1. The subject of this order is the delivery and updating of software for the computerization and digitalization of the Hospital, along with maintenance services for email protection, EDR/XDR support, maintenance of the existing vulnerability management system (SIEM), and system protection for workstations and servers, as well as training for IT personnel within the framework of the project financed from the National Reconstruction and Resilience Plan (KPO). 2. A detailed description of the subject matter of the contract is specified in the OPZ (Appendix No. 1 to the SWZ) and in the model contract (Appendix No. 2 to the SWZ). CONDITIONS FOR PARTICIPATION IN THE PROCEDURE: 1.2.1. The Employer will consider the condition met if the Contractor proves that in the last 3 years before the deadline for submitting offers, and if the duration of business activity is shorter - during this period, he duly executed at least: 1) one delivery and implementation and launch of ESET PROTECT Enterprise (EDR and XDR) software or an equivalent solution; By equivalent solution to ESET PROTECT Enterprise (EDR and XDR) software, the Employer understands software that meets all the following minimum functional requirements: a. Assigning licenses to the Employer's account and providing a certificate issued by the manufacturer. b. The ability to check the duration of assigned licenses from the management console. c. Number of licenses: 316 pcs. d. Management console. e. Multi-layer protection of workstations and servers. f. Protection of the operating system, web browsers, email, and RAM. g. Ability to encrypt disks. h. Threat detection based on behavior analysis and reputation. i. Protection against malware of the ransomware type and zero-day attacks. j. Prevention of fileless attacks. k. Installable on workstations with Windows 10, Windows 11, Windows Server 2012R2 and later, macOS, Linux. l. Central management console for licenses, detected threats, workstations, users, files directed to quarantine. m. Real-time file protection. n. Protection of boot sectors, UEFI. o. Scanning of packed files. p. Threat detection using heuristic algorithms. q. Threat detection based on application reputation. r. Threat detection based on IP address reputation. s. Protection against network attacks (IDS). t. Protection against brute force attacks. u. Protection against botnets. v. Ability to define a so-called IP blacklist. w. Detection of intrusions for at least the following protocols: SMB, RCP, RDP. x. Blocking dangerous addresses upon detection of an attack. y. Ability to define exclusions for the above settings. z. Cooperation with Windows AD domain. aa. Remote configuration of workstations, the ability to define different policies for different groups of computers, servers, etc. bb. The possibility of remotely installing antivirus software via WMI. cc. The ability of remotely installing antivirus software via GPO. dd. The ability to scan on-demand indicated workstation or server. ee. The ability to scan during computer idle time. ff. The ability to scan when the computer/server is booting. gg. The ability to download antivirus system updates without requiring a constant Internet connection on workstations (e.g., through a proxy server, local update repository, or similar solution). hh. Monitoring the version of antivirus software and its modules, reporting in the management console. ii. Monitoring updates of the operating system, reporting in the management console. jj. Monitoring system events. kk. The ability to roll back the antivirus module update in case of errors or false alerts. ll. The ability to actively filter websites and emails. mm. The possibility to define exceptions for applications, selected sites, and IP addresses. nn. Protection against phishing attacks. oo. Ability to configure the system and user interface on workstations and servers from the central management console. pp. Sending alerts via email to designated addresses. qq. The ability to prepare an installation package for a selected group of devices with the required modules, configurations, and policies. rr. Module for analyzing data collected from workstations and servers for event correlation and threat profiling. ss. Reporting, in the form of a tree, detailed information regarding detected threats, including: type of threat, processes executed, identified threats, recognized undesirable interactions, reference to MITTRE ATT@CK, date of occurrence, date of detection of the event, recommended solutions and actions that will minimize or resolve the issue. tt. Ability to assign an automatic action taken by the system for similar occurrences (playbook). uu. Ability to generate a list of installed applications on workstations and servers along with threat analysis. vv. Ability to view and filter scripts executed on workstations or servers. ww. Ability to block unauthorized scripts and applications before execution. xx. Automatic removal of unwanted applications as part of the solutions used to eliminate detected threats. yy. The ability to block applications or scripts based on a user or computer group. zz. The ability to group computers based on the AD domain or manual settings. aaa. The ability to enable quarantine for an infected computer. bbb. The ability to connect to the management console using a web browser. ccc. The ability to upload commercial SSL certificates to servers responsible for the web console page. ddd. Detection of anomalies in the behaviors of workstations, programs, and scripts. eee. Detection of actions violating established policies. fff. Determining the level of threat based on rating points and alarm thresholds, after which...

LOT-0001
SZP/ZPZ/68/2026/KP
Delivery of antivirus software with EDR/XDR module, provision of integrated Security Operations Center services, and IT personnel training.
1. The subject of this order is the delivery and updating of software for the computerization and digitalization of the Hospital, along with maintenance services for email protection, EDR/XDR support, maintenance of the existing vulnerability management system (SIEM), and system protection for workstations and servers, as well as training for IT personnel within the framework of the project financed from the National Reconstruction and Resilience Plan (KPO). 2. A detailed description of the subject matter of the contract is specified in the OPZ (Appendix No. 1 to the SWZ) and in the model contract (Appendix No. 2 to the SWZ). The implementation period for the subject of the order is 38 months from the date of concluding the contract. The procedure is conducted in Polish. JUSTIFICATION FOR NOT DIVIDING INTO PARTS The Employer has dispensed with dividing the order into parts because the specificity of the subject matter of the order requires ensuring full technological and organizational coherence between the various elements of the cybersecurity system. The subject of the order includes both the supply and implementation of antivirus software with the EDR/XDR module, as well as the provision of services for maintaining the workstation protection system, administering the email system, administering the SIEM system, and proactively monitoring the IT infrastructure. The scope of these services constitutes functionally one cohesive process of ensuring the security of the Employer's information technology infrastructure. The various elements of the security system - in particular the EDR/XDR system, the SIEM system, the email system, and infrastructure monitoring - are closely linked and work together within one process of detecting, analyzing, and responding to security incidents. Dividing the order into parts could lead to excessive technical and organizational difficulties related to the integration of individual system components and the coordination of actions among multiple contractors. Particularly, it could result in a fragmentation of responsibility for handling security incidents, extended response times to events, and difficulties in ensuring a uniform operational model for security services. The Employer indicates that the services covered by the order should be provided in a model ensuring one contact point for reports, a unified incident handling system, joint response procedures, and uniform reporting in the implementation of services. Providing such an operational model in the case of executing individual elements of the order by different contractors would be significantly hindered. Additionally, the object of the order is carried out in the environment of a healthcare entity, in which information systems support critical processes related to the provision of health services. The implementation and maintenance of security systems must be conducted in a manner that ensures the continuity of operation of the IT infrastructure and minimizes the risk of disruptions to the operation of systems used in medical activities. Considering the technical and organizational reasons above, the Employer believes that execution of the order by one contractor will ensure proper coordination of work, technological consistency of the systems, and reduce operational risks associated with maintaining IT infrastructure. Consequently, the absence of dividing the order into parts should be regarded as a justified and rational solution.