The IT department shall procure a new framework agreement for security monitoring the ICT services. The services will cover NAV's total infrastructure from data centre to clients.

The framework agreement shall, amongst other things, give ICT operations access to:

— 24/7 SOC (Security Operations Center);

— Log monitoring;

— IPS/IDS services;

— Web application firewall;

— Incident Response Team (IRT).

The framework agreement shall cover the need for security monitoring the current and future ICT services in NAV.

The contracting authority has planned to have requirements in the tender documentation for the working language and workplace in the contract period. The contracting authority believes it is relevant to provide guidance on this already in connection with the qualification documentation. The starting point for this guidance is to have a close cooperation between the contracting authority and the service provider.

— Norwegian shall be used with the contracting authority. This applies to reports, meetings, documentation, support and additional services that are provided for the contracting authority.

— As a starting point, assistance shall be carried out in the contracting authority's premises, unless otherwise agreed.

— The service must be provided from Norway and the data shall be stored in Norway. This is pursuant in the NAV Act § 10 as we have productions that are critical for society.

See the qualification documentation for further information.