Provision of ICT Coordination, Cyber and Information Security, Quality and Information Management Services

Contract Value:: EUR 460K - 460K
Notice Type:: Contract award notice

Published Date:: 28 November 2023
Closing Date:

Location(s):: BE1 RÉGION DE BRUXELLES-CAPITALE/BRUSSELS HOOFDSTEDELIJK GEWEST (BE Belgium/BELGIQUE-BELGIË)

Description:

The purpose of this call is to obtain the following services:

— ICT coordination services;

— occasional support services on the topics of cyber and information security, necessary to secure conformance with regulations including EU 2019/881 and ENISA tools, any upcoming rules in the area EU regulation and conformance with SESAR 3 JU security, information management and documentation policies, (including compliance with Regulation (EU) 2018/1725 (EUDPR); and

— quality management services, covering quality and information management activities, suitable to maintain and evolve SESAR 3 JU’s established quality management system (QMS) compliant with its quality policy and best industry practice standards (ISO 9001 etc.), and to provide the administrator support for an existing information management system (IDMS) hosted on SharePoint with its distributed site manager configuration.

Cyber and Information Security Services

Lot 2 will result in an award of a framework service contract.

Services to be provided to SESAR 3 JU shall be performed in English and may include, but not be limited to:

a) cyber and information security expertise: to develop an understanding of SESAR 3 JU ICT and information configuration and the associated security requirements (data protection, security obligations and organisational needs) in order to create and maintain a SESAR 3 JU cybersecurity strategy and plan. Then to systematically monitor and assess the preparedness to threats, ensure that mitigations are in place, suitable recovery scenarios are available and SESAR 3 JU staff and contractors are appropriately trained;

b) data protection expertise: in order to show compliance with the regulations applicable to SESAR 3 JU (EUDPR). The contractor shall contribute substantially to the performance of large data protection impact assessments (DPIAs) that would be unable to be performed with limited resources available in SESAR 3 JU (e.g. transition of the SESAR 3 JUs existing on premise SharePoint implementation to SharePoint in the cloud, integrated with MS TEAMS). These assessments shall analyse, identify and minimise the data protection risks resulting from proposed evolution/changes in the ICT and Information management of SESAR 3 JU;

c) ICT business continuity: linked closely with the cyber and information security management services above, is the need to ensure the ICT part of SESAR 3 JU business continuity management plan is kept up to date. Specifically, that the plan contains an appropriate set of assessed scenarios (involving ICT) the consequences and actions to be taken by the organisation and clear instructions for all persons working at or with SESAR 3 JU should the plan need to be made live. The SESAR 3 JU already has such a plan dating from 2016, the responsibility of the selected contractor is to begin with a review, propose updates and provide content to SESAR 3 JU that will refresh the plan, including providing related SESAR 3 JU staff training, as appropriate. Linked to the cyber security point above, the future contractor may also be invited to perform penetration tests in support of testing the cyber and business continuity arrangements.

Awarded to:: Cyber and Information Security Services; Deloitte Consulting & Advisory BV, Zaventem (BE)

: Download full details as .pdf

The Buyer:: Single European Sky ATM Research 3 Joint Undertaking (SESAR)

CPV Code(s):: 72000000 - IT services: consulting, software development, Internet and support