The purpose of this Call for Tenders is to award Framework Agreements to up to 5 successful Tenderers (per each lot) for the provision of information security Services to support the Cybersecurity Division of the European Investment Bank Group. The services in scope include:
Lot 1 - Provision of IT Security Operations consultancy services;
Lot 2 - Provision of Business Continuity consultancy services;
Lot 3 - Provision of Information Protection and Identity and Access Management consultancy services; and
Lot 4 - Provision of IT Security Testing services.
For more details please refer to the procurement documents.

LOT-0001
Provision of IT Security Operations consultancy services.
The services in scope include:
• Security Engineering support, i.e. support regarding the incorporation and maintenance of security controls into the information system so that they become an integral part of the system’s operational capabilities;
• Security Monitoring support, i.e. assistance with regards to collecting and analysing indicators of potential security threats and triaging these threats with appropriate actions.

LOT-0002
Provision of Business Continuity consultancy services.
The services in scope include:
- Business Continuity support, i.e. support in planning, building, running and managing EIB’s enterprise-wide Business Continuity Management Operational Framework;
- ICT Disaster Recovery support, i.e. assistance in designing and implementing EIB’s enterprise-wide ICT resilience and Disaster Recovery Management programmes.

LOT-0003
Provision of Information Protection and Identity and Access Management consultancy services.
The services in scope include:
- Identity and Access Management support, i.e. assistance in the handling of end-users and technical teams’ requests related to access management, authentication management, recertification process, contribution to architectural design, optimization of operational processes, contribution to risk assessments;
- Information Protection Analyst support, i.e. assistance in conducting/defining feasibility studies, gap analysis, architectural design, governance and operational models in the different domains of the Information Protection such as information classification, data leakage prevention, information management, etc.

LOT-0004
Provision of IT Security Testing Services.
The services in scope include:
- IT Security Penetration Testing Services covering, but not limited to, EIB’s applications penetration testing, web and mobile applications, network penetration testing, social engineering including physical intrusion;
- Red and Purple Teaming support, i.e. assistance in designing and running structured and comprehensive scenario-based cyber incident testing on live systems using recognized frameworks (e.g., MITRE ATT@CK, CBEST...);
- IT Security Audit and Compliance support, i.e. assistance in testing the effectiveness of security controls and risk mitigations plans based on EIB’s Internal Control Framework (ICF).