In shaping and implementing information security in the state administration of Saxony-Anhalt, external consulting, support, and implementation services are needed for various areas of information security. This includes, for example:
The administration of the state of Saxony-Anhalt will need a wide range of services in the field of information security over the coming years. For this reason, four framework agreements are to be concluded via the here tendered four lots, from which the public authorities as project owners can individually place the specific service requirements needed as individual calls.
LOT-0001
1
Central and strategic development and improvement of ISMS, BCM, KRITIS.
In the context of Lot 1, a contractor is sought to support the central and strategic development of information security management, business continuity management, and crisis management for the contracting authorities in Saxony-Anhalt. The main objective of this lot is to advance and implement a long-term, sustainable, and integrated information security strategy for the state of Saxony-Anhalt that meets the special requirements of public institutions. The focus is on supporting the development of overarching concepts and guidelines that can serve as a basis for the operational implementation in Lot 2.
LOT-0002
2
Implementation of standard procedures for ISMS, BCM, and KRITIS.
This lot aims to ensure the operational implementation and ongoing operation of security and emergency management processes within the authorities or contracting entities of the state of Saxony-Anhalt. The service provider in this lot consults and supports the implementation and further development of security guidelines, risk management, emergency preparedness, and crisis management, taking into account the results from Lot 1 or existing implementations in the relevant fields.
LOT-0003
3
Security assessment (information security, audits, reviews, and certifications).
The subject of this lot concerns consultation and support as well as the implementation of measures to evaluate, further develop, and strengthen the information security of the contracting authorities. Support is provided for the systematic examination of organizational, technical, and personnel security measures regarding their effectiveness and compliance with relevant legal, normative, and internal requirements. The foundation is particularly based on the BSI-200 series, the BSI IT Basic Protection Compendium, the requirements of the NIS-2 Directive, the information security policies of the contracting authorities, and the guideline “Information Security in Public Administration” of the IT Planning Council.
LOT-0004
4
Training and awareness-raising measures.
The subject of this lot is the continuation of existing target group-specific training services as well as their content-related and didactic adaptation, the development of new formats, and participation in further awareness-raising measures. This includes, among other things, coordinated support by the contractor in training management and the potential integration of already tested training content from the existing training portfolio for reuse. The contractor is required to regularly adapt the content to be taught to current threat situations and technological developments and to the challenges in the everyday work of the contracting authorities. The services to be provided are based on the requirements of the BSI component ORP.3 “Awareness and Training on Information Security” as well as on the specifications of the NIS-2 Directive.