1. I. The subject of the order is to ensure comprehensive cybersecurity for the Małopolska Voivodeship Office in Kraków (MUW in Kraków). The scope of the order includes the design, delivery, and implementation of a security system consisting of integrated solutions and systems, including: Next Generation Firewall (NGFW) gateways, Web Application Firewall (WAF) systems, integration with existing or delivery of new sandbox-class systems for malware analysis, as well as integration or purchase of anti-spam gateways with content filtering and phishing detection functions. An important element is also the implementation of a Multi-Factor Authentication (MFA) system, supporting both physical tokens and mobile applications, which will ensure strong user identity verification mechanisms. The order also includes the implementation of a Security Management Platform for consistent administration of security policy, and a centralized log collection and analysis system (log aggregator) for security incidents. For secure communication between the office locations, it is planned to implement encrypted VPN tunnels using specialized cryptographic devices, providing a secure data transmission channel between the MUW branch offices in Kraków - SD-WAN structure. To store data from the security systems, the supply of SAN/NAS-class disk arrays equipped with ransomware detection functions is planned, intended for launching security system components. The entire solution will be supported by high-performance Data Center class network switches, ensuring reliability, high throughput, and scalability of the infrastructure. The order also includes the provision of specialized technical support and implementation services necessary to ensure the continuity of critical infrastructure operation and compliance with national regulations regarding the protection of IT systems in public administration. The aim of executing the order is to significantly increase the resilience of the MUW IT system in Kraków against external and internal threats by eliminating security gaps, implementing advanced incident detection and response mechanisms, and increasing the level of control over IT resources. Increasing burdens resulting from new administrative tasks require expansion of computing resources and strengthening of infrastructure, which directly affects the efficiency of the MUW operations in Kraków and the safety of processed data. II. The scope of the order includes the design, purchase, and implementation of the security system: 1) Technical design, 2) Firewall (NGFW), 3) Firewall in Branch Offices - SD-WAN structure, 4) Sandbox System, 5) System using network encryptors (responsible for connecting the Primary and Backup Center), 6) Web Application Firewall (WAF) system, 7) Email protection system (anti-spam), 8) Multi-Factor Authentication (MFA) system with physical and mobile tokens, 9) Centralized log collection system (log aggregator) with security analysis, 10) Central security systems management system, 11) SAN-NAS type storage with ransomware detection for launching security system components, 12) Data Center class switches, 13) Implementation, configuration, and training, 14) As-built documentation. 2. A detailed description of the subject of the order and conditions for executing the order are specified in the attachments to the Terms of Reference: - attachment no. 1 to the Terms of Reference - description of the subject of the order, - attachment no. 2 to the Terms of Reference - proposed contract provisions.

LOT-0001
Design, delivery, and implementation of a comprehensive cybersecurity system along with Data Center infrastructure for the Małopolska Voivodeship Office in Kraków..
1. I. The subject of the order is to ensure comprehensive cybersecurity for the Małopolska Voivodeship Office in Kraków (MUW in Kraków). The scope of the order includes the design, delivery, and implementation of a security system consisting of integrated solutions and systems, including: Next Generation Firewall (NGFW) gateways, Web Application Firewall (WAF) systems, integration with existing or delivery of new sandbox-class systems for malware analysis, as well as integration or purchase of anti-spam gateways with content filtering and phishing detection functions. An important element is also the implementation of a Multi-Factor Authentication (MFA) system, supporting both physical tokens and mobile applications, which will ensure strong user identity verification mechanisms. The order also includes the implementation of a Security Management Platform for consistent administration of security policy, and a centralized log collection and analysis system (log aggregator) for security incidents. For secure communication between the office locations, it is planned to implement encrypted VPN tunnels using specialized cryptographic devices, providing a secure data transmission channel between the MUW branch offices in Kraków - SD-WAN structure. To store data from the security systems, the supply of SAN/NAS-class disk arrays equipped with ransomware detection functions is planned, intended for launching security system components. The entire solution will be supported by high-performance Data Center class network switches, ensuring reliability, high throughput, and scalability of the infrastructure. The order also includes the provision of specialized technical support and implementation services necessary to ensure the continuity of critical infrastructure operation and compliance with national regulations regarding the protection of IT systems in public administration. The aim of executing the order is to significantly increase the resilience of the MUW IT system in Kraków against external and internal threats by eliminating security gaps, implementing advanced incident detection and response mechanisms, and increasing the level of control over IT resources. Increasing burdens resulting from new administrative tasks require expansion of computing resources and strengthening of infrastructure, which directly affects the efficiency of the MUW operations in Kraków and the safety of processed data. II. The scope of the order includes the design, purchase, and implementation of the security system: 1) Technical design, 2) Firewall (NGFW), 3) Firewall in Branch Offices - SD-WAN structure, 4) Sandbox System, 5) System using network encryptors (responsible for connecting the Primary and Backup Center), 6) Web Application Firewall (WAF) system, 7) Email protection system (anti-spam), 8) Multi-Factor Authentication (MFA) system with physical and mobile tokens, 9) Centralized log collection system (log aggregator) with security analysis, 10) Central security systems management system, 11) SAN-NAS type storage with ransomware detection for launching security system components, 12) Data Center class switches, 13) Implementation, configuration, and training, 14) As-built documentation. 2. A detailed description of the subject of the order and conditions for executing the order are specified in the attachments to the Terms of Reference: - attachment no. 1 to the Terms of Reference - description of the subject of the order, - attachment no. 2 to the Terms of Reference - proposed contract provisions. 3. Deadline for execution of the order: 45 days from the signing of the agreement, but no later than December 15, 2025. The warranty and technical support period for the manufacturer, according to the description of the subject of the order for each system, according to attachment no. 1 to the Terms of Reference. 4. The offer binding period: The bidder remains bound by the offer until November 23, 2025, with the first day of the offer binding period being the day when the deadline for submitting offers expires. 5. The contracting authority, in accordance with Article 257 of the Act of September 11, 2019 - Public Procurement Law (consolidated text: Journal of Laws of 2024, item 1320), reserves the right to annul the procurement procedure if the public funds that the contracting authority intended to allocate for financing all or part of the order are not awarded to it.