The ekom21 - Kommunales Gebietsrechenzentrum Hessen is a corporation under public law according to the Hessian Data Processing Network Act (DV-VerbundG). It is the central IT service provider for the Hessian municipalities and their institutions. From its locations in Giessen, Darmstadt and Kassel, it provides its end customers with modern information and communication (ICT) services of all kinds.

The approximately 500 members in Hesse and other customers nationwide include about 29,000 end users from local governments and other public institutions, such as districts, cities, municipalities, municipal companies, special purpose associations, institutions, hospitals and homes. In the state sector, ekom21 looks after numerous regional associations, ministries and government presidencies. In total, ekom21 provides services for six million citizens.

The range of tasks at ekom21 is growing and changing continuously, which is accompanied by a steady increase in the number of employees. ekom21 currently employs around 720 people.

As a joint security offensive of the state of Hesse, the municipal umbrella associations of Hesse and ekom21, the Municipal Service Center for Cyber Security, KDLZ-CS for short, was launched in 2016. The KDLZ-CS makes its services available to the Hessian municipalities. The KDLZ-CS supports districts, cities and municipalities on an equal footing with the aim of continuously improving information security in the state of Hesse.

The aim of the procurement procedure is to conclude a framework agreement with an economic operator. The framework agreement is intended to enable the needs-based retrieval of information security consulting services without justification of an acceptance obligation.

In addition to ekom21, members of the association, the districts, cities, municipalities, administrative communities and special purpose associations in the federal state of Hesse and each including their legally independent and dependent institutions and associations and other forms of cooperation are entitled to receive funds.

The subject matter of the invitation to tender includes the following services:

• Advice on information security according to BSI-Grundschutz and BSI-KritisV

• Carrying out inventories at the customer's premises

• Development and presentation of recommendations for measures

• Preparation of a report with recommendations for action

• Development, presentation and documentation of security concepts

• Conducting audits

• Preparation, execution and evaluation of pentests (hardware, software, networks)

• Regular exchange with project management of the KDLZ-CS

The services to be carried out exclusively by the Contractor's own employees, the use of subcontractors and/or external specialists is not permitted.

Over the current term of the framework agreement (see Section II.2.7) of the notice), the client estimates a purchase quantity of approx. 150 person-days per year for senior consultants and approx. 40 person-days per year for junior consultants. The estimated total value is based on the experience of recent years, including estimated additional requirements.

More details can be found in the tender documents.