Notice publication number : 00715587-2024
OJ S issue number : 229/2024
Publication date : 25/11/2024
Estimated date of publication of a contract notice within this procedure : 04/02/2025