The ekom21 - Municipal Data Processing Center Hesse is a public law institution under the Hessian Data Processing Association Act (DV-VerbundG). It is a central IT service provider for the municipalities of Hesse and their institutions. From the locations in Gießen, Darmstadt, and Kassel, it comprehensively supplies its end customers with modern information and communication services (IuK) of all kinds. Among the approximately 500 members in Hesse and other customers nationwide are about 29,000 end users from local administrations and other public institutions, such as districts, cities, municipalities, municipal enterprises, associations, institutions, hospitals, and homes. In the state sector, ekom21 serves numerous state associations, ministries, and government presidencies. Overall, ekom21 provides services for six million citizens. The range of tasks for ekom21 is continuously growing and changing, leading to a steady increase in employee numbers. Currently, ekom21 employs around 850 staff members. As a joint security initiative of the state of Hesse, the municipal umbrella organizations of Hesse, and ekom21, the Municipal Service Center for Cybersecurity, short KDLZ-CS, was established in 2016. The KDLZ-CS provides its services to the municipalities of Hesse. The KDLZ-CS supports districts, cities, and municipalities on equal footing with the aim of continuously improving information security in the state of Hesse. For this purpose, eLearning for information security as well as for data protection and a phishing simulation are to be offered.

LOT-0000
Information Security Services 2025.
The aim of the procurement procedure is to conclude a framework agreement with an economic operator. The framework agreement is intended to allow for the demand-oriented call-off of information security services - without creating a purchase obligation. The items of the tender include the following services: • Consulting on information security according to BSI Basic Protection and BSI-KritisV • Conducting inventory assessments at the client • Development and presentation of recommended measures • Creation of a report with recommended measures • Development, presentation, and documentation of security concepts • Conducting audits • Preparation, execution, and evaluation of penetration tests (hardware, software, networks) • regular exchange with the project management of KDLZ-CS The services to be performed must be carried out exclusively by the contractor’s own employees; the use of subcontractors and/or external specialists is not permitted. The tender includes specifically the following services: • Consulting services for information security • eLearning on the topics of information security and data protection • Phishing simulations • Incident Response Service • Managed Services in the areas of Firewall, SOC, and SIEM • Identity and Access Management (IAM) • Digital Signing The services to be performed must be carried out exclusively by the contractor’s own employees; the use of subcontractors and/or external specialists is not permitted. Throughout the duration of the framework agreement, the contracting authority expects a maximum value of €25 million (net). The estimated total value is based on experiences from recent years including estimated additional needs. Further details can be found in the tender documents.