PENETRATION TESTING SERVICES

Concepts

• wokingham
• networking, internet and intranet
• security testing
• localised testing
• testing
• a penetration testing service provider
• web-app or infrastructure testing
• their own penetration testing framework
• penetration testers
• check accredited penetration testers

Location

United Kingdom:

Description

As part of the separation from National Grid Group and transformation into NESO under UK Government ownership, NESO are looking to create their own penetration testing framework to ensure that we can provide assurance over the security of our systems and provide a secure service to Great Britain. To achieve this, NESO requires a penetration testing panel of at least three members who can provide in-depth penetration testing services, covering a range of localised testing, such as web-app or infrastructure testing, as well as simulated attack exercises.

Total Quantity or Scope

NESO require a penetration testing service provider that can: Provide Infrastructure, Web Application, API and Web Application security testing. Provide simulated attack exercising services (Purple/Red Teams). Provide CHECK accredited penetration testers to complete testing. Where necessary, provide penetration testers who have achieved UK Gov Security Clearance Provide highly accurate reporting of vulnerabilities within the in-scope systems. Provide resource for testing with a no longer than 1 month lead time. Provide resource with knowledge and experience of testing on Critical National Infrastructure (CNI) environments, and the risk associated, where applicable to the scope of testing. Additional information: Contract duration Flexible, agile framework contract that can be scaled-up or down based on business requirements. Compliance with the Utilities Contracts Regulations 2016 Initial contract duration 3-year contract, with the possibility for 2 one year contract extensions Participation requirements: All suppliers wishing to participate in the tender process must register with Achilles via the UVDB code 2.1.23-Cyber security consulting or services for the event by the 31st January 2025.

CPV Codes

• 48200000 - Networking, Internet and intranet software package
• 48400000 - Business transaction and personal business software package
• 48500000 - Communication and multimedia software package

Other Information

** PREVIEW NOTICE, please check Find a Tender for full details. ** This PIN is not a call for competition. NESO is not obliged to respond to any correspondence related to this notice. Direct or indirect canvassing of NESO (or any person connected with it) by any person concerning this notice, or any attempt to procure information outside of the defined process is discouraged and may (in certain circumstances) require the disqualification of the relevant person(s) from participation in any future competitive procurement process. All information provided by NESO in this PIN is at an early stage of development and is not intended by NESO to create any contract or other commitment and is not intended by NESO to be otherwise relied on by any person to any extent. NESO shall have no liability for any losses incurred by any person as a result any such reliance. You must be registered against all Achilles UVDB code: 2.1.23-Cyber security consulting or services.to be invited to the Pre-Qualification Stage, In this PIN all reference to a contract notice should be read as referring to an advertisement on Achilles UVDB and not a find a tender contract notice. You must be registered against all Achilles UVDB codes to be invited to the Pre-Qualification Stage. The required level is UVDB Silver Plus. You can also reach out to Desta Wheeler desta.wheeler@achilles.com who can support any issues with completion of your registration process on Achilles UVDB ahead of the qualification event commencing in April: provided that it is the sole responsibility of each interested supplier to ensure that it is properly registered on Achilles UVDB Silver Plus on time and NESO accepts no responsibility for any failure to register on time regardless of the reasons for that.